Filters








1,026 Hits in 5.3 sec

Secure Modular Password Authentication for the Web Using Channel Bindings [chapter]

Mark Manulis, Douglas Stebila, Nick Denham
2014 Lecture Notes in Computer Science  
Recently, a few modular designs have been proposed in which a cryptographically secure password-based mutual authentication protocol is run inside a confidential (but not necessarily authenticated) channel  ...  Secure protocols for password-based user authentication are well-studied in the cryptographic literature but have failed to see wide-spread adoption on the internet; most proposals to date require extensive  ...  TLS channel bindings To securely bind the password authentication protocol and the used secure channel, we must incorporate some identifier for the channel into the authentication protocol.  ... 
doi:10.1007/978-3-319-14054-4_11 fatcat:kmxlimojqncvnecamwtm46akye

Secure modular password authentication for the web using channel bindings

Mark Manulis, Douglas Stebila, Franziskus Kiefer, Nick Denham
2016 International Journal of Information Security  
Recently, a few modular designs have been proposed in which a cryptographically secure password-based mutual authentication protocol is run inside a confidential (but not necessarily authenticated) channel  ...  Secure protocols for password-based user authentication are well-studied in the cryptographic literature but have failed to see wide-spread adoption on the internet; most proposals to date require extensive  ...  TLS channel bindings To securely bind the password authentication protocol and the used secure channel, we must incorporate some identifier for the channel into the authentication protocol.  ... 
doi:10.1007/s10207-016-0348-7 fatcat:qrmhnpop2ze2fkzznmpl3jnmcu

TruWallet

Sebastian Gajek, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy
2009 Proceedings of the 2009 ACM workshop on Scalable trusted computing - STC '09  
Identity theft has fostered to a major security problem on the Internet, in particular stealing passwords for web applications through phishing and malware.  ...  Our implementation uses a small virtualization-based security kernel with trusted computing support and works with standard SSL-based authentication solutions for the web, where only minor modifications  ...  PAKE protocols can be used for mutual authentication, i.e., using PAKE, it is not necessary to transmit username and password over the SSL channel during login.  ... 
doi:10.1145/1655108.1655112 dblp:conf/ccs/GajekLSW09 fatcat:75bffcofjzatjjvfs2kae2xe6u

Trust No One Else: Detecting MITM Attacks against SSL/TLS without Third-Parties [chapter]

Italo Dacosta, Mustaque Ahamad, Patrick Traynor
2012 Lecture Notes in Computer Science  
for their certificates using previously established user authentication credentials.  ...  The security guarantees provided by SSL/TLS depend on the correct authentication of servers through certificates signed by a trusted authority.  ...  Acknowledgments This work was supported in part by the US National Science Foundation (CAREER CNS-0952959).  ... 
doi:10.1007/978-3-642-33167-1_12 fatcat:ye7cuxnz4nepfdubsrf6piumou

Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stuble, Marcel Winandy
2007 The Second International Conference on Availability, Reliability and Security (ARES'07)  
Our approach is based on the ideas of compartmentalization for isolating applications of different trust level, and a trusted wallet for storing credentials and authenticating sensitive services.  ...  Once the wallet has been setup in an initial step, our solution requires no special care from users for identifying the right web sites while the disclosure of credentials is strictly controlled.  ...  We propose a modular platform that uses a trusted wallet to store user's credentials and authenticate the sensitive services as a proxy on behalf of the user.  ... 
doi:10.1109/ares.2007.59 dblp:conf/IEEEares/GajekSSW07 fatcat:exrbbu2ytfbobkezmnywxh7jqm

Verified interoperable implementations of security protocols

Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon, Stephen Tse
2008 ACM Transactions on Programming Languages and Systems  
We establish the correctness of this compilation scheme, and we illustrate our approach with protocols for Web Services security.  ...  The concrete implementation is for production and interoperability testing. The symbolic implementation is for debugging and formal verification.  ...  Acknowledgements James Margetson and Don Syme helped us enormously with using and adapting the F# compiler. Tony Hoare and David Langworthy suggested improvements to the presentation.  ... 
doi:10.1145/1452044.1452049 fatcat:qzjm6wxpxncodagw7nx3ykaukq

Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer

Thanh Bui, Siddharth Prakash Rao, Markku Antikainen, Viswanathan Manihatty Bojan, Tuomas Aura
2018 USENIX Security Symposium  
The vulnerable IPC methods are ones where a server process binds to a name or address and waits for client communication.  ...  Our results show that application developers are often unaware of the risks and secure practices in using IPC.  ...  Acknowledgments This work started from a collaborative research project with F-Secure. We are grateful to Alexey Kirichenko and others at F-Secure for their support and feedback.  ... 
dblp:conf/uss/BuiRABA18 fatcat:a5rfl6z5rrabdc6b66fj3mnqlu

(De-)Constructing TLS 1.3 [chapter]

Markulf Kohlweiss, Ueli Maurer, Cristina Onete, Björn Tackmann, Daniele Venturi
2015 Lecture Notes in Computer Science  
In particular, adding password-based authentication for the client in the unilaterally secure channel immediately yields a mutually secure channel.  ...  It was introduced by Netscape [15] in the context of protecting connections between web browsers and web servers, but nowadays the protocol is also used for many other Internet protocols including, e.g  ...  As a corollary and following a result by Tackmann [24] , we model the use of password-based authentication to construct a bilaterally secure channel.  ... 
doi:10.1007/978-3-319-26617-6_5 fatcat:qy32ftanvrchllc74m72v7mkre

Identifying SOA Security Threats using Web Mining

Mohamed IbrahimB, Mohamed Shanavas A R
2015 International Journal of Computer Applications  
There is no comprehensive security solution is achieved yet for SOA. This paper identifies the SOA security threats using the data mining technique -web mining.  ...  The web services are the implementation of SOA that works for heterogeneous platforms as they use common Internet protocols for communication and simple text format such as XML for data representation.  ...  The available security solutions work only for trusted parties on secured channel.  ... 
doi:10.5120/21214-3929 fatcat:x62udoqfpvfjxb7bwcd3zfsxey

Provable Security Analysis of FIDO2 [article]

Shan Chen, Manuel Barbosa, Alexandra Boldyreva, Bogdan Warinschi
2020 IACR Cryptology ePrint Archive  
Our analysis covers the core components of FIDO2: the W3C's Web Authentication (WebAuthn) specification and the new Client-to-Authenticator Protocol (CTAP2). Our analysis is modular.  ...  For WebAuthn and CTAP2, in turn, we propose appropriate security models that aim to capture their intended security goals and use the models to analyze their security.  ...  We thank the anonymous reviewers for their valuable comments. We thank Alexei Czeskis for help with FIDO2 details. A. Boldyreva and S.  ... 
dblp:journals/iacr/ChenBBW20 fatcat:jql4am7mrbavlishbp6zhioibi

ISDN LAN Access: Remote access security and user profile management [chapter]

Reinhard Posch, Herbert Leitold, Franz Pucher
1996 IFIP Advances in Information and Communication Technology  
These can range from simple password-based schemes for low privileged guest profiles to cryptographic methods like zero knowledge authentication using secure ID cards for high privileged remote access  ...  As the user profiles may vary widely, a remote access security policy is introduced, which has to deal with binding the user's access rights to the user profile.  ...  Using the connection oriented, circuit switched 64 kb/s B-channel is not secure. Therefore, security functions providing for user authentication are needed.  ... 
doi:10.1007/978-0-387-35083-7_20 fatcat:e7lw6vorsvadlgyovgyz5ydov4

A semantics for web services authentication

Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon
2004 SIGPLAN notices  
We consider the problem of specifying and verifying cryptographic security protocols for XML web services.  ...  We introduce a language-based model for XML security protocols, and establish process calculus techniques for verifying authentication properties for a wide class of WS-Security protocols.  ...  We thank Tony Hoare, Riccardo Pucella, and the anonymous reviewers for their comments.  ... 
doi:10.1145/982962.964018 fatcat:wahsacmasnealks2fr7rzpe5ei

A semantics for web services authentication

Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon
2004 Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '04  
We consider the problem of specifying and verifying cryptographic security protocols for XML web services.  ...  We introduce a language-based model for XML security protocols, and establish process calculus techniques for verifying authentication properties for a wide class of WS-Security protocols.  ...  We thank Tony Hoare, Riccardo Pucella, and the anonymous reviewers for their comments.  ... 
doi:10.1145/964001.964018 dblp:conf/popl/BhargavanFG04 fatcat:xogu6oisefgkzhrcvyxiacqwfi

A semantics for web services authentication

Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon
2005 Theoretical Computer Science  
We consider the problem of specifying and verifying cryptographic security protocols for XML web services.  ...  We introduce a language-based model for XML security protocols, and establish process calculus techniques for verifying authentication properties for a wide class of WS-Security protocols.  ...  We thank Tony Hoare, Riccardo Pucella, and the anonymous reviewers for their comments.  ... 
doi:10.1016/j.tcs.2005.03.005 fatcat:xd2z2b6ulvfbpdhzxxs2xblne4

Cancellable Biometrics for Security and Privacy Enforcement on Semantic Web

Akhilesh Dwivedi, Suresh Kumar, Abhishek Dwivedi, Manjeet Singh
2011 International Journal of Computer Applications  
The Security is dependent on the secrecy, trustworthiness of the authenticators (password, PIN, e-token, biometrics) because  ...  The safety depends on the secrecy, privacy and trustworthiness of the authenticators because deeper the trust level of authenticator, stronger are going to be security and privacy of Semantic web.  ...  Table 3 describes it for security issues. This evaluates the use of biometrics over the Semantic Web is more secure and better than other authenticators (password and e-token).  ... 
doi:10.5120/2535-3460 fatcat:icxuoriaynephbvorvxxjtp57e
« Previous Showing results 1 — 15 out of 1,026 results