Secure WWW Transactions using standard HTTP and Java applets

F. Bergadano¹, B. Crispo² and M. Eccettuato¹

¹ Università di Torino, Italy
² University of Cambridge, UK

Abstract

The explosive growth in information that becomes available through the Web has led to the development of new applications. Some of those applications, such as electronic commerce or teleworking, are particularly critical because they require secure communications between clients and servers. For those applications, WWW transactions must offer security services such as authentication, secrecy, data integrity and non repudiation. In this paper we describe a framework based on Java applications and Java applets to secure HTTP transactions. We have implemented a system that allows users to perform all the encryption and authentication work outside the browser, by using applets and other locally installed software. Software is also installed on the WWW server and performs corresponding encryption and authentication procedures. All the software we use can be easily studied and analysed. Thus we do not need to use obscurity in our solution. Moreover users can eventually integrate their own modules to perform the cryptographic operations without affecting the validity of our approach. Our solution enforces strong security without requiring modifications in the existing HTTP protocol or in the available commercial browsers. Any browser supporting Java may be used.



Here the full paper in poscript format.

This paper has been published in the Proceedings of the "3rd USENIX Workshop on Electronic Commerce", August 31 - September 3, 1998, Boston, Massachusetts, USA. ISBN 1-880446-97-9 pp. 109-119, USENIX Association.