| The users can satisfy the requirements of e-commerce and social entertainment by connecting their mobile devices to public WiFis.TLS is widely used to provide secure communication and encryption transmission for such sensitive online transactions involving e-commerce and social applications.However,lack of strict identification and trustworthy mechanisms in wireless networks,TLS protocol is vulnerable to Man-inthe-Middle(MITM)attacks in public WiFis.Such attacks arise from the interception and the impersonation of MITM attackers.Cryptographically binding the two authentication procedures together in the establishment of TLS sessions,a TLS security-enhanced mechanism(TLSsem)is proposed to detect and defense MITM attacks in public WiFis.TLSsem deals with the TLS mutual authentication through combining pre-binding with certificate validation.Servers use RSA in pre-binding to generate identity credentials for users as pre-shared keys.Afterwards,the mutual authentication between clients and servers is achieved in certificate validation by using the identity credentials,and also the MITM attack is detected in the current public WiFi.In addition,an TLS shared service based on random port hopping is implemented to defense MITM attacks.It reallocates the reliable ports for data transmission against the interception by MITM attackers.The effectiveness of TLSsem is verified by a thorough set of experiments in the real network environment.Evaluation results show that our mechanism can significantly increase the security of TLS communication in public WiFis without introducing noticeable overload.Overall,this paper designs and implements a security-enhanced mechanism to the detection and defence against TLS MITM attacks in public WiFis.This mechanism realizes the mutual authentication between clients and servers,satisfies users' demand of network access in unreliable public WiFis,and provides a new security solution for TLS wireless communications in open environments. |
PDF Full Text Request