Secure Modular Password Authentication for the Web Using Channel Bindings

Manulis, Mark; Stebila, Douglas; Kiefer, Franziskus; Denham, Nick

doi:10.1007/978-3-319-14054-4_11

Cited by 9 publications

(5 citation statements)

References 26 publications

(5 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since EKE's conception, debate has continued on the best target applications for PAKE. Many arguments have suggested replacing password authentication in web applications, including to address phishing, but to little effect-apparently due to major deployment barriers and the inertia of incumbent web authentication password protocols (see Manulis et al [75]). Strong arguments have likewise been made for integrating PAKE into TLS, prompting a 2019 IETF PAKE selection process; an earlier 2007 TLS-SRP effort (based on SRP-6) supported by RFC 5054 failed to result in wide adoption [31].…”

Section: Real World Use Casesmentioning

confidence: 99%

SoK

Hao

Oorschot

2022

Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

Section: Real World Use Casesmentioning

confidence: 99%

SoK

Hao

Oorschot

2022

Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…Our prototype is not the only one using the standard notification API to create a trusted path to the private password window. Menalis et al [14] also used this concept.…”

Section: A Registration Modulementioning

confidence: 99%

“…Despite its widely studied security problems [1]- [13], password authentication through an HTML form is the dominant mechanism for authenticating users in modern web applications [4], [14], [15]. More specifically, the lack of authentication standard HTML form and the limited security background of webmasters have created a set of unique design and implementation choices that contain multiple security vulnerabilities [3], [12].…”

Section: Introduction (Heading 1)mentioning

confidence: 99%

Implementation and Evaluation of a Secure and Efficient Web Authentication Scheme using Mozilla Firefox and WAMP

Sadqi¹,

Asimi²,

Asimi³

et al. 2016

ijacsa

View full text Add to dashboard Cite

Abstract-User authentication and session management are two of the most critical aspects of computer security and privacy on the web. However, despite their importance, in practice, authentication and session management are implemented through the use of vulnerable techniques. To solve this complex problem, we proposed new authentication architecture, called StrongAuth. Later, we presented an improved version of StrongAuth that includes a secure session management mechanism based on public key cryptography and other cryptographic primitives. In this paper, we present an experimental implementation and evaluation of the proposed scheme to demonstrate its feasibility in real-world scenarios. Specifically, we realize a prototype consisting of two modules: (1) a registration module that implements the registration, and (2) an authentication module integrating both the mutual authentication and the session management phases of the proposed scheme. The experimental results show that in comparison to traditional authentication and session management mechanisms, the proposed prototype presents the lowest total runtime.

show abstract

“…Being usable, this factor of authentication has been challenged under different kind of threats over the times (Marechal, 2008) (Pinkas and Sander, 2002) (Kim et al, 2016) (Pan et al, 2016) (Halevi and Saxena, 2015) . Though most of these threats have been successfully handled (Manulis et al, 2016) (Kontaxis et al, 2013), there are a few, particularly those which involve human intelligence factor, are continuously challenging researchers in developing some efficient algorithm to tackle the breaches. Recording attack is one such security threat (on client side) which has severe impact on the password based authentication (Yan et al, 2015).…”

Section: Introductionmentioning

confidence: 99%

Lighting Two Candles With One Flame: An Unaided Human Identification Protocol With Security Beyond Conventional Limit

Chakraborty,

Mondal

2017

Preprint

View full text Add to dashboard Cite

Designing an efficient protocol for avoiding the threat of recording based attack in presence of a powerful eavesdropper remains a challenge for more than two decades. During authentication, the absence of any secure link between the prover and verifier makes things even more vulnerable as, after observing a threshold challenge-response pair, users' secret may easily get derived due to information leakage. Existing literatures only present new methodologies with ensuring superior aspects over previous ones, while ignoring the aspects on which their proposed schemes cope poorly. Unsurprisingly, most of them are far from satisfactory − either are found far from usable or lack of security features.To overcome this issue, we first introduce the concept of "leakage control" which puts a bar on the natural information leakage rate and greatly helps in increasing both the usability and security standards. Not just prevention, but also, by introducing the threat detection strategy (based on the concept of honeyword ), our scheme "lights two candles". It not only eliminates the long terms security and usability conflict under the practical scenario, but along with threat detection from client side, it is capable of protecting the secret at the server side under the distributed framework, and thus, guaranteeing security beyond the conventional limit.

show abstract

Secure Modular Password Authentication for the Web Using Channel Bindings

Cited by 9 publications

References 26 publications

SoK

SoK

Implementation and Evaluation of a Secure and Efficient Web Authentication Scheme using Mozilla Firefox and WAMP

Lighting Two Candles With One Flame: An Unaided Human Identification Protocol With Security Beyond Conventional Limit

Contact Info

Product

Resources

About