Erich P. Stuntebeck, John S. Davis II, et al.
HotMobile 2008
SSL is the de facto standard today for securing end-to-end transport on the Internet. While the protocol itself seems rather secure, there are a number of risks that lurk in its use, for example, in web banking. However, the adoption of password-based key-exchange protocols can overcome some of these problems. We propose the integration of such a protocol (DH-EKE) in the TLS protocol, the standardization of SSL by IETF. The resulting protocol provides secure mutual authentication and key establishment over an insecure channel. It does not have to resort to a PKI or keys and certificates stored on the users computer. Additionally, its integration in TLS is as minimal and non-intrusive as possible. © 2001, ACM. All rights reserved.
Erich P. Stuntebeck, John S. Davis II, et al.
HotMobile 2008
Limin Hu
IEEE/ACM Transactions on Networking
Rolf Clauberg
IBM J. Res. Dev
M.J. Slattery, Joan L. Mitchell
IBM J. Res. Dev