Getting Web Authentication Right A Best-Case Protocol for the Remaining Life of Passwords
نویسنده
چکیده
We outline an end-to-end password authentication protocol for the web designed to be stateless and as secure as possible given legacy limitations of the web browser and performance constraints of commercial web servers. Our scheme is secure against very strong but passive attackers able to observe both network traffic and the server’s database state. At the same time, our scheme is simple for web servers to implement and requires no changes to modern, HTML5-compliant browsers. We assume TLS is available for initial login and no other public-key cryptographic operations, but successfully defend against cookie-stealing and cookie-forging attackers and provide strong resistance to password guessing attacks.
منابع مشابه
GSLHA: Group-based Secure Lightweight Handover Authentication Protocol for M2M Communication
Machine to machine (M2M) communication, which is also known as machine type communication (MTC), is one of the most fascinating parts of mobile communication technology and also an important practical application of the Internet of Things. The main objective of this type of communication, is handling massive heterogeneous devices with low network overheads and high security guarantees. Hence, v...
متن کاملAN Efficiently Detect and Filter False Data Injected Using Quantum Cryptography in Wireless Sensor Networks
Security is the key term which revolves around every user’s Confidentiality and Privacy on web. It is mainly achieved through passwords and conventional login systems.The literature survey clearly shows that the existing systems results in severe issues due to poor remembrance, reusability, weak passwords, hacking. This turns out to be a great problem for users having number of accounts either ...
متن کاملA Solution for the Allocation of Customers Authentication Methods (The Case of Multimedia Contact Center in Agriculture Bank of Iran)
In order to provide different services for the customers, banks embark on a multimedia contact center. Considering that, in this center, where several services such as transferring money, getting statement information and asking for check books are provided, the authentication is of high importance. How to allocate the appropriate authentication method for each customer is one of the challe...
متن کاملProcess algebraic modeling of authentication protocols for analysis of parallel multi-session executions
Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authen...
متن کاملA TESLA-based mutual authentication protocol for GSM networks
The widespread use of wireless cellular networks has made security an ever increasing concern. GSM is the most popular wireless cellular standard, but security is an issue. The most critical weakness in the GSM protocol is the use of one-way entity authentication, i.e., only the mobile station is authenticated by the network. This creates many security problems including vulnerability against m...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011