Dos and don'ts of client authentication on the web

Client authentication has been a continuous source of problems on the Web. Although many well-studied techniques exist for authentication, Web sites continue to use extremely weak authentication schemes, especially in non-enterprise environments such as store fronts. These weaknesses often result from careless use of authenticators within Web cookies. Of the twenty-seven sites we investigated, we weakened the client authentication on two systems, gained unauthorized access on eight, and extracted the secret key used to mint authenticators from one. We provide a description of the limitations, requirements, and security models specific to Web client authentication. This includes the introduction of the interrogative adversary, a surprisingly powerful adversary that can adaptively query a Web site. We propose a set of hints for designing a secure client authentication scheme. Using these hints, we present the design and analysis of a simple authentication scheme secure against forgeries by the interrogative adversary. In conjunction with SSL, our scheme is secure against forgeries by the active adversary.

[1]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  David M. Kristol,et al.  HTTP State Management Mechanism , 1997, RFC.

[3]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[4]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[5]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[6]  Martín Abadi,et al.  Prudent engineering practice for cryptographic protocols , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Butler W. Lampson,et al.  Hints for Computer System Design , 1983, IEEE Software.

[8]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[9]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[10]  Ravi S. Sandhu,et al.  Secure Cookies on the Web , 2000, IEEE Internet Comput..

[11]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[12]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[13]  Keith Moore,et al.  Use of HTTP State Management , 2000, RFC.

[14]  John T. Kohl The use of Encryption in Kerberos for Network Authentication , 1989, CRYPTO.

[15]  Paul F. Syverson,et al.  Unlinkable Serial Transactions , 1997, Financial Cryptography.

[16]  Chris Mitchell,et al.  Security defects in CCITT recommendation X.509: the directory authentication framework , 1990, CCRV.

[17]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[18]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[19]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[20]  Eric Rescorla,et al.  SSL and TLS: Designing and Building Secure Systems , 2000 .

[21]  Mihir Bellare,et al.  The AuthA Protocol for Password-Based Authenticated Key Exchange , 2000 .

[22]  David A. Wagner,et al.  Proofs of Security for the Unix Password Hashing Algorithm , 2000, ASIACRYPT.

[23]  Bruno Crispo,et al.  Secure WWW Transactions Using Standard HTTP and Java Applets , 1998, USENIX Workshop on Electronic Commerce.

[24]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[25]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[26]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[27]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[28]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[29]  Vipin Samar Single sign-on using cookies for Web applications , 1999, Proceedings. IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'99).

[30]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[31]  Jean-Jacques Quisquater,et al.  Better Login Protocols for Computer Networks , 1990, ESORICS.

[32]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[33]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.