On Compromising Password-Based Authentication over HTTPS

Authors:
Takamichi SAITO;Ryosuke HATSUGAI;Toshiyuki KIT0
Affiliations:
Meiji University, JAPAN;Meiji University, JAPAN;Meiji University, JAPAN
Venue:
AINA '06 Proceedings of the 20th International Conference on Advanced Information Networking and Applications - Volume 01
Year:
2006

Citing 0
Cited 2

Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS)

Proceedings of the 2008 Spring simulation multiconference
Applying symmetric and asymmetric key algorithms for the security in wireless networks: proof of correctness

Proceedings of the 6th ACM workshop on QoS and security for wireless and mobile networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

SSL (Secure Socket Layer) is one of the security protocols to achieve secure communications over a TCP/IP network. SSL has two types of authentication modes, Server Authentication mode and Client Authentication mode. The former is popular and facile to utilize, while the latter is secure enough owing to mutual authentication. However, when it was required to identify a client or its user, Server Authentication mode can be utilized with Basic Authentication which is authentacation with password to achieve mutual authentication. In this paper, we discuss the compromising of authentication using the password-based authentication over SSL. And we show the countermeasures against the attaclcs.