Mutual Authentication Protocol for HTTP

Ioku, Yuichi; Maeda, Kaoru; Oiwa, Yutaka; Takagi, H.; Hayashi, Tatsuya; Watanabe, Hajime

doi:10.17487/rfc8120

Cited by 5 publications

(14 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, our results justify the general approach behind the proposals by Oiwa et al' [7,[36][37][38] and by Dacosta et al [18]. We caution that our theorems, which make use of security models for tPAuth and tPAKE, do not immediately imply security of those particular protocols.…”

Section: Contributionssupporting

confidence: 65%

“…Engler et al ask "What is the appropriate layer in the networking stack to integrate PAKE protocols?" They compare two proposed options: TLS-SRP [42] and an earlier draft of the HTTPS-PAKE approach of Oiwa et al [38]. Adding SRP as a TLS ciphersuite has benefits in that, once implemented, TLS-SRP allows multiple applications to use the same TLS implementation.…”

Section: Discussionmentioning

confidence: 99%

“…Oiwa et al [7,[36][37][38] published an Internet-Draft that employs an ISOstandardized PAKE protocol (KAM3 [26, Sect. 6.3], [32]) and binds it to the TLS channel using either the server's certificate or the TLS master secret key, but no formal justification is given for security of the combined construction.…”

Section: Running Pake At the Application Layermentioning

confidence: 99%

See 2 more Smart Citations

Secure modular password authentication for the web using channel bindings

Manulis

Stebila

Kiefer³

et al. 2016

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Secure protocols for password-based user authentication are well-studied in the cryptographic literature but have failed to see wide-spread adoption on the internet; most proposals to date require extensive modifications to the Transport Layer Security (TLS) protocol, making deployment challenging. Recently, a few modular designs have been proposed in which a cryptographically secure password-based mutual authentication protocol is run inside a confidential (but not necessarily authenticated) channel such as TLS; the password protocol is bound to the established channel to prevent active attacks. Such protocols are useful in practice for a variety of reasons: security no longer relies on users' ability to validate server certificates and can potentially be implemented with no modifications to the secure channel protocol library. We provide a systematic study of such authentication protocols. Building on recent advances in modeling TLS, we give a formal definition of the intended security goal, which we call password-authenticated and confidential channel establishment (PACCE). We show generically that combining a secure Queensland University of Technology, Brisbane, Australia channel protocol, such as TLS, with a password authentication or password-authenticated key exchange protocol, where the two protocols are bound together using the transcript of the secure channel's handshake, the server's certificate, or the server's domain name, results in a secure PACCE protocol. Our prototypes based on TLS are available as a cross-platform client-side Firefox browser extension as well as an Android application and a server-side web application that can easily be installed on servers.

show abstract

Section: Contributionssupporting

confidence: 65%

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Secure modular password authentication for the web using channel bindings

Manulis

Stebila

Kiefer³

et al. 2016

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…This document specifies algorithms for use with the Mutual authentication protocol for the Hypertext Transfer Protocol (HTTP) [RFC8120] (hereafter referred to as the "core specification"). The algorithms are based on augmented password-based authenticated key exchange (augmented PAKE) techniques.…”

Section: Introductionmentioning

confidence: 99%

“…Please note that from the point of view of literature related to cryptography, the original functionality of augmented PAKE is separated into the functions K_c1 and K_s1 as defined in this document, and the functions VK_c and VK_s, which are defined in Section 12.2 of [RFC8120] as "default functions". For the purpose of security analysis, please also refer to these functions.…”

Section: Introductionmentioning

confidence: 99%