Secure inspection of web transactions

Mika Rautila, Jani Suomalainen

    Research output: Contribution to journalArticleScientificpeer-review

    4 Citations (Scopus)

    Abstract

    Web transactions are vulnerable for attacks where malicious software has infected a browser or where a root certifier has been compromised. As a countermeasure, we intercept HTTPS traffic in order to authorise certifiers as well as to inspect, verify and complement transactions securely. The interception and inspection is done in a trusted device, outside potentially compromised PC and browser. We propose a novel and flexible mechanism for controlling interception dynamically with directives embedded into HTML documents. We limit the authority of root certifiers over critical services with site-specific certification rules. We propose different models for realising the interceptor concept. The feasibility of the proposals is demonstrated by implementing and deploying interception into a USB gadget and a mobile phone.
    Original languageEnglish
    Pages (from-to)253-271
    JournalInternational Journal of Internet Technology and Secured Transactions
    Volume4
    Issue number4
    DOIs
    Publication statusPublished - 2012
    MoE publication typeA1 Journal article-refereed

    Keywords

    • WWW
    • internet
    • secure transactions
    • banking
    • authentication
    • weak certification
    • interceptor
    • man-in-the-browser
    • web transactions
    • transaction security
    • HTTPS traffic interception
    • interception control
    • embedded systems
    • HTML documents
    • root certifiers
    • malware
    • USB devices
    • mobile phones
    • cell phones
    • financial transactions

    Fingerprint

    Dive into the research topics of 'Secure inspection of web transactions'. Together they form a unique fingerprint.

    Cite this