Integrating a Signature Module in SSL/TLS
نویسندگان
چکیده
SSL/TLS is currently the most deployed security protocol on the Internet. SSL/TLS provides end-to-end secure communications between two entities with authentication and data protection. However, what is missing from the protocol is a way to provide the non-repudiation service. In this paper, we describe a generic implementation of the non-repudiation service as an optional module in the SSL/TLS protocol. This approach provides both parties with evidence that the transaction has taken place and a clear separation with application design and development. We discuss the motivation for our approach and our proposed
منابع مشابه
The Design and Implementation of Protocol-Based Hidden Key Recovery
We show how to add key recovery to existing security protocols such as SSL/TLS and SSH without changing the protocol. Our key recovery designs possess the following novel features: (1) The Key recovery channels are “unfilterable” — the key recovery channels cannot be removed without also breaking correct operation of the protocol. (2) Protocol implementations containing our key recovery designs...
متن کاملIntegrating Quantum Cryptography into Ssl
It is well believed now that there are many advantages of integrating quantum cryptography (QC) with the already-existing Internet security infrastructure. SSL/TLS is the protocol that is used for the vast majority of secure transactions over the Internet. However, this protocol needs to be extended in order to create a promising platform for the integration of QC into the Internet infrastructu...
متن کاملA Proof of concept Implementation of SSL/TLS Session-Aware User Authentication
Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, such as Internet banking. SSL/TLS session-aware user authentication can be used to mitigate the risks and to protect users against MITM attacks in an SSL/TLS setting. In this paper, we further delve into SSL/TLS session-aware user authentication and possibilities to implement it. More specifically, ...
متن کاملSSL/TLS session-aware user authentication revisited
Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, and there are only a few technologies available to mitigate the risks. In [OHB05], we introduced the notion of SSL/TLS session-aware user authentication to protect SSL/TLSbased e-commerce applications against MITM attacks, and we proposed an implementation based on impersonal authentication tokens. ...
متن کاملHTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting
The encryption of network traffic complicates legitimate network monitoring, traffic analysis, and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. Our experiment shows that it is possible to estimate the User-Agent of a client in HTTPS communication via the analysis of the SSL/TLS handshak...
متن کامل