SSL/TLS session-aware user authentication against man-in-the-middle attacks
Rolf Oppliger,
eSECURITY Technologies Rolf Oppliger –
Abstract:
In spite of the fact that SSL/TLS is omnipresent in todays Internet commerce, it is highly vulnerable to man-in-the-middle (MITM) attacks. In this talk, we explain why this is the case and what possibilities one has at hand to protect SSL/TLS-secured Internet commerce against MITM attacks. In particular, we introduce, discuss, and put into perspective a technology called SSL/TLS session-aware (TLS-SA) user authentication that basically links a user authentication to a particular SSL/TLS session to reveal the existence of an MITM. The technology does not protect against malware taking control after user authentication (a so-called man-in-the-browser attack). So TLS-SA does not stop the general trend towards transaction authentication in addition to user authentication for applications with high security requirements, such as Internet banking.
Date: 2013-Apr-10 Time: 11:00:00 Room: 020
For more information:
Upcoming Events
Workshop “Metabolism and mathematical models: Two for a tango” – 2nd Edition
Title: Workshop Metabolism and mathematical models: Two for a tango – 2nd Edition
Dates: October 25-26, 2022
Location: This workshop will be held in a virtual way
The topic of this workshop is metabolism in general, with a special focus, although not exclusive, on parasitology. Besides an exploration of the biological, biochemical and biomedical aspects, the workshop will also aim at presenting some of the mathematical modelling, algorithmic theory and software development that have become crucial to explore such aspects.
This workshop is being organised in the context of two projects, both with the Inria European Team Erable. One of the projects involves a partnership with the University of São Paulo (USP), in São Paulo, Brazil, more specifically the Institute of Mathematics and Statistics (IME) and the Institute of Biomedical Sciences – Inria Associated Team Capoeira – and the other involves the Inesc-ID/IST in Portugal, ETH in Zürich and EMBL in Heidelberg – H2020 Twinning Project Olissipo.
The workshop is open to all members of these two projects but also, importantly, to the community in general.
The program and more details are available here.