University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy

Gajek, S, Manulis, M and Schwenk, J (2008) Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy In: 13th Australasian Conference, ACISP 2008, 2008-07-07 - 2008-07-09, Wollongong, Australia.

[img]
Preview
PDF
GaMaSc_ACISP08.pdf
Available under License : See the attached licence file.

Download (709kB)
[img]
Preview
PDF (licence)
SRI_deposit_agreement.pdf

Download (33kB)

Abstract

The standard solution for mutual authentication between human users and servers on the Internet is to execute a TLS handshake during which the server authenticates using a X.509 certificate followed by the authentication of the user either with own password or with some cookie stored within the user’s browser. Unfortunately, this solution is susceptible to various impersonation attacks such as phishing as it turned out that average Internet users are unable to authenticate servers based on their certificates. In this paper we address security of cookie-based authentication using the concept of strong locked same origin policy for browsers introduced at ACM CCS’07. We describe a cookie-based authentication protocol between human users and TLS-servers and prove its security in the extended formal model for browser-based mutual authentication introduced at ACM ASIACCS’08. It turns out that the small modification of the browser’s security policy is sufficient to achieve provably secure cookie-based authentication protocols considering the ability of users to recognize images, video, or audio sequences.

Item Type: Conference or Workshop Item (Conference Paper)
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
AuthorsEmailORCID
Gajek, SUNSPECIFIEDUNSPECIFIED
Manulis, MUNSPECIFIEDUNSPECIFIED
Schwenk, JUNSPECIFIEDUNSPECIFIED
Date : 2008
Identification Number : 10.1007/978-3-540-70500-0_2
Contributors :
ContributionNameEmailORCID
PublisherSpringer Berlin Heidelberg, UNSPECIFIEDUNSPECIFIED
Additional Information : The original publication is available at http://www.springerlink.com
Depositing User : Symplectic Elements
Date Deposited : 12 Jun 2013 09:06
Last Modified : 09 Jun 2014 13:32
URI: http://epubs.surrey.ac.uk/id/eprint/755174

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800