Secure WWW Transactions using standard HTTP and Java applets
F. Bergadano¹, B. Crispo² and M. Eccettuato¹
¹ Università di Torino, Italy
² University of Cambridge, UK
The explosive growth in information that becomes available
through the Web has led
to the development of new applications. Some of those applications, such as
electronic commerce or teleworking, are particularly critical because
they require secure communications between clients and servers.
For those applications, WWW transactions must offer security
services such as
authentication, secrecy, data integrity and non repudiation.
In this paper we describe a framework based on Java applications and
Java applets to secure HTTP transactions.
We have implemented a system that allows users to perform all the
encryption and authentication work outside the browser, by using
applets and other locally installed software.
Software is also installed on the WWW server
and performs corresponding encryption and authentication procedures.
All the software we use can be easily studied and analysed.
Thus we do not need to use obscurity in our solution. Moreover users can
eventually integrate their own modules to perform the
without affecting the validity of our approach.
Our solution enforces strong security without requiring modifications in
the existing HTTP protocol or in the available
commercial browsers. Any browser supporting Java may be used.
Here the full paper in poscript format.
This paper has been published in the
Proceedings of the "3rd USENIX Workshop on Electronic Commerce",
August 31 - September 3, 1998, Boston, Massachusetts, USA. ISBN 1-880446-97-9 pp. 109-119, USENIX Association.