33,931 Hits in 10.1 sec

Analysis of the adoption of security headers in HTTP

William J. Buchanan, Scott Helme, Alan Woodward
2018 IET Information Security  
These options scanned for include: content security policy, public key pinning extension for HTTP, HTTP strict transport security, and HTTP header field X-frame-options, in order to understand the impact  ...  This study analyses some of the newest security options used within HTTP responses, and scans the Alexa Top 1 Million sites for their implementation within HTTP responses.  ...  New security extensions have also been added to prevent man-in-themiddle (MITM) attacks, such as the public key pinning extension for HTTP (HPKP) [7] and which allows a site to associate itself with  ... 
doi:10.1049/iet-ifs.2016.0621 fatcat:6modyyds3fc2ndkljfjxbtvdeu

SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements

J. Clark, P. C. van Oorschot
2013 2013 IEEE Symposium on Security and Privacy  
Internet users today depend daily on HTTPS for secure communication with sites they intend to visit.  ...  We survey and categorize prominent security issues with HTTPS and provide a systematic treatment of the history and on-going challenges, intending to provide context for future directions.  ...  Server-asserted pinning allows the server to specify in an HTTPS header or TLS extension which certificate attributes to pin and for how long.  ... 
doi:10.1109/sp.2013.41 dblp:conf/sp/ClarkO13 fatcat:xtazjddqd5d4bad5eqdkl5hvnq


Lilyana Petkova
2019 Knowledge International Journal  
We will give details on the most important HTTP headers and will retrieve a basic information for some with a lower need.  ...  We will give examples for their implementation in one ASP.NET web application to provide more descriptive perspective of their use!  ...  (HSTS) 11 13 47 49 9.1 39 4.4 Public Key Pinning Extension for HTTP (HPKP) NS NS 47 49 NS 39 51 X-Frame-Options 8 13 47 49 9.1 39 4.4 X-XSS-Protection 8 NS 4+ X-Content-Type-Options  ... 
doi:10.35120/kij3003701p fatcat:m7b3gaj3t5crtpfe4z3bwie2ay

SafetyPin: Encrypted Backups with Human-Memorable Secrets [article]

Emma Dauterman, Henry Corrigan-Gibbs, David Mazières
2021 arXiv   pre-print
We present the design and implementation of SafetyPin, a system for encrypted mobile-device backups.  ...  Like existing cloud-based mobile-backup systems, including those of Apple and Google, SafetyPin requires users to remember only a short PIN and defends against brute-force PIN-guessing attacks using hardware  ...  scheme, and we thank Keith Winstein for early brainstorming on passwords and PINs.  ... 
arXiv:2010.06712v3 fatcat:cestmikmarahjj3ypjqwgtfnby

Why Banker Bob (Still) Can't Get TLS Right: A Security Analysis of TLS in Leading UK Banking Apps [chapter]

Tom Chothia, Flavio D. Garcia, Chris Heppel, Chris McMahon Stone
2017 Lecture Notes in Computer Science  
Some of the apps used the users' PIN as authentication, for which PCI guidelines require extra security, so these apps use an additional cryptographic protocol; we study the underlying protocol of one  ...  We then go on to look at extensions of these methods and find five of the apps have serious vulnerabilities.  ...  Alternatively, just the server's public key can be pinned.  ... 
doi:10.1007/978-3-319-70972-7_33 fatcat:i4xhljpnyjftbkyfilpdsb7s7e

Accountable key infrastructure (AKI)

Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perring, Collin Jackson, Virgil Gligor
2013 Proceedings of the 22nd international conference on World Wide Web - WWW '13  
) for setting up an SSL/TLS connection, and availability with respect to verifiability of public key information.  ...  AKI integrates an architecture for key revocation of all entities (e.g., CAs, domains) with an architecture for accountability of all infrastructure parties through checks-and-balances.  ...  To address the scalability challenges of a browser vendor maintained database, the Public Key Pinning Extension for HTTP [6] generalizes this mechanism to an HTTP header that allows a server to declare  ... 
doi:10.1145/2488388.2488448 dblp:conf/www/KimHPJG13 fatcat:5nccffrvjncq7pb7luryle644a

TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications

Daniel Diaz-Sanchez, Andres Marin-Lopez, Florina Almenarez, Patricia Arias, R. Simon Sherratt
2019 IEEE Communications Surveys and Tutorials  
Moreover, as it relies on public key infrastructure (PKI) for authentication, it is also affected by PKI problems.  ...  Index Terms-Transport layer security, DTLS, public key infrastructure, trusted third party, certificate pinning, Internet of Things, machine to machine.  ...  , lets the domain owner limit which CAs can issue certificates to its domain; HTTP Strict Transport Security and HTTP Public Key Pinning Protocol describe new HTTP headers that enforce policies for TLS  ... 
doi:10.1109/comst.2019.2914453 fatcat:lwwk7pbogfeidhc4t6wth5gvne

Big Brother or: How I stopped Worrying and Love Encryption

Veit Hailperin
2015 Zenodo  
The solution to these issues is the new HTTP Response Header Public-Key-Pinning [17] . The only way to circumvent this in a way that makes any kind of sense is during the very first handshake.  ...  Public-Key-Pins: max-age=5184000; pin-sha256="base64-kodierter-SPKI-Fingerprints" [; includeSubdomains][; report-uri="URI"] In addition, the option includeSubdomains can be set.  ... 
doi:10.5281/zenodo.3521517 fatcat:hnht5b7mojbellkqdfopulol2i

Logging safely in public spaces using color PINs [article]

Frank Nielsen
2013 arXiv   pre-print
We demonstrate the principles using a color Personal Identification Numbers (PINs) login system and describes its various extensions.  ...  Quite surprisingly, the current bottleneck of computer security when logging for authentication is the User Interface (UI): How can we enter safely secret passwords when concealed spy cameras or key loggers  ...  Some extensions of the color PINs system We present several extensions of the associative PIN code system.  ... 
arXiv:1304.6499v1 fatcat:aifooax3lndu5igutryounkepe

Making Simple Repairs: Door and Lock Problems

Mary N. Harrison
2019 EDIS  
This document is FCS5234-06 one of a series of the Department of Family, Youth and Community Sciences, UF/IFAS Extension. Original publication date: May 2002. Revised: December 2005.  ...  Squeaky Door Supplies Needed: • Oil • Hammer • Nail How To Fix: Archival copy: for current recommendations see or your local extension office.  ...  Tighten the screw. • Give your keys a "home." Always put them in the same place and check for them before you lock your door! Landlords may charge you if you lose your keys.  ... 
doi:10.32473/edis-fy808-2005 fatcat:yjgzulsmcjeqlp6mu7xmmtdr4m

Server Location Verification and Server Location Pinning: Augmenting TLS Authentication [article]

AbdelRahman Abdou, P.C. van Oorschot
2016 arXiv   pre-print
Additionally, we introduce the notion of (verifiable) "server location pinning" within TLS (conceptually similar to certificate pinning) to support SLV, and evaluate their combined impact using a server-authentication  ...  We also implement a simple browser extension that interacts seamlessly with the verification infrastructure to obtain realtime server location-verification results.  ...  Acknowledgments The second author acknowledges funding from the Natural Sciences and Engineering Research Council of Canada (NSERC) for both his Canada Research Chair in Authentication and Computer Security  ... 
arXiv:1608.03939v2 fatcat:cwvzp26effhjljirh3ag6tn6ni

Reliability of Chip & PIN evidence in banking disputes

Steven J. Murdoch
2014 Digital Evidence and Electronic Signature Law Review  
Thus the merchants are all given a verification key (the public half), but the generation key (the private half) is kept by the bank. 5 Security failures in Chip & PIN As noted above, the process of  ...  This key could, for example, be obtained by requesting the HSM, which generates keys for personalizing newly issued cards, to generate a key for just one card.  ... 
doi:10.14296/deeslr.v6i0.1862 fatcat:w47qfazacnhjxg6mhradptps4u

Website Credential Storage and Two-Factor Web Authentication with a Java SIM [chapter]

Jonathan Hart, Konstantinos Markantonakis, Keith Mayes
2010 Lecture Notes in Computer Science  
The second scheme, which may optionally be used with the first, utilises a one-time password and is intended for applications requiring an enhanced level of authentication, e.g. financial services.  ...  Public Key Infrastructure (PKI) is not implemented to verify the authenticity of the public RSA keys from the SIM.  ...  by entity X X-PUB Represents entity's X public encryption key X-PRIV Represents entity's X private encryption key X-SYM Represents entity's X symmetric encryption key X-SEED Represents a seed value for  ... 
doi:10.1007/978-3-642-12368-9_17 fatcat:ebb6mlcjsfeztfmjvdywvuydey

Mobile Smart Card Reader Using NFC-Enabled Smartphones [chapter]

Frank Morgner, Dominik Oepen, Wolf Müller, Jens-Peter Redlich
2012 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
Password based authentication systems are neither secure nor particularly convenient for users.  ...  Here, we are presenting the idea of using an NFC-enabled mobile phone as a chip card reader for contactless smart cards.  ...  Furthermore, the server's public key must be stored on the phone, too.  ... 
doi:10.1007/978-3-642-33392-7_3 fatcat:puh2rooghvcahhqnok4tecstpa

IPFS - the perspective storage infrastructure for scientific data - presentation

2020 Zenodo  
Presentation slides for IPFS Introductory Webinar made as proof of side activity of ExPaNDs project on Elettra Sincrotrone Trieste 24/09/2020. Based on PaNdata Continuum ontology.  ...  Example: BMSTU public node gateway address for URI /dnsaddr/ The multiaddresses are recursive.  ...  ] IPFS [pin add] IPFS [get] HTTP [GET] Local data state [Receiver] None Requested Requested Cached Discussion: key points 25/33 •  ... 
doi:10.5281/zenodo.4742585 fatcat:nwipuj7xs5a6dggzc2jsuztibm
« Previous Showing results 1 — 15 out of 33,931 results