University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy

Gajek, S, Manulis, M and Schwenk, J (2008) Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy In: 13th Australasian Conference, ACISP 2008, 2008-07-07 - 2008-07-09, Wollongong, Australia.

Available under License : See the attached licence file.

Download (709kB)
Text (licence)

Download (33kB)


The standard solution for mutual authentication between human users and servers on the Internet is to execute a TLS handshake during which the server authenticates using a X.509 certificate followed by the authentication of the user either with own password or with some cookie stored within the user’s browser. Unfortunately, this solution is susceptible to various impersonation attacks such as phishing as it turned out that average Internet users are unable to authenticate servers based on their certificates. In this paper we address security of cookie-based authentication using the concept of strong locked same origin policy for browsers introduced at ACM CCS’07. We describe a cookie-based authentication protocol between human users and TLS-servers and prove its security in the extended formal model for browser-based mutual authentication introduced at ACM ASIACCS’08. It turns out that the small modification of the browser’s security policy is sufficient to achieve provably secure cookie-based authentication protocols considering the ability of users to recognize images, video, or audio sequences.

Item Type: Conference or Workshop Item (Conference Paper)
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
Gajek, S
Manulis, M
Schwenk, J
Date : 2008
DOI : 10.1007/978-3-540-70500-0_2
Contributors :
ContributionNameEmailORCID Berlin Heidelberg,
Additional Information : The original publication is available at
Depositing User : Symplectic Elements
Date Deposited : 12 Jun 2013 09:06
Last Modified : 31 Oct 2017 14:59

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800