A Proof of Concept Implementation of SSL/TLS Session-Aware User Authentication (TLS-SA)

  • Rolf Oppliger
  • Ralf Hauser
  • David Basin
  • Aldo Rodenhaeuser
  • Bruno Kaiser
Conference paper
Part of the Informatik aktuell book series (INFORMAT)

Abstract

Most SSL/TLS-based e-commerce applications employ conventional mechanisms for user authentication. These mechanisms—if decoupled from SSL/TLS session establishment—are vulnerable to man-in-the-middle (MITM) attacks. In this paper, we elaborate on the feasibility of MITM attacks, survey countermeasures, introduce the notion of SSL/TLS session-aware user authentication (TLS-SA), and present a proof of concept implementation of TLS-SA. We think that TLS-SA fills a gap between the use of public key certificates on the client side and currently deployed user authentication mechanisms. Most importantly, it allows for the continued use of legacy two-factor authentication devices while still providing high levels of protection against MITM attacks.

This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Dierks T, Allen C: The TLS Protocol Version 1.0. RFC 2246, 1999.Google Scholar
  2. 2.
    Lopez J, Oppliger R, Pernul G: Why Have Public Key Infrastructures Failed so far? Internet Research, 15(5):544–556, 2005.CrossRefGoogle Scholar
  3. 3.
    Mitchell J, Shmatikov V, Stern U: Finite-State Analysis of SSL 3.0. USENIX Security Symposium, 201–216, 1998.Google Scholar
  4. 4.
    Paulson LC: Inductive Analysis of the Internet Protocol TLS. ACM Trans. on Computer and System Security, 2(3):332–351, 1999.CrossRefGoogle Scholar
  5. 5.
    Bleichenbacher D: Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1. CRYPTO, 1–42, 1998.Google Scholar
  6. 6.
    Manger J: A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS#1 v2.0. CRYPTO, 230–238, 2001.Google Scholar
  7. 7.
    Vaudenay S: Security Flaws Induced by CBC Padding—Applications to SSL, IPSEC, WTLS... EUROCRYPT, 534–545, 2002.Google Scholar
  8. 8.
    Anderson RJ: Why Cryptosystems Fail. Communications of the ACM, 37(11):32–40, 1994.CrossRefGoogle Scholar
  9. 9.
    Burkholder P: SSL Man-in-the-Middle Attacks. SANS Reading Room, 2002.Google Scholar
  10. 10.
    Oppliger R, Gajek S: Effective Protection Against Phishing and Web Spoofing. CMS, 32–41, 2005.Google Scholar
  11. 11.
    Desmedt Y, Goutier C, Bengio S: Special uses and abuses of the Fiat-Shamir passport protocol. CRYPTO, 16–20, 1987.Google Scholar
  12. 12.
    Fiat A, Shamir A: How To Prove Yourself: Practical Solutions to Identification and Signature Problems. CRYPTO, 186–194, 1986.Google Scholar
  13. 13.
    Cramer R, Damgård I: Fast and Secure Immunization Against Adaptive Man-in-the-Middle Impersonation. EUROCRYPT, 75–87, 1997.Google Scholar
  14. 14.
    Eronen P, Tschofenig H (Eds.): Pre-Shared Key Ciphersuites for Transport Layer Security (TLS). RFC 4279, 2005.Google Scholar
  15. 15.
    Badra M, Hajjeh I: Key-Exchange Authentication Using Shared Secrets. IEEE Computer, 39(3):58–66, 2006.Google Scholar
  16. 16.
    RSA Laboratories: OTP Methods for TLS. Draft 1, January 2006.Google Scholar
  17. 17.
    Steiner M., et al.: Secure Password-Based Cipher Suite for TLS. ACM Trans. Information and System Security, 4(2):134–157, 2001.CrossRefGoogle Scholar
  18. 18.
    Taylor D, et al: Using SRP for TLS Authentication. Work in progress, 2005.Google Scholar
  19. 19.
    Rivest RL, Shamir A: How to Expose an Eavesdropper. Communications of the ACM, 27(4):393–395, 1984.CrossRefGoogle Scholar
  20. 20.
    Bellovin SM, Merritt M: An Attack on the Interlock Protocol When Used for Authentication. IEEE Trans. on Information Theory, 40(1), 1994.Google Scholar
  21. 21.
    Jakobsson M, Myers S: Stealth Attacks and Delayed Password Disclosure. 2005.Google Scholar
  22. 22.
    Kaliski B, Nyström M: Authentication: Risk vs. Readiness, Challenges & Solutions. BITS Protecting the Core Forum, October 6, 2004.Google Scholar
  23. 23.
    Asokan N, Niemi V. Nyberg K: Man-in-the-Middle in Tunneled Authentication Protocols. International Workshop on Security Protocols, 15–24, 2003.Google Scholar
  24. 24.
    Parno B, Kuo C, Perrig A: Phoolproof Phishing Prevention. Financial Cryptography, 2006.Google Scholar
  25. 25.
    Alkassar A, Stüble C, Sadeghi AR: Secure Object Identification—or: Solving The Chess Grandmaster Problem. Workshop on New Security Paradigms. 77–85, 2003.Google Scholar
  26. 26.
    Oppliger R, Hauser R, Basin D: SSL/TLS Session-Aware User Authentication—Or How to Effectively Thwart the Man-in-the-Middle. Computer Communications, 29(12):2238–2246, 2006.CrossRefGoogle Scholar
  27. 27.
    Oppliger R, Hauser R, Basin D: Browser Enhancements to Support SSL/TLS Session-Aware User Authentication. W3C Workshop on Transparency and Usability of Web Authentication, 2006.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Rolf Oppliger
    • 1
  • Ralf Hauser
    • 2
  • David Basin
    • 3
  • Aldo Rodenhaeuser
    • 4
  • Bruno Kaiser
    • 4
  1. 1.eSECURITY TechnologiesGümligen
  2. 2.PrivaSphere AGZürich
  3. 3.Department of Computer ScienceETH ZurichZürich
  4. 4.AdNovum Informatik AGZürich

Personalised recommendations