Getting web authentication right: a best-case protocol for the remaining life of passwords

Authors:
Joseph Bonneau
Affiliations:
University of Cambridge, Cambridge, UK
Venue:
SP'11 Proceedings of the 19th international conference on Security Protocols
Year:
2011

Citing 10
Cited 2

Securing passwords against dictionary attacks

Proceedings of the 9th ACM conference on Computer and communications security
A Lightweight Approach to Authenticated Web Caching

SAINT '05 Proceedings of the The 2005 Symposium on Applications and the Internet
Dos and don'ts of client authentication on the web

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
SPP: An anti-phishing single password protocol

Computer Networks: The International Journal of Computer and Telecommunications Networking
Sessionlock: securing web sessions against eavesdropping

Proceedings of the 17th international conference on World Wide Web
Email-Based Identification and Authentication: An Alternative to PKI?

IEEE Security and Privacy
pwdArmor: Protecting Conventional Password-Based Authentications

ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
WSKE: web server key enabled cookies

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Secure session management with cookies

ICICS'09 Proceedings of the 7th international conference on Information, communications and signal processing
Hardened stateless session cookies

Security'08 Proceedings of the 16th International conference on Security protocols

Portable tunnel establishment with a strong authentication design for secure private cloud

Proceedings of the 2012 ACM Research in Applied Computation Symposium
Robust and flexible tunnel management for secure private cloud

ACM SIGAPP Applied Computing Review

Quantified Score

Hi-index	0.00

Visualization

Abstract

We outline an end-to-end password authentication protocol for the web designed to be stateless and as secure as possible given legacy limitations of the web browser and performance constraints of commercial web servers. Our scheme is secure against very strong but passive attackers able to observe both network traffic and the server's database state. At the same time, our scheme is simple for web servers to implement and requires no changes to modern, HTML5-compliant browsers. We assume TLS is available for initial login and no other public-key cryptographic operations, but successfully defend against cookie-stealing and cookie-forging attackers and provide strong resistance to password guessing attacks.