University of Surrey

Test tubes in the lab Research in the ATI Dance Research

User-Aware Provably Secure Protocols for Browser-Based Mutual Authentication

Gajek, S, Manulis, M and Schwenk, J (2009) User-Aware Provably Secure Protocols for Browser-Based Mutual Authentication International Journal of Applied Cryptography (IJACT), 1 (4). pp. 290-308.

Full text not available from this repository.

Abstract

The standard solution for mutual authentication between human users and servers on the internet is to execute a transport layer security (TLS) handshake during which the server authenticates using a X.509 certificate followed by the authentication of the user either with own password or with some cookie stored within the user's browser. However, poor ability of human users to validate X.509 certificates allows for various forms of (social) impersonation attacks. In this paper, we introduce human perceptible authentication (HPA) as a concept for the secure user-aware authentication of servers via recognisable authenticators such as images, video or audio sequences. We formally specify HPA within a security model for browser-based mutual authentication; for this, we extend the traditional Bellare-Rogaway model to deal with human users as inherent protocol participants. Using HPA and the classical TLS handshake, we furthermore design two efficient provably secure password- and cookie-authentication protocols.

Item Type: Article
Authors :
NameEmailORCID
Gajek, SUNSPECIFIEDUNSPECIFIED
Manulis, Mm.manulis@surrey.ac.ukUNSPECIFIED
Schwenk, JUNSPECIFIEDUNSPECIFIED
Date : 2009
Identification Number : https://doi.org/10.1504/IJACT.2009.028028
Depositing User : Symplectic Elements
Date Deposited : 17 May 2017 12:22
Last Modified : 17 May 2017 15:03
URI: http://epubs.surrey.ac.uk/id/eprint/835045

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800