Abstract :
In general, e-commerce sites utilize SSL to ward off the authorized detection and decoding of confidential data over a network. In most cases, the communication between Web browser and e-commerce Web server uses HTTPS protocol. However, the communication often induces some drawbacks, simply denoted by hole. This, in addition, furnishes an opportunity for a hacker to manipulate the data, i.e. decoding the data, using SSL-MITM (SSL Man in the Middle) technique. According to the trials in an experiment with auditor security collection, the results illustrate a hacker and a victim who are on the same local area network; the hacker could be able to decode confidential data (password or credit card number) with the possibility of more than 50 %. This paper presents 3 different methodologies to prevent the decoding using SSL-MITM on the confidential data which normally traverses over e-commerce Web sites. In addition, the evaluation of 3 schemes is conducted to show the degrees of efficiency of the techniques. Furthermore, this information can be preliminarily utilized as a factor to increase the security of e-commerce website.
Keywords :
Internet; Web sites; authorisation; computer crime; data privacy; decoding; electronic commerce; telecommunication security; transport protocols; HTTPS protocol hacking protection; SSL-MITM technique; Web browser; Web server; auditor security collection; authorized detection; confidential data decoding; e-commerce Web site security; local area network; Computer crime; Computer hacking; Credit cards; Data security; Decoding; Information security; Local area networks; Protection; Protocols; Web server;
Conference_Titel :
Advanced Information Networking and Applications Workshops, 2007, AINAW '07. 21st International Conference on
