Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2008
ACM
2008
ACM
Provably secure browser-based user-aware mutual authentication over TLS
The standard solution for user authentication on the Web is to establish a TLS-based secure channel in server authenticated mode and run a protocol on top of TLS where the user enters a password in an HTML form. However, as many studies point out, the average Internet user is unable to identify the server based on a X.509 certificate so that impersonation attacks (e.g., phishing) are feasible. We tackle this problem by proposing a protocol that allows the user to identify the server based on human perceptible authenticators (e.g., picture, voice). We prove the security of this protocol by refining the game-based security model of Bellare and Rogaway and present a proof of concept implementation. Categories and Subject Descriptors C.2.2 [Computer-Communication Networks]: Network Protocols; E.3 [Data Encryption]: Public key cryptosystems, standards General Terms Security Keywords Browser-based protocols, user authentication, TLS, phishing
Real-time Traffic| Added | 12 Oct 2010 |
| Updated | 12 Oct 2010 |
| Type | Conference |
| Year | 2008 |
| Where | CCS |
| Authors | Sebastian Gajek, Mark Manulis, Ahmad-Reza Sadeghi, Jörg Schwenk |
Comments (0)
Researcher Info
|
