Indian Journal of Science and Technology

Open Access Open Access  Restricted Access Subscription Access

Secure Framework to Mitigate Man-in-the-Middle Attack over SSL Protocol


Affiliations
1 Computer Science and Engineering, KL University, Vaddesewaram – 520002, Andhra Pradesh, India
2 Department of CSE, Andhra Loyola Institute of Engineering and Technology, Vijayawada -520 008, India
 

Background/Objectives: Technology has driven the conventional shopping from shop to internet based application tools like PCs, Laptops and smartphones and it is termed as E-Commerce, in which security plays a vital role since it deals with financial transactions. SSL/TLS is responsible for providing security to the application data on both client and server side. Method: An overview on E-Commerce security requirements, SLL layer protocol and security analysis of the protocol is conducted. Findings: Since E-Commerce services are very important, due to lack of efficient cryptographic encryption techniques, PKI infrastructure and digital signature deployment intruders are intercepting sensitive and valuable information of clients. So we conducted a survey on different attacks on SSL layer of E-Commerce applications and find that Man in the Middle (MitM) attack like phishing attack became a severe attack. Improvements: We propose a frame work to mitigate the MitM in SSL protocol which has there modules like front end authentication, backend authentication and bogus CA identification is proposed. Due to dual end authentication its secure compared to traditional SSL. In our future work we implement our proposed framework.

Keywords

E-commerce Security, Man in the Middle (MitM), Public Key Infrastructure (PKI), Secure Socket Layer (SSL), Transport Layer Security (TLS).
User

Abstract Views: 191

PDF Views: 0




  • Secure Framework to Mitigate Man-in-the-Middle Attack over SSL Protocol

Abstract Views: 191  |  PDF Views: 0

Authors

Mohammad Arshad
Computer Science and Engineering, KL University, Vaddesewaram – 520002, Andhra Pradesh, India
Md. Ali Hussain
Department of CSE, Andhra Loyola Institute of Engineering and Technology, Vijayawada -520 008, India

Abstract


Background/Objectives: Technology has driven the conventional shopping from shop to internet based application tools like PCs, Laptops and smartphones and it is termed as E-Commerce, in which security plays a vital role since it deals with financial transactions. SSL/TLS is responsible for providing security to the application data on both client and server side. Method: An overview on E-Commerce security requirements, SLL layer protocol and security analysis of the protocol is conducted. Findings: Since E-Commerce services are very important, due to lack of efficient cryptographic encryption techniques, PKI infrastructure and digital signature deployment intruders are intercepting sensitive and valuable information of clients. So we conducted a survey on different attacks on SSL layer of E-Commerce applications and find that Man in the Middle (MitM) attack like phishing attack became a severe attack. Improvements: We propose a frame work to mitigate the MitM in SSL protocol which has there modules like front end authentication, backend authentication and bogus CA identification is proposed. Due to dual end authentication its secure compared to traditional SSL. In our future work we implement our proposed framework.

Keywords


E-commerce Security, Man in the Middle (MitM), Public Key Infrastructure (PKI), Secure Socket Layer (SSL), Transport Layer Security (TLS).



DOI: https://doi.org/10.17485/ijst%2F2016%2Fv9i47%2F136000