Title :
On Compromising Password-Based Authentication over HTTPS
Author :
Saito, Takamichi ; Hatsugai, Ryosuke ; Kit, Toshiyuki
Author_Institution :
Meiji Univ., Tokyo
Abstract :
SSL (secure socket layer) is one of the security protocols to achieve secure communications over a TCP/IP network. SSL has two types of authentication modes, server authentication mode and client authentication mode. The former is popular and facile to utilize, while the latter is secure enough owing to mutual authentication. However, when it was required to identify a client or its user, server authentication mode can be utilized with basic authentication, which is authentication with password to achieve mutual authentication. In this paper, we discuss the compromising of authentication using the password-based authentication over SSL. And we show the counter-measures against the attacks
Keywords :
IP networks; hypermedia; message authentication; telecommunication security; transport protocols; HTTPS; SSL; TCP/IP network; client authentication mode; communication security; hyper text transfer protocol; password-based authentication; secure socket layer; security protocol; server authentication mode; transport control protocol; Authentication; Costs; DH-HEMTs; IP networks; Network servers; Protection; Sockets; TCPIP; Transport protocols; Web server;
Conference_Titel :
Advanced Information Networking and Applications, 2006. AINA 2006. 20th International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2466-4
DOI :
10.1109/AINA.2006.244
