Man-in-the-middle attacks pose a serious threat to SSL/TLS-based electronic commerce applications, such as Internet banking. In this paper, we argue that most deployed user authentication mechanisms fail to provide protection against this type of attack, even when they run on top of SSL/TLS. As a possible countermeasure, we introduce the notion of SSL/TLS… (More)
Although current mechanisms protect against offline credential-stealing attacks, effective protection against online channel-breaking attacks requires technologies to defeat man-in-the-middle (MITM) attacks, and practical protection against content-manipulation attacks requires transaction-authentication technologies.
T The emerging use of the TCP/IP communications protocol suite for internetworking has led to a global system of interconnected hosts and networks that is commonly referred to as the Internet. During the last decade, the Internet has experienced a triumphant advance. Projections based on its current rate of growth suggest there will be over one million… (More)
In this article, we argue that traditional approaches for authorization and access control in computer systems (i.e., discretionary, mandatory, and role-based access controls) are not appropriate to address the requirements of networked or distributed systems, and that proper authorization and access control requires infrastructural support in one way or… (More)
Even though email is an increasingly important application, the Internet doesn't yet provide a reliable messaging infrastructure. Thus, an email message's sender can never be certain - and doesn't receive any evidence -that his or her message was actually delivered to and received by its intended recipients. Furthermore, a recipient can always deny having… (More)