Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web
Date: August 2012
Publication: Proceedings of the 21st USENIX Security Symposium
Source 1: http://homes.cs.washington.edu/~aczeskis/research/pubs/tls-obc.pdf
Source 2: https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final162.pdf
Source 3: http://www.cs.rice.edu/~mtd3/RC2.pdf
Abstract or Summary:
Client authentication on the web has remained in the internet-equivalent of the stone ages for the last two decades. Instead of adopting modern public-key-based
authentication mechanisms, we seem to be stuck with passwords and cookies.
In this paper, we propose to break this stalemate by presenting a fresh approach to public-key-based client authentication on the web. We describe a simple TLS extension that allows clients to establish strong authenticated channels with servers and to bind existing authentication tokens such as HTTP cookies to such channels. This allows much of the existing infrastructure of the web to remain unchanged, while at the same time strengthening client authentication considerably against a wide range of attacks.
Our system is currently being implemented by major browser vendors and a major website, and we provide an evaluation of this implementation.
PasswordResearch.com Note: Presentation video & audio: https://www.usenix.org/conference/usenixsecurity12/origin-bound-certificates-fresh-approach-strong-client-authentication
Do you have additional information to contribute regarding this research paper? If so, please email email@example.com with the details.