User-aware provably secure protocols for browser-based mutual authentication. (1st September 2009)
- Record Type:
- Journal Article
- Title:
- User-aware provably secure protocols for browser-based mutual authentication. (1st September 2009)
- Main Title:
- User-aware provably secure protocols for browser-based mutual authentication
- Authors:
- Gajek, Sebastian
Manulis, Mark
Schwenk, Jorg - Abstract:
- The standard solution for mutual authentication between human users and servers on the internet is to execute a transport layer security (TLS) handshake during which the server authenticates using a X.509 certificate followed by the authentication of the user either with own password or with some cookie stored within the user's browser. However, poor ability of human users to validate X.509 certificates allows for various forms of (social) impersonation attacks. In this paper, we introduce human perceptible authentication (HPA) as a concept for the secure user-aware authentication of servers via recognisable authenticators such as images, video or audio sequences. We formally specify HPA within a security model for browser-based mutual authentication; for this, we extend the traditional Bellare-Rogaway model to deal with human users as inherent protocol participants. Using HPA and the classical TLS handshake, we furthermore design two efficient provably secure password- and cookie-authentication protocols.
- Is Part Of:
- International journal of applied cryptography. Volume 1:Number 4(2009)
- Journal:
- International journal of applied cryptography
- Issue:
- Volume 1:Number 4(2009)
- Issue Display:
- Volume 1, Issue 4 (2009)
- Year:
- 2009
- Volume:
- 1
- Issue:
- 4
- Issue Sort Value:
- 2009-0001-0004-0000
- Page Start:
- 290
- Page End:
- 308
- Publication Date:
- 2009-09-01
- Subjects:
- user awareness -- provably secure protocols -- mutual authentication -- web browsers -- security models -- web servers -- impersonation attacks -- human perceptible authentication -- password authentication -- cookie authentication
Data encryption (Computer science) -- Periodicals
Cryptography -- Periodicals
Computer security -- Periodicals
652.8 - Journal URLs:
- http://inderscience.metapress.com/content/121008 ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 1753-0563
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 8124.xml