Analyzing proposals for improving authentication on the TLS-/SSL-protected Web
详细信息 查看全文
- 作者:Christopher W. Brown ; Michael Jenkins
- 关键词:Web security ; Authentication ; TLS ; HTTPS ; Certificates
- 刊名:International Journal of Information Security
- 出版年:2016
- 出版时间:November 2016
- 年:2016
- 卷:15
- 期:6
- 页码:621-635
- 全文大小:5,124 KB
- 刊物类别:Computer Science
- 刊物主题:Data Encryption
Computer Communication Networks
Operating Systems
Coding and Information Theory
Management of Computing and Information Systems
Communications Engineering and Networks - 出版者:Springer Berlin / Heidelberg
- ISSN:1615-5270
- 卷排序:15
文摘
“Secure” Web browsing with HTTPS uses TLS/SSL and X.509 certificates to provide authenticated, confidential communication between Web clients and Web servers. The authentication component of the system has a variety of weaknesses, which have led to a variety of proposals for improving the current environment. In this paper, we survey, analyze, compare and contrast five prominent proposals. To do this, we attempt to systematically capture the properties one might require of such a system: authentication properties, forensics/privacy properties, usability properties and pragmatic properties. Enumerating these properties is an important part of understanding these proposals and the nature of the authentication problem for the secure Web. Finally, we offer a few conclusions and suggestions pertaining to these proposals and possible future directions of research.