Using trusted platform module to mitigate SSL stripping

Electronic commerce refers to trading of services or products over electronic systems such as the Internet and other computer networks. Internet banking, electronic data interchange, and inventory management systems are some examples of popular electronic commerce applications. In such applications, Secure Socket Layer (SSL) would be used to provide authentication between the respective parties. Secure Socket Layer is designed to provide two security goals, i.e. to secure the connection and to ensure the integrity of data between two parties while communicating with each other. However, one of the recent attacks, called SSL stripping has raised security concerns for web applications using SSL. There are a number of existing protocols that can be used to mitigate this problem. Unfortunately, these protocols have some limitations. In this paper, a new authentication protocol is proposed to mitigate this attack. The proposed protocol uses the trusted platform module and is able to overcome the limitations faced by other existing protocols.