Title :
TLS client handshake with a payment card
Author_Institution :
Inf. Security Group, Univ. of London, London, UK
Abstract :
Transport Layer Security (TLS) is the de facto standard for preventing eavesdropping, tampering or message forgery of higher-risk Internet communications, for example when making a payment. At heart TLS is a stateful cryptographic protocol built around a public key infrastructure (PKI). However TLS is configurable; at one extreme it provides little protection and at the other end of the scale it provides protection against most threats to an Internet communication. In practice the ldquoIrdquo part of PKI is often not available at the client end so only the server end is authenticated. In this paper an optional TLS extension is proposed that dispenses with the need for the client to be registered with a PKI registration authority and instead uses a payment card to authenticate the user. This facilitates wider use of the available TLS services and can provide additional security services: enhanced privacy and certain non-repudiation services, for example.
Keywords :
Internet; client-server systems; cryptographic protocols; financial data processing; message authentication; public key cryptography; Internet communication; TLS client handshake; cryptographic protocol; payment card; public key infrastructure; transport layer security; user authentication; Communication standards; Cryptographic protocols; Forgery; Heart; Internet; Privacy; Protection; Public key; Security; Web server;
Conference_Titel :
Parallel & Distributed Processing, 2009. IPDPS 2009. IEEE International Symposium on
Conference_Location :
Rome
Print_ISBN :
978-1-4244-3751-1
Electronic_ISBN :
1530-2075
DOI :
10.1109/IPDPS.2009.5161241
