Abstract
The standard solution for user authentication on the Web is to establish a TLS-based secure channel in server authenticated mode and run a protocol on top of TLS where the user enters a password in an HTML form. However, as many studies point out, the average Internet user is unable to identify the server based on a X.509 certificate so that impersonation attacks (e.g., phishing) are feasible. We tackle this problem by proposing a protocol that allows the user to identify the server based on human perceptible authenticators (e.g., picture, voice). We prove the security of this protocol by refining the game-based security model of Bellare and Rogaway and present a proof of concept implementation. Copyright 2008 ACM.
Author supplied keywords
Cite
CITATION STYLE
Gajek, S., Manulis, M., Sadeghi, A. R., & Schwenk, J. (2008). Provably secure browser-based user-aware mutual authentication over TLS. In Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS ’08 (pp. 300–311). https://doi.org/10.1145/1368310.1368354
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
