How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Communications of the ACM
Inductive analysis of the Internet protocol TLS
ACM Transactions on Information and System Security (TISSEC)
Communications of the ACM
Password authentication with insecure communication
Communications of the ACM
Secure password-based cipher suite for TLS
ACM Transactions on Information and System Security (TISSEC)
Security Technologies for the World Wide Web
Security Technologies for the World Wide Web
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ...
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Proceedings of the 11th USENIX Security Symposium
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Authentication Method with Impersonal Token Cards
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Secure object identification: or: solving the Chess Grandmaster Problem
Proceedings of the 2003 workshop on New security paradigms
Contemporary Cryptography (Artech House Computer Security Library)
Contemporary Cryptography (Artech House Computer Security Library)
Does Trusted Computing Remedy Computer Security Problems?
IEEE Security and Privacy
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Analysis of the SSL 3.0 protocol
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Finite-state analysis of SSL 3.0
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle
Computer Communications
Fast and secure immunization against adaptive man-in-the-middle impersonation
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Effective protection against phishing and web spoofing
CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
An attack on the Interlock Protocol when used for authentication
IEEE Transactions on Information Theory
Tracing back attacks against encrypted protocols
IWCMC '07 Proceedings of the 2007 international conference on Wireless communications and mobile computing
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle
Computer Communications
DepenDNS: Dependable Mechanism against DNS Cache Poisoning
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
A novel algorithm to prevent man in the middle attack in LAN environment
SpringSim '10 Proceedings of the 2010 Spring Simulation Multiconference
DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis
IEEE/ACM Transactions on Networking (TON)
Provably secure and efficient identification and key agreement protocol with user anonymity
Journal of Computer and System Sciences
SSL/TLS session-aware user authentication using a GAA bootstrapped key
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Origin-bound certificates: a fresh approach to strong client authentication for the web
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Strengthening user authentication through opportunistic cryptographic identity assertions
Proceedings of the 2012 ACM conference on Computer and communications security
On the robustness of applications based on the SSL and TLS security protocols
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Content-based control of HTTPs mail for implementation of IT-convergence security environment
Journal of Intelligent Manufacturing
| Hi-index | 0.24 |
Man-in-the-middle attacks pose a serious threat to SSL/TLS-based electronic commerce applications, such as Internet banking. In this paper, we argue that most deployed user authentication mechanisms fail to provide protection against this type of attack, even when they run on top of SSL/TLS. As a possible countermeasure, we introduce the notion of SSL/TLS session-aware user authentication, and present different possibilities for implementing it. We start with a basic implementation that employs impersonal authentication tokens. Afterwards, we address extensions and enhancements and discuss possibilities for implementing SSL/TLS session-aware user authentication in software.