Authentication Binding between SSL/TLS and HTTP

Takamichi SAITO  Kiyomi SEKIGUCHI  Ryosuke HATSUGAI  

IEICE TRANSACTIONS on Information and Systems   Vol.E95-D   No.3   pp.797-803
Publication Date: 2012/03/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E95.D.797
Print ISSN: 0916-8532
Type of Manuscript: PAPER
Category: Information Network
web information systems,  web services,  security protocol,  authentication protocol,  SSL/TLS,  

Full Text: PDF(332.2KB)>>
Buy this Article

While the Secure Socket Layer or Transport Layer Security (SSL/TLS) is assumed to provide secure communications over the Internet, many web applications utilize basic or digest authentication of Hyper Text Transport Protocol (HTTP) over SSL/TLS. Namely, in the scheme, there are two different authentication schemes in a session. Since they are separated by a layer, these are not convenient for a web application. Moreover, the scheme may also cause problems in establishing secure communication. Then we provide a scheme of authentication binding between SSL/TLS and HTTP without modifying SSL/TLS protocols and its implementation, and we show the effectiveness of our proposed scheme.