BetterAuth: web authentication revisited

Authors:
Martin Johns;Sebastian Lekies;Bastian Braun;Benjamin Flesch
Affiliations:
SAP Research;SAP Research;University of Passau;SAP Research
Venue:
Proceedings of the 28th Annual Computer Security Applications Conference
Year:
2012

Citing 16
Cited 1

Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
User Interaction Design for Secure Systems

ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Extended Password Key Exchange Protocols Immune to Dictionary Attacks

WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The battle against phishing: Dynamic Security Skins

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Sessionlock: securing web sessions against eavesdropping

Proceedings of the 17th international conference on World Wide Web
Forcehttps: protecting high-security web sites from network attacks

Proceedings of the 17th international conference on World Wide Web
Robust defenses for cross-site request forgery

Proceedings of the 15th ACM conference on Computer and communications security
Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
A zero knowledge password proof mutual authentication technique against real-time phishing attacks

ICISS'07 Proceedings of the 3rd international conference on Information systems security
Drive-by pharming

ICICS'07 Proceedings of the 9th international conference on Information and communications security
SessionShield: lightweight protection against session hijacking

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Reliable protection against session fixation attacks

Proceedings of the 2011 ACM Symposium on Applied Computing
App isolation: get the security of multiple browsers with just one

Proceedings of the 18th ACM conference on Computer and communications security
SessionSafe: implementing XSS immune session handling

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security

GlassTube: a lightweight approach to web application integrity

Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents "BetterAuth", an authentication protocol for Web applications. Its design is based on the experiences of two decades with the Web. BetterAuth addresses existing attacks on Web authentication, ranging from network attacks to Cross-site Request Forgery up to Phishing. Furthermore, the protocol can be realized completely in standard JavaScript. This allows Web applications an early adoption, even in a situation with limited browser support.