| Autor: |
Razumov Pavel, Cherckesova Larissa, Revyakina Elena, Morozov Sergey, Medvedev Dmitry, Lobodenko Andrei |
| Jazyk: |
English<br />French |
| Rok vydání: |
2023 |
| Předmět: |
|
| Zdroj: |
E3S Web of Conferences, Vol 402, p 03028 (2023) |
| Druh dokumentu: |
article |
| ISSN: |
2267-1242 |
| DOI: |
10.1051/e3sconf/202340203028 |
| Popis: |
SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications are designed to provide authentication based on a public key certificate, as well as generating a secure session key and traffic privacy based on a symmetric key. Today, a large number of e-commerce applications such as stock trading, banking, shopping and gaming rely on the robustness of the SSL/TLS protocol. Recently, a potential threat known as a Man-in-the-Middle or main-in-the-middle (MITM) attack has been used by attackers to attack SSL/TLS-enabled web applications, especially when users want to connect to an SSL/TLS-enabled web server. SSL/TLS. The current article discusses the Man-in-the-Middle attack threat for SSL/TLS-enabled web applications. The existing solution space for countering a MITM attack on SSL/TLS-enabled applications is also considered, and an effective solution is proposed that can resist a MITM attack on SSL/TLS-enabled applications. The proposed solution uses a soft token approach for user authentication in addition to SSL/TLS security features. The proposed solution is claimed to be safe, effective and user-friendly compared to similar approaches. |
| Databáze: |
Directory of Open Access Journals |
| Externí odkaz: |
|
