Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Analyzing proposals for improving authentication on the TLS-/SSL-protected Web
Brown C., Jenkins M. International Journal of Information Security15 (6):621-635,2016.Type:Article
Date Reviewed: Feb 27 2017

Information and data flowing on the Internet are increasing by the day, and so is their importance. While standard protocols can still be appropriate for the casual browsing of the Web, they are absolutely inadequate when processing sensitive data; some tougher protocol is needed, in this case to inspire confidence and trust in users. Currently, the most used secure protocol is transport layer security/secure sockets layer (TLS/SSL), which has already been breached on several occasions. This paper analyzes five new protocols (called proposals) as an alternative to TLS/SSL and compares them in an unconventional and very easy-to-understand way. The five proposals examined are called: domain name system (DNS)-based authentication of named entities (DANE), certificate transparency, hypertext transfer protocol (HTTP) pinning, trust assertions for certificate keys (TACK), and perspective. All of them are evaluated with regard to some properties, which fall in four broad areas: authentication, regarding not only the identity of the connected server but also the source of authorization for that connection; forensics and privacy, or third parties not being able to tamper with the connection and, in case of tampering, the ability for the legitimate user to reconstruct the chain of events; usability, meaning not only ease of use but also the number of false positives and negatives detected; and pragmatic, or how some real-world implementations of these proposals could impact the existing ICT infrastructure of the user.

The paper itself is divided into three parts: the first gives a detailed list of actual properties for each of the areas outlined above; the second describes the five proposals in broad terms and evaluates them against all of the properties previously defined; and the third is a high-level summary of each proposal with its strengths and weaknesses as well as a pointer to future directions in this research field. The most interesting concept of this paper is undoubtedly the evaluation method: results are given in terms of little gauges qualitatively evaluating, for each proposal, adherence to each one of the defined properties. This criterion, even if qualitative only, makes a very immediate evaluation procedure: its strength lies in the at-a-glance comparison of all proposals against all properties at the same time; in this respect, a final synoptic table of all the gauges would have been even more innovative. In any case, even if the reader is familiar with secure data exchange, this paper could be an immediate help in the selection of a secure protocol, even one not included among those presented here, because it lists desirable properties and explains how to compare them.

Reviewer:  Andrea Paramithiotti Review #: CR145082 (1705-0323)
Bookmark and Share
  Featured Reviewer  
 
Authentication (K.6.5 ... )
 
 
Authentication (D.4.6 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Authentication": Date
Cyberpunk
Hafner K., Markoff J., Simon & Schuster, Inc., New York, NY, 1991. Type: Book (9780671778798)
Nov 1 1993
How to sign digital streams
Gennaro R., Rohatgi P. Information and Computation 165(1): 100-116, 2001. Type: Article
Dec 1 2001
Signature schemes based on the strong RSA assumption
Cramer R., Shoup V. ACM Transactions on Information and System Security 3(3): 161-185, 2000. Type: Article
Mar 1 2001
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy