Ensuring the security of web applications operating on the basis of the SSL/TLS protocol

Pavel Razumov; Larissa Cherckesova; Elena Revyakina; Sergey Morozov; Dmitry Medvedev; Andrei Lobodenko

doi:10.1051/e3sconf/202340203028

All issues

Volume 402 (2023)

E3S Web of Conf., 402 (2023) 03028

Abstract

Open Access

Issue		E3S Web of Conf. Volume 402, 2023 International Scientific Siberian Transport Forum - TransSiberia 2023


Article Number		03028
Number of page(s)		11
Section		Mathematical Modeling, IT, Industrial IoT, AI, and ML
DOI		https://doi.org/10.1051/e3sconf/202340203028
Published online		19 July 2023

E3S Web of Conferences 402, 03028 (2023)

Ensuring the security of web applications operating on the basis of the SSL/TLS protocol

Pavel Razumov¹, Larissa Cherckesova¹, Elena Revyakina¹^*, Sergey Morozov², Dmitry Medvedev² and Andrei Lobodenko²

¹ Don State Technical University, 344002 Rostov-on-Don, Russia
² Institute of Service and Entrepreneurship (branch) DSTU, 346500 Shakhty, Rostov region, Russia

^* Corresponding author: revyelena@yandex.ru

Abstract

SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications are designed to provide authentication based on a public key certificate, as well as generating a secure session key and traffic privacy based on a symmetric key. Today, a large number of e-commerce applications such as stock trading, banking, shopping and gaming rely on the robustness of the SSL/TLS protocol. Recently, a potential threat known as a Man-in-the-Middle or main-in-the-middle (MITM) attack has been used by attackers to attack SSL/TLS-enabled web applications, especially when users want to connect to an SSL/TLS-enabled web server. SSL/TLS. The current article discusses the Man-in-the-Middle attack threat for SSL/TLS-enabled web applications. The existing solution space for countering a MITM attack on SSL/TLS-enabled applications is also considered, and an effective solution is proposed that can resist a MITM attack on SSL/TLS-enabled applications. The proposed solution uses a soft token approach for user authentication in addition to SSL/TLS security features. The proposed solution is claimed to be safe, effective and user-friendly compared to similar approaches.

This is an Open Access article distributed under the terms of the Creative Commons Attribution License 4.0, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.

Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.

Initial download of the metrics may take a while.