A Proof of Concept Implementation of SSL/TLS Session-Aware User Authentication (TLS-SA)

  • Rolf Oppliger
  • Ralf Hauser
  • David Basin
  • Aldo Rodenhaeuser
  • Bruno Kaiser
Part of the Informatik aktuell book series (INFORMAT)


Most SSL/TLS-based e-commerce applications employ conventional mechanisms for user authentication. These mechanisms—if decoupled from SSL/TLS session establishment—are vulnerable to man-in-the-middle (MITM) attacks. In this paper, we elaborate on the feasibility of MITM attacks, survey countermeasures, introduce the notion of SSL/TLS session-aware user authentication (TLS-SA), and present a proof of concept implementation of TLS-SA. We think that TLS-SA fills a gap between the use of public key certificates on the client side and currently deployed user authentication mechanisms. Most importantly, it allows for the continued use of legacy two-factor authentication devices while still providing high levels of protection against MITM attacks.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dierks T, Allen C: The TLS Protocol Version 1.0. RFC 2246, 1999.Google Scholar
  2. 2.
    Lopez J, Oppliger R, Pernul G: Why Have Public Key Infrastructures Failed so far? Internet Research, 15(5):544–556, 2005.CrossRefGoogle Scholar
  3. 3.
    Mitchell J, Shmatikov V, Stern U: Finite-State Analysis of SSL 3.0. USENIX Security Symposium, 201–216, 1998.Google Scholar
  4. 4.
    Paulson LC: Inductive Analysis of the Internet Protocol TLS. ACM Trans. on Computer and System Security, 2(3):332–351, 1999.CrossRefGoogle Scholar
  5. 5.
    Bleichenbacher D: Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1. CRYPTO, 1–42, 1998.Google Scholar
  6. 6.
    Manger J: A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS#1 v2.0. CRYPTO, 230–238, 2001.Google Scholar
  7. 7.
    Vaudenay S: Security Flaws Induced by CBC Padding—Applications to SSL, IPSEC, WTLS... EUROCRYPT, 534–545, 2002.Google Scholar
  8. 8.
    Anderson RJ: Why Cryptosystems Fail. Communications of the ACM, 37(11):32–40, 1994.CrossRefGoogle Scholar
  9. 9.
    Burkholder P: SSL Man-in-the-Middle Attacks. SANS Reading Room, 2002.Google Scholar
  10. 10.
    Oppliger R, Gajek S: Effective Protection Against Phishing and Web Spoofing. CMS, 32–41, 2005.Google Scholar
  11. 11.
    Desmedt Y, Goutier C, Bengio S: Special uses and abuses of the Fiat-Shamir passport protocol. CRYPTO, 16–20, 1987.Google Scholar
  12. 12.
    Fiat A, Shamir A: How To Prove Yourself: Practical Solutions to Identification and Signature Problems. CRYPTO, 186–194, 1986.Google Scholar
  13. 13.
    Cramer R, Damgård I: Fast and Secure Immunization Against Adaptive Man-in-the-Middle Impersonation. EUROCRYPT, 75–87, 1997.Google Scholar
  14. 14.
    Eronen P, Tschofenig H (Eds.): Pre-Shared Key Ciphersuites for Transport Layer Security (TLS). RFC 4279, 2005.Google Scholar
  15. 15.
    Badra M, Hajjeh I: Key-Exchange Authentication Using Shared Secrets. IEEE Computer, 39(3):58–66, 2006.Google Scholar
  16. 16.
    RSA Laboratories: OTP Methods for TLS. Draft 1, January 2006.Google Scholar
  17. 17.
    Steiner M., et al.: Secure Password-Based Cipher Suite for TLS. ACM Trans. Information and System Security, 4(2):134–157, 2001.CrossRefGoogle Scholar
  18. 18.
    Taylor D, et al: Using SRP for TLS Authentication. Work in progress, 2005.Google Scholar
  19. 19.
    Rivest RL, Shamir A: How to Expose an Eavesdropper. Communications of the ACM, 27(4):393–395, 1984.CrossRefGoogle Scholar
  20. 20.
    Bellovin SM, Merritt M: An Attack on the Interlock Protocol When Used for Authentication. IEEE Trans. on Information Theory, 40(1), 1994.Google Scholar
  21. 21.
    Jakobsson M, Myers S: Stealth Attacks and Delayed Password Disclosure. 2005.Google Scholar
  22. 22.
    Kaliski B, Nyström M: Authentication: Risk vs. Readiness, Challenges & Solutions. BITS Protecting the Core Forum, October 6, 2004.Google Scholar
  23. 23.
    Asokan N, Niemi V. Nyberg K: Man-in-the-Middle in Tunneled Authentication Protocols. International Workshop on Security Protocols, 15–24, 2003.Google Scholar
  24. 24.
    Parno B, Kuo C, Perrig A: Phoolproof Phishing Prevention. Financial Cryptography, 2006.Google Scholar
  25. 25.
    Alkassar A, Stüble C, Sadeghi AR: Secure Object Identification—or: Solving The Chess Grandmaster Problem. Workshop on New Security Paradigms. 77–85, 2003.Google Scholar
  26. 26.
    Oppliger R, Hauser R, Basin D: SSL/TLS Session-Aware User Authentication—Or How to Effectively Thwart the Man-in-the-Middle. Computer Communications, 29(12):2238–2246, 2006.CrossRefGoogle Scholar
  27. 27.
    Oppliger R, Hauser R, Basin D: Browser Enhancements to Support SSL/TLS Session-Aware User Authentication. W3C Workshop on Transparency and Usability of Web Authentication, 2006.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Rolf Oppliger
    • 1
  • Ralf Hauser
    • 2
  • David Basin
    • 3
  • Aldo Rodenhaeuser
    • 4
  • Bruno Kaiser
    • 4
  1. 1.eSECURITY TechnologiesGümligen
  2. 2.PrivaSphere AGZürich
  3. 3.Department of Computer ScienceETH ZurichZürich
  4. 4.AdNovum Informatik AGZürich

Personalised recommendations