Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Risks of the passport single signon protocol
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Secure password-based cipher suite for TLS
ACM Transactions on Information and System Security (TISSEC)
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Security proofs for an efficient password-based key exchange
Proceedings of the 10th ACM conference on Computer and communications security
Security Analysis of the SAML Single Sign-on Browser/Artifact Profile
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Proving a WS-federation passive requestor profile with a browser model
Proceedings of the 2005 workshop on Secure web services
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Provably secure password-based authentication in TLS
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Proceedings of the 2007 ACM workshop on Digital identity management
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Forward secrecy in password-only key exchange protocols
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
One-Time verifier-based encrypted key exchange
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Simple password-based encrypted key exchange protocols
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Browser model for security analysis of browser-based protocols
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Mitigating dictionary attacks on password-protected local storage
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Graphical password authentication using cued click points
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Cryptographically verified implementations for TLS
Proceedings of the 15th ACM conference on Computer and communications security
Stronger TLS bindings for SAML assertions and SAML artifacts
Proceedings of the 2008 ACM workshop on Secure web services
A Browser-Based Kerberos Authentication Scheme
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
A Universally Composable Framework for the Analysis of Browser-Based Security Protocols
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Verified Cryptographic Implementations for TLS
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Towards a secure human-and-computer mutual authentication protocol
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
| Hi-index | 0.00 |
The standard solution for user authentication on the Web is to establish a TLS-based secure channel in server authenticated mode and run a protocol on top of TLS where the user enters a password in an HTML form. However, as many studies point out, the average Internet user is unable to identify the server based on a X.509 certificate so that impersonation attacks (e.g., phishing) are feasible. We tackle this problem by proposing a protocol that allows the user to identify the server based on human perceptible authenticators (e.g., picture, voice). We prove the security of this protocol by refining the game-based security model of Bellare and Rogaway and present a proof of concept implementation.