Total views : 213

Secure Framework to Mitigate Man-in-the-Middle Attack over SSL Protocol

Affiliations

  • Computer Science and Engineering, KL University, Vaddesewaram – 520002, Andhra Pradesh, India
  • Department of CSE, Andhra Loyola Institute of Engineering and Technology, Vijayawada -520 008, India

Abstract


Background/Objectives: Technology has driven the conventional shopping from shop to internet based application tools like PCs, Laptops and smartphones and it is termed as E-Commerce, in which security plays a vital role since it deals with financial transactions. SSL/TLS is responsible for providing security to the application data on both client and server side. Method: An overview on E-Commerce security requirements, SLL layer protocol and security analysis of the protocol is conducted. Findings: Since E-Commerce services are very important, due to lack of efficient cryptographic encryption techniques, PKI infrastructure and digital signature deployment intruders are intercepting sensitive and valuable information of clients. So we conducted a survey on different attacks on SSL layer of E-Commerce applications and find that Man in the Middle (MitM) attack like phishing attack became a severe attack. Improvements: We propose a frame work to mitigate the MitM in SSL protocol which has there modules like front end authentication, backend authentication and bogus CA identification is proposed. Due to dual end authentication its secure compared to traditional SSL. In our future work we implement our proposed framework.

Keywords

E-commerce Security, Man in the Middle (MitM), Public Key Infrastructure (PKI), Secure Socket Layer (SSL), Transport Layer Security (TLS).

Full Text:

 |  (PDF views: 243)

References


  • Gangan G , Subodh S .A review of man-in-the-middle attacks.2015.p.1–12.
  • Ismaili E, Houssam H , Houmani H, Madroumi H.A Secure Electronic Payment Protocol Design and Implementation. International Journal of Computer Science and Network Security (IJCSNS) 2015;15(5): 76.
  • Oppliger R . Certification Authorities Under Attack: A Plea for Certificate Legitimation in IEEE Internet Computing. 2014; 18(1):40–7.
  • Meyer C, SomorovskyJ, Weiss E, Schwenk J, Schinzel S, TewsE. Revisiting SSL/TLS implementations: New bleichenbacher side channels and attacks.In 23rd USENIX Security Symposium (USENIX Security2014;14:p.733–748.
  • DasM L,Samdaria N.On the security of SSL/TLS-enabled applications. Applied Computing and Informatics, 2014; 10(1):68–81.
  • Shaik S , Kareemullah K,Hussain M D A . A Study on Network Layer Attacks on MANET Routing ProtocolsNational Conference on Wireless Communications & Sensor Networks. 2014.
  • GujrathiS.Heartbleed bug: Anopenssl heartbeat vulnerability.International Journal of Computer Science and Engineer Science and Engineering.2014; 2(5):61–4.
  • Möller B, Duong T, Kotowicz K. This POODLE bites: exploiting the SSL 3.0 fallback. PDF online.2014.p.1–4.
  • AppeltD, Nguyen CD, BriandLC , Alshahwan N.Automated testing for SQL injection vulnerabilities: an input mutation approach. In Proceedings of the International Symposium on Software Testing and Analysis ACM.2014.p.259–69.
  • Huang L S, Rice A, EllingsenE , Jackson C. Analyzing forged ssl certificates in the wild. In IEEE Symposium on Security and Privacy IEEE.2014. p.83–97.
  • Bhardwaj, Akashdeep et al. Design a Resilient Network Infrastructure Security Policy Framework. Indian Journal of Science and Technology.2016;9(19): 1–8.
  • Magesh S, Nimala K, Meeran A R N. Authentication framework for military applications employing wireless sensor networks and private cloud. Indian Journal of Science and Technology. 2016;9(21):1–6.

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.