Secure Framework to Mitigate Man-in-the-Middle Attack over SSL Protocol

Background/Objectives: Technology has driven the conventional shopping from shop to internet based application tools like PCs, Laptops and smartphones and it is termed as E-Commerce, in which security plays a vital role since it deals with financial transactions. SSL/TLS is responsible for providing security to the application data on both client and server side. Method: An overview on E-Commerce security requirements, SLL layer protocol and security analysis of the protocol is conducted. Findings: Since E-Commerce services are very important, due to lack of efficient cryptographic encryption techniques, PKI infrastructure and digital signature deployment intruders are intercepting sensitive and valuable information of clients. So we conducted a survey on different attacks on SSL layer of E-Commerce applications and find that Man in the Middle (MitM) attack like phishing attack became a severe attack. Improvements: We propose a frame work to mitigate the MitM in SSL protocol which has there modules like front end authentication, backend authentication and bogus CA identification is proposed. Due to dual end authentication its secure compared to traditional SSL. In our future work we implement our proposed framework.