Journal of Electrical Engineering, Electronics, Control and Computer Science

E-commerce applications and e-mail communication are very popular in today's sophisticated society. However, without proper security protocols in place, these applications are susceptible to different types of attacks. The Man-In-The-Middle (MITM) attack for example is becoming an increasing threat for e-mail and e-commerce applications. Spoofing attacks are also a major issue for e-mail applications. In this paper, a review of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols is performed along with some common security attacks for both applications. Firstly, a Hyper Text Transfer Protocol (HTTP) and HTTP Secure (HTTPS) web server was implemented for the e-commerce application using Java. The HTTPS server employs the SSL/TLS protocol and uses a cryptographic self-signed certificate in order to secure messages between the client and the server. The e-mail application was implemented using the Javamail API. It was secured using the TLS protocol to address MITM attacks on e-mail. The MITM attack was performed using the Wireshark software by sniffing data. With the SSL/TLS protocol enabled, data transmitted was encrypted and MITM attack was successfully blocked. Spoofing attacks were also tested and tackled with the SSL/TLS protocol.