VeriKey: A Dynamic Certificate Verification System for Public Key Exchanges
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
| Hi-index | 0.00 |
In general, E-Commerce sites utilize SSL to ward off the authorized detection and decoding of confidential data over a network. In most cases, the communication between Web Browser and E-Commerce Web Server is uses HTTPS protocol. However, the communication often induces some drawbacks, simply denoted by hole. This, in addition, furnishes an opportunity for a hacker to manipulate the data, i.e. decoding the data, using SSL-MITM (SSL Man in the Middle) technique. According to the trials in an experiment with Auditor Security Collection, the results illustrate a hacker and a victim who are on the same local area network; the hacker could be able to decode confidential data (password or credit card number) with the possibility of more than 50 %. This paper presents 3 different methodologies to prevent the decoding using SSL-MITM on the confidential data which normally traverses over e-commerce websites. In addition, the evaluation of 3 schemes is conducted to show the degrees of efficiency of the techniques. Furthermore, this information can be preliminarily utilized as a factor to increase the security of e-commerce website.