On compromising password-based authentication over HTTPS

Proceedings - International Conference on Advanced Information Networking and Applications, AINA

Volumn 1, Issue , 2006, Pages 869-874

  Saito, Takamichi ^a   Hatsugai, Ryosuke ^a   Kito, Toshiyuki ^b  

^a MEIJI UNIVERSITY   (Japan)

^b TOSHIBA CORPORATION   (Japan)

Author keywords

[No Author keywords available]

Indexed keywords

CLIENT SERVER COMPUTER SYSTEMS; INTERNET; NETWORK PROTOCOLS; PUBLIC KEY CRYPTOGRAPHY; SECURITY OF DATA;

BASIC AUTHENTICATION; PASSWORD; SECURE SOCKET LAYER (SLL); SERVER AUTHENTICATION;

HTTP;

EID: 33751089103     PISSN: 1550445X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/AINA.2006.244     Document Type: Conference Paper

References (14)

1. A.Freier, P.Kocher, and P.Kaltorn, The SSL Protocol Version 3.0 draft, March 1996, http://home.netscape.com/eng/ss13/draft302.txt
2. T.Dierks and C.Allen, The TLS Protocol Version 1.0, January 1999, http://www.ietf.org/rfc/rfc2246.txt
3. R. Housley, W. Ford, W. Polk, and D. Solo, Internet X.509 Public, Key Infrastructure Certificate and CRL Profile, January 1999, http://www.ietf.org/ rfc/rfc2459.txt
4. J.Franks, P.Hallam-Baker, J.Hostetler, S.Lawrence, P.Leach, A. Luotonen, and L.Stewart, HTTP Authentication: Basic and Digest Access Authentication, RFC2617, June 1999.
5. Richard E. Smith, Authentication: From Passwords to Public Keys, Addison Wesley Professional.
6. http://www.apache.org/
7. http://www.modssl.org/
8. http://www.openssl.org/
9. http://ww.microsoft.com/
10. http://www.netscape.com/
11. http://www.opera.com/
12. http://support.microsoft.com/kb/833786/en-us
13. Microsoft IE SSL Spoofing Vulnerability, http://www.securityfocus.com/ bid/2737/discussion/
14. Netscape Communicator Inconsistent SSL Certificate Warning Vulnerability, http://www.securityfocus.com/bid/1260/discussion/