SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle

Man-in-the-middle attacks pose a serious threat to SSL/TLS-based electronic commerce applications, such as Internet banking. In this paper, we argue that most deployed user authentication mechanism...