On the security of SSL/TLS-enabled applications

Abstract

SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide�public key certificate�based�authentication, secure�session key establishment, and symmetric key based traffic confidentiality. A large number of electronic�commerce applications, such as stock trading, banking, shopping, and gaming rely on the security strength of the SSL/TLS protocol. In recent times, a potential threat, known as main-in-the-middle (MITM) attack, has been exploited by attackers of SSL/TLS-enabled web applications, particularly when naive users want to connect to an SSL/TLS-enabled web server. In this paper, we discuss about the MITM threat to SSL/TLS-enabled web applications. We review the existing space of solutions to counter the MITM attack on SSL/TLS-enabled applications, and then, we provide an effective solution which can resist the MITM attack on SSL/TLS-enabled applications. The proposed solution uses a soft-token based approach for�user authentication�on top of the SSL/TLS�s security features. We show that the proposed solution is secure, efficient and user friendly in comparison to other similar approaches.