%0 Conference Proceedings
%T SSL/TLS Session-Aware User Authentication Using a GAA Bootstrapped Key
%+ Southern University of Science and Technology (SUSTech)
%+ Goldsmiths, University of London (Goldsmiths College)
%A Chen, Chunhua
%A Mitchell, Chris, J.
%A Tang, Shaohua
%Z Part 3: Lightweight Authentication
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 5th Workshop on Information Security Theory and Practices (WISTP)
%C Heraklion, Crete, Greece
%Y Claudio A. Ardagna
%Y Jianying Zhou
%I Springer
%3 Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication
%V LNCS-6633
%P 54-68
%8 2011-06-01
%D 2011
%R 10.1007/978-3-642-21040-2_4
%K man in the middle
%K SSL/TLS session-aware user authentication
%K Generic Authentication Architecture
%Z Computer Science [cs]Conference papers
%X Most SSL/TLS-based electronic commerce (e-commerce) applications (including Internet banking) are vulnerable to man in the middle attacks. Such attacks arise since users are often unable to authenticate a server effectively, and because user authentication methods are typically decoupled from SSL/TLS session establishment. Cryptographically binding the two authentication procedures together, a process referred to here as SSL/TLS session-aware user authentication (TLS-SA), is a lightweight and effective countermeasure. In this paper we propose a means of implementing TLS-SA using a GAA bootstrapped key. The scheme employs a GAA-enabled user device with a display and an input capability (e.g. a 3G mobile phone) and a GAA-aware server. We describe a simple instantiation of the scheme which makes the password authentication mechanism SSL/TLS session-aware; in addition we describe two possible variants that give security-efficiency trade-offs. Analysis shows that the scheme is effective, secure and scalable. Moreover, the approach fits well to the multi-institution scenario.
%G English
%Z TC 11
%Z WG 11.2
%2 https://inria.hal.science/hal-01573291/document
%2 https://inria.hal.science/hal-01573291/file/978-3-642-21040-2_4_Chapter.pdf
%L hal-01573291
%U https://inria.hal.science/hal-01573291
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-WISTP
%~ IFIP-WG11-2
%~ IFIP-LNCS-6633