R
Rolf Oppliger
Researcher at University of Bern
Publications - 22
Citations - 407
Rolf Oppliger is an academic researcher from University of Bern. The author has contributed to research in topics: Transport Layer Security & Man-in-the-middle attack. The author has an hindex of 10, co-authored 21 publications receiving 398 citations. Previous affiliations of Rolf Oppliger include International Computer Science Institute.
Papers
More filters
Journal ArticleDOI
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle
TL;DR: This paper argues that most deployed user authentication mechanisms fail to provide protection against man-in-the-middle attacks, even when they run on top of SSL/TLS, and introduces the notion of SSL-TLS session-aware user authentication, and presents different possibilities for implementing it.
Patent
Distributed registration and key distribution system and method
Andres Albanese,Rolf Oppliger +1 more
TL;DR: In this paper, an online conference session management system includes computer sites associated with a conference session holder, a plurality of service providers and a pluralityof conference session participants, and each service provider is provided with an active participant registration certificate that gives the service provider the authority to register participants of the specified conference session.
Journal ArticleDOI
SSL/TLS Session-Aware User Authentication
TL;DR: Overall, transport layer security with session-aware user authentication offers a promising approach to solving man-in-the-middle attack problems by leveraging the legacy authentication mechanisms and systems that the general public has become accustomed to using.
Book ChapterDOI
Effective protection against phishing and web spoofing
Rolf Oppliger,Sebastian Gajek +1 more
TL;DR: This paper summarizes, discusses, and evaluates the effectiveness of cryptographic security protocols against (large-scale) phishing and Web spoofing attacks, and concludes that they do not provide a complete solution to tackle the attacks.
Journal ArticleDOI
SSL/TLS session-aware user authentication revisited
TL;DR: A number of extensions of the basic idea of SSL/TLS session-aware user authentication are presented, which include multi-institution tokens, possibilities for changing the PIN, and different ways of making several popular and widely deployed user authentication systems SSL-TLSsession-aware.