124 Hits in 5.3 sec

Provably secure browser-based user-aware mutual authentication over TLS

Sebastian Gajek, Mark Manulis, Ahmad-Reza Sadeghi, Jörg Schwenk
2008 Proceedings of the 2008 ACM symposium on Information, computer and communications security - ASIACCS '08  
The standard solution for user authentication on the Web is to establish a TLS-based secure channel in server authenticated mode and run a protocol on top of TLS where the user enters a password in an  ...  We tackle this problem by proposing a protocol that allows the user to identify the server based on human perceptible authenticators (e.g., picture, voice).  ...  Browser-Based Mutual Authentication Protocol based on TLS In this section we describe our protocol for browser-based authentication based on the standard TLS protocol.  ... 
doi:10.1145/1368310.1368354 dblp:conf/ccs/GajekMSS08 fatcat:tjphjhavhbgntpdph4zmglx3wq

In-the-wire authentication: Protecting client-side critical data fields in secure network transactions

M.W. Currie
2009 2009 2nd International Conference on Adaptive Science & Technology (ICAST)  
Index Terms-TLS security, Computer network security, Internet security, Public key cryptography, Man-in-the-middle.  ...  secure trusted path between the web user and the service.  ...  Since all secure web servers and all web browsers support TLS, web users can enjoy strong protection of transaction messages over the public network.  ... 
doi:10.1109/icastech.2009.5409720 fatcat:5vico3lsdnfitprmnspb7bzl2m

Ceremony Analysis: Strengths and Weaknesses [chapter]

Kenneth Radke, Colin Boyd, Juan Gonzalez Nieto, Margot Brereton
2011 IFIP Advances in Information and Communication Technology  
We investigate known security flaws in the context of security ceremonies to gain an understanding of the ceremony analysis process.  ...  The term security ceremonies is used to describe a system of protocols and humans which interact for a specific purpose.  ...  The protocol that Gajek et al. proved to be secure, what they called browserbased user-aware mutual authentication over TLS, is a non-trivial security ceremony.  ... 
doi:10.1007/978-3-642-21424-0_9 fatcat:3fz756n32ng6bgehrzt46a4h7a

SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements

J. Clark, P. C. van Oorschot
2013 2013 IEEE Symposium on Security and Privacy  
Internet users today depend daily on HTTPS for secure communication with sites they intend to visit.  ...  Meanwhile the number of browser-trusted (and thus, de facto, user-trusted) certificate authorities has proliferated, while the due diligence in baseline certificate issuance has declined.  ...  We acknowledge funding from the Natural Science and Engineering Research Council (NSERC) through a PDF (first author), Canada Research Chair in Authentication and Computer Security (second), and NSERC  ... 
doi:10.1109/sp.2013.41 dblp:conf/sp/ClarkO13 fatcat:xtazjddqd5d4bad5eqdkl5hvnq

Ubiquitous One-Time Password Service Using the Generic Authentication Architecture

Chunhua Chen, Chris J. Mitchell, Shaohua Tang
2011 Journal on spesial topics in mobile networks and applications  
The scheme employs a GAA-enabled user device and a GAA-aware server.  ...  The Generic Authentication Architecture (GAA) is a standardised extension to the mobile authentication infrastructure that enables the provision of security services, such as key establishment, to network  ...  accesses the security services provided by the BSF, and has the means to establish a mutually authenticated secure channel (e.g. as provided by SSL/TLS) with the BSF.  ... 
doi:10.1007/s11036-011-0329-z fatcat:qttu4zcy2ngzfnz5cw4c2sp62a

Secure password-based cipher suite for TLS

Michael Steiner, Peter Buhler, Thomas Eirich, Michael Waidner
2001 ACM Transactions on Privacy and Security  
The resulting protocol provides secure mutual authentication and key establishment over an insecure channel. It does not have to resort to a PKI or keys and certificates stored on the users computer.  ...  However, the adoption of password-based key-exchange protocols can overcome some of these problems.  ...  These protocols provide key exchange with mutual authentication based on weak secrets (e.g., passwords).  ... 
doi:10.1145/501963.501965 fatcat:6u52lfbgtndshn2zvnkre6y74q

Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS

Karthikeyan Bhargavan, Antoine Delignat Lavaud, Cedric Fournet, Alfredo Pironti, Pierre Yves Strub
2014 2014 IEEE Symposium on Security and Privacy  
However, the security guarantees of TLS fall short of those of a secure channel, leading to a variety of attacks.  ...  We also demonstrate new ways to exploit known weaknesses of HTTP over TLS. We investigate the root causes for these attacks and propose new countermeasures.  ...  Figure 1 shows the full handshake with mutual authentication.  ... 
doi:10.1109/sp.2014.14 dblp:conf/sp/BhargavanDFPS14 fatcat:7jt2pm6vpzd65ijps7a7mclldu

Evaluation of the Model for Analysing Anti-Phishing Authentication Ceremonies

Edina Hatunic-Webster, Fred Mtenzi, Brendan O'Shea
2015 International Journal for Information Security Research  
It is an extension of the concept of network security protocol and includes user interface and human-protocol interaction.  ...  The model examines anti-phishing authentication tasks that a human needs to apply, how users process these additional authentication tasks and how these tasks impact the human's decision outcome.  ...  Provably Secure Browser-Based User-Aware Mutual Authentication over TLS [7] .  ... 
doi:10.20533/ijisr.2042.4639.2015.0060 fatcat:3zz5xwffvbcllmwbvbnxrh6wgm

Single password authentication

Tolga Acar, Mira Belenkiy, Alptekin Küpçü
2013 Computer Networks  
To the best of our knowledge, we are the first to propose such various and provably secure password-based authentication schemes.  ...  In this paper, we propose several protocols that can allow a user to use a single password to authenticate to multiple services securely.  ...  In cases where TLS is not feasible or the user is fooled into connecting to an impersonating server even over TLS, and assuming the sessions are short-lived compared to the time it takes to crack this  ... 
doi:10.1016/j.comnet.2013.05.007 fatcat:qs724vx4bjhyxlsfi3dxawqkq4

User-centric identity management using trusted modules

J. Vossaert, J. Lapon, B. De Decker, V. Naessens
2013 Mathematical and computer modelling  
Federated identity management systems aim at increasing the user-friendliness of authentication procedures, while at the same time ensuring strong authentication to service providers.  ...  This paper presents a new flexible approach for user-centric identity management, using trusted modules.  ...  Hence, an authentication module is implemented that interacts with the browser plugin and handles authentication transparently. Web developers, hence, need not be aware of the authentication logic.  ... 
doi:10.1016/j.mcm.2012.06.010 fatcat:angbjoejd5b67eieos5qyhllsm

Reactive and Proactive Standardisation of TLS [chapter]

Kenneth G. Paterson, Thyla van der Merwe
2016 Lecture Notes in Computer Science  
for TLS 1.3.  ...  In the development of TLS 1.3, the IETF TLS Working Group has adopted an "analysis-prior-to-deployment" design philosophy. This is in sharp contrast to all previous versions of the protocol.  ...  Van der Merwe was supported by the EPSRC as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London.  ... 
doi:10.1007/978-3-319-49100-4_7 fatcat:33ngau3bv5a5lb3purmdqqtmxe

A Formal Treatment of Accountable Proxying Over TLS

Karthikeyan Bhargavan, Ioana Boureanu, Antoine Delignat-Lavaud, Pierre-Alain Fouque, Cristina Onete
2018 2018 IEEE Symposium on Security and Privacy (SP)  
Such attacks went unnoticed mainly because mcTLS lacked a formal analysis and security proofs. Hence, our second contribution is to formalize the goal of accountable proxying over secure channels.  ...  Third, we propose a provably-secure alternative to soon-to-be-standardized mcTLS: a generic and modular protocol-design that carefully composes generic secure channel-establishment protocols, which we  ...  TLS 1.3 was designed to (provably) guarantee composable AKE security, unlike TLS 1.2.  ... 
doi:10.1109/sp.2018.00021 dblp:conf/sp/BhargavanBDFO18 fatcat:hml3dbswn5g4fpoi46eidiqsh4

Content delivery over TLS: a cryptographic analysis of keyless SSL

Karthikeyan Bhargavan, Ioana Boureanu, Pierre-Alain Fouque, Cristina Onete, Benjamin Richard
2017 2017 IEEE European Symposium on Security and Privacy (EuroS&P)  
The Transport Layer Security (TLS) protocol is designed to allow two parties, a client and a server, to communicate securely over an insecure network.  ...  We also propose a new design for Keyless TLS 1.3 and prove that it achieves 3(S)ACCEsecurity, assuming that the TLS 1.3 handshake implements an authenticated 2-party key exchange.  ...  The queries from MW to the key server S are performed over a mutually-authenticated TLS channel.  ... 
doi:10.1109/eurosp.2017.52 dblp:conf/eurosp/BhargavanBFOR17 fatcat:7t2lmrzhrnhppanpe3d5d4zlgq

Design and Implementation of an Anonymous and Secure Online Evaluation Protocol

Nikolaos Petrakos, Stefanos Monachos, Emmanouil Magkos, Panayiotis Kotzanikolaou
2020 Electronics  
., anonymous credentials, Privacy Attribute-Based Credentials, and domain signatures) fail to address, at least in an obvious way, the minimal security and practicality requirements.  ...  A web-based implementation of the protocol has been developed and compared to other approaches and systems.  ...  Initially, we assume that all communication in Phase A is done over a mutually authenticated and secure channel.  ... 
doi:10.3390/electronics9091415 fatcat:adtzrba6jfbijfduhh3twavuyi

Towards Privacy Preserving IoT Environments: A Survey

Mohamed Seliem, Khalid Elgazzar, Kasem Khalil
2018 Wireless Communications and Mobile Computing  
The ultimate source of user discomfort is the lack of control over personal raw data that is directly streamed from sensors to the outside world.  ...  As such, privacy is a core requirement in any IoT ecosystem and is a major concern that inhibits its widespread user adoption.  ...  The authentication phase establishes key-based authentication using mutual communication.  ... 
doi:10.1155/2018/1032761 fatcat:j76yhuc5rjhvbifkk5foq3klzq
« Previous Showing results 1 — 15 out of 124 results