University of Surrey

Test tubes in the lab Research in the ATI Dance Research

User-Aware Provably Secure Protocols for Browser-Based Mutual Authentication

Gajek, S, Manulis, M and Schwenk, J (2009) User-Aware Provably Secure Protocols for Browser-Based Mutual Authentication International Journal of Applied Cryptography (IJACT), 1 (4). pp. 290-308.

Full text not available from this repository.


The standard solution for mutual authentication between human users and servers on the internet is to execute a transport layer security (TLS) handshake during which the server authenticates using a X.509 certificate followed by the authentication of the user either with own password or with some cookie stored within the user's browser. However, poor ability of human users to validate X.509 certificates allows for various forms of (social) impersonation attacks. In this paper, we introduce human perceptible authentication (HPA) as a concept for the secure user-aware authentication of servers via recognisable authenticators such as images, video or audio sequences. We formally specify HPA within a security model for browser-based mutual authentication; for this, we extend the traditional Bellare-Rogaway model to deal with human users as inherent protocol participants. Using HPA and the classical TLS handshake, we furthermore design two efficient provably secure password- and cookie-authentication protocols.

Item Type: Article
Divisions : Surrey research (other units)
Authors :
Gajek, S
Schwenk, J
Date : 2009
DOI : 10.1504/IJACT.2009.028028
Depositing User : Symplectic Elements
Date Deposited : 17 May 2017 12:22
Last Modified : 24 Jan 2020 22:07

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800