Advanced SearchSearch Tips
Cookie-Based Identification of the Public Keys of TLS/SSL Certificates
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Cookie-Based Identification of the Public Keys of TLS/SSL Certificates
Park, Jun-Cheol;
  PDF(new window)
We propose a HTTP cookie-based identification of the public keys of Web sites for the case of failure to validate certificates. The proposed scheme effectively protects users from the phishing attacks of inducing them to access bogus sites. It incurs little performance overhead on the browser and the server of Web sites. It requires to implement the input processing of user credentials and the encryption and verification of cookie values, though.
TLS/SSL;cookie;public key;authentication;phishing;
 Cited by
D. Akhawe and A. Felt, "Alice in warningland: a large scale field study of browser security warning effectiveness," in Proc. USENIX Security, pp. 257-272, 2013.

C. Meyer and J. Schwenk, "SoK: lessons learned from SSL/TLS attacks," in Proc. WISA, pp. 189-209, Aug. 2014.

Y. Chen and Z. Su, "Guided differential testing of certificate validation in SSL/TLS implementations," in Proc. ESEC/FSE 2015, pp. 793-804, Aug.-Sept. 2015.

P. Szalachowski, S. Matsumoto, and A. Perrig, "PoliCert: secure and flexible TLS certificate management," in Proc. ACM CCS 2014, pp. 406-417, Nov. 2014.

S. Kim, J. Kang, and Y. Kim, "Countermeasures against phishing/pharming via portal site for general users," J. KICS, vol. 40, no. 6, pp. 1107-1113, Jun. 2015. crossref(new window)