Secure Auditing for SSL Transactions
نویسندگان
چکیده
Although SSL is certainly the dominant security protocol in use for electronic transactions, it has no real provision for dispute resolution. Digital signatures, the traditional approach to this problem, have seen little deployment, largely due to the lack of of ubiquitous client-side PKI and the need to modify both client and server software to add signature capability. This paper describes an alternate approach without these drawbacks. We use a novel combination of passive session recording, secure hardware and playback to pro vide third-party auditing capability for SSL transactions without changes to the applications on either side.
منابع مشابه
Architectural Impact of Secure Socket Layer on
Secure socket layer (SSL) is the most popular protocol used in the Internet for facilitating secure communications. In this paper, we analyze the performance and architectural impact of SSL on the servers in terms of various parameters such as throughput, utilization, cache sizes, cache miss ratios, number of processors, control dependencies, le access sizes, bus transactions, network load, etc...
متن کاملPerformance Impact of Using SSL on Dynamic Web Applications
Resumen— Security requirements are becoming common on current Internet transactions. HTTPS connections are frequently used by application servers in order to host secure transactions. HTTPS connections are based on HTTP protocol over SSL connections, to provide authentication, confidentiality and integrity, using symmetric and asymmetric cryptographic algorithms (using private or public key). B...
متن کاملTitle of the Paper
⎯ Business-to-Business and Business-to-Customer transactions in Internet require secure communication, especially for web applications. The Secure Socket Layer (SSL) protocol is one of the most viable solutions to provide the required level of confidentiality, message integrity and endpoint authentication. The two main alternatives for providing SSL security are the endto-end and the accelerate...
متن کاملTransport Layer Security: How Much Does It Really Cost?
The last couple of years has seen a growing momentum towards using the Internet for conducting business. One of the key enablers for business applications is the ability to setup secure channels across the internet. The Secure Sockets Layer (SSL) protocol provides this capability and it is the most widely used transport layer security protocol. In this paper we investigate the performance of SS...
متن کاملVisual Spoofing of SSL Protected Web Sites and Effective Countermeasures
Today the standard means for secure transactions in the World Wide Web (WWW) are the SSL/TLS protocols, which provide secure (i.e., private and authentic) channels between browsers and servers. As protocols SSL/TLS are considered secure. However, SSL/TLS’s protection ends at the “transport/session layer” and it is up to the application (here web browsers) to preserve the security offered by SSL...
متن کامل