Transcript collision attacks: Breaking authentication in TLS, IKE, and SSH
K Bhargavan, G Leurent - Network and Distributed System Security …, 2016 - inria.hal.science
In response to high-profile attacks that exploit hash function collisions, software vendors
have started to phase out the use of MD5 and SHA-1 in third-party digital signature …
have started to phase out the use of MD5 and SHA-1 in third-party digital signature …
Comparative analysis and framework evaluating web single sign-on systems
F Alaca, PCV Oorschot - ACM Computing Surveys (CSUR), 2020 - dl.acm.org
We perform a comprehensive analysis and comparison of 14 web single sign-on (SSO)
systems proposed and/or deployed over the past decade, including federated identity and …
systems proposed and/or deployed over the past decade, including federated identity and …
An extensive formal security analysis of the openid financial-grade api
D Fett, P Hosseyni, R Küsters - 2019 IEEE Symposium on …, 2019 - ieeexplore.ieee.org
Forced by regulations and industry demand, banks worldwide are working to open their
customers' online banking accounts to third-party services via web-based APIs. By using …
customers' online banking accounts to third-party services via web-based APIs. By using …
Control is nothing without trust a first look into digital identity wallet trends
In recent years, user-centric digital identity wallets have become increasingly available,
aiming to give individuals direct control over their personal data. The EU proposal in the …
aiming to give individuals direct control over their personal data. The EU proposal in the …
Viceroy: Gdpr-/ccpa-compliant enforcement of verifiable accountless consumer requests
Recent data protection regulations (such as GDPR and CCPA) grant consumers various
rights, including the right to access, modify or delete any personal information collected …
rights, including the right to access, modify or delete any personal information collected …
Towards Browser Controls to Protect Cookies from Malicious Extensions
Cookies provide a state management mechanism for the web and are often used for
authentication, storing a user's session ID, and replacing their credentials in subsequent …
authentication, storing a user's session ID, and replacing their credentials in subsequent …
Non-Transferable Anonymous Tokens by Secret Binding
FB Durak, L Marco, A Talayhan… - Cryptology ePrint …, 2024 - eprint.iacr.org
Non-transferability (NT) is a security notion which ensures that credentials are only used by
their intended owners. Despite its importance, it has not been formally treated in the context …
their intended owners. Despite its importance, it has not been formally treated in the context …
Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers
Password-based authentication faces various security and usability issues. Password
managers help alleviate some of these issues by enabling users to manage their passwords …
managers help alleviate some of these issues by enabling users to manage their passwords …
Cryptographic Binding Should Not Be Optional: A Formal-Methods Analysis of FIDO UAF Authentication
E Golaszewski, AT Sherman, E Zieglar - ACM CCS (submitted), 2023 - par.nsf.gov
sa case study in cryptographic binding, we present a formal-methods analysis of the Fast
IDentity Online (FIDO) Universal Authentication Framework (UAF) authentication protocol's …
IDentity Online (FIDO) Universal Authentication Framework (UAF) authentication protocol's …