Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy

  • Sebastian Gajek
  • Mark Manulis
  • Jörg Schwenk
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5107)


The standard solution for mutual authentication between human users and servers on the Internet is to execute a TLS handshake during which the server authenticates using a X.509 certificate followed by the authentication of the user either with own password or with some cookie stored within the user’s browser. Unfortunately, this solution is susceptible to various impersonation attacks such as phishing as it turned out that average Internet users are unable to authenticate servers based on their certificates.

In this paper we address security of cookie-based authentication using the concept of strong locked same origin policy for browsers introduced at ACM CCS’07. We describe a cookie-based authentication protocol between human users and TLS-servers and prove its security in the extended formal model for browser-based mutual authentication introduced at ACM ASIACCS’08. It turns out that the small modification of the browser’s security policy is sufficient to achieve provably secure cookie-based authentication protocols considering the ability of users to recognize images, video, or audio sequences.


Mutual Authentication Message Authentication Code Random Oracle Model Transport Layer Security Security Association 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Allen, C., Dierks, T.: The TLS Protocol — Version 1.1. Internet proposed standard RFC 4346 (2006)Google Scholar
  2. 2.
    Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM CCS 1993, pp. 62–73. ACM Press, New York (1993)CrossRefGoogle Scholar
  5. 5.
    Chiasson, S., van Oorschot, P.C., Biddle, R.: Graphical Password Authentication Using Cued Click Points. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 359–374. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Dhamija, R., Tygar, J.D.: The Battle against Phishing: Dynamic Security Skins. In: SOUPS 2005, pp. 77–88. ACM Press, New York (2005)CrossRefGoogle Scholar
  7. 7.
    Dhamija, R., Tygar, J.D., Hearst, M.A.: Why Phishing Works? In: CHI 2006, pp. 581–590. ACM Press, New York (2006)CrossRefGoogle Scholar
  8. 8.
    Fouque, P.-A., Pointcheval, D., Zimmer, S.: HMAC is a Randomness Extractor and Applications to TLS. In: ACM ASIACCS 2008, pp. 21–32. ACM Press, New York (2008)CrossRefGoogle Scholar
  9. 9.
    Freier, A.O., Kariton, P., Kocher, P.C.: The SSL Protocol: Version 3.0. Internet draft, Netscape Communications (1996)Google Scholar
  10. 10.
    Gajek, S., Schwenk, S.: Revising the Mature Browser Security Model. Technical Report, HGI TR-2008-004 (2008)Google Scholar
  11. 11.
    Gajek, S., Manulis, M., Sadeghi, A.-R., Schwenk, J.: Provably Secure Browser-Based User-Aware Mutual Authentication over TLS. In: ACM ASIACCS 2008, pp. 300–311. ACM Press, New York (2008)CrossRefGoogle Scholar
  12. 12.
    Groß, T.: Security Analysis of the SAML Single Sign-on Browser/Artifact Profile. In: ACSAC 2003, pp. 298–307. IEEE CS, Los Alamitos (2003)Google Scholar
  13. 13.
    Groß, T., Pfitzmann, B., Sadeghi, A.-R.: Browser Model for Security Analysis of Browser-Based Protocols. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 489–508. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Groß, T., Pfitzmann, B., Sadeghi, A.-R.: Proving a WS-Federation Passive Requestor Profile with a Browser Model. In: SWS 2005, pp. 54–64. ACM Press, New York (2005)Google Scholar
  15. 15.
    Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting Browsers from DNS Rebinding Attacks. In: CCS 2007, pp. 421–431. ACM Press, New York (2007)CrossRefGoogle Scholar
  16. 16.
    Jackson, C., Simon, D.R., Tan, D.S., Barth, A.: An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks. In: FC 2007/USEC 2007. LNCS, vol. 4886, pp. 281–293. Springer, Heidelberg (2008)Google Scholar
  17. 17.
    Jakobsson, M., Myers, S.: Delayed Password Disclosure. IJACT 1(1), 47–59 (2008)CrossRefGoogle Scholar
  18. 18.
    Jonsson, J., Kaliski, B.S.: On the Security of RSA Encryption in TLS. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 127–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic Pharming Attacks and Locked Same-Origin Policies for Web Browsers. In: ACM CCS 2007, pp. 58–71. ACM Press, New York (2007)CrossRefGoogle Scholar
  20. 20.
    Kormann, D., Rubin, A.: Risks of the Passport Single SignOn Protocol. Computer Networks 33(1–6), 51–58 (2000)CrossRefGoogle Scholar
  21. 21.
    Microsoft Corporation. Mitigating Cross-Site Scripting with HTTP-only Cookies (2008),
  22. 22.
    Krawczyk, H.: The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Mason, C., Baek, K.-H., Smith, S.: WSKE: Web Server Key Enabled Cookies. In: FC 2007/USEC 2007, pp. 294–306. Springer, Heidelberg (2008)Google Scholar
  24. 24.
    Mitchell, J.C., Shmatikov, V., Stern, U.: Finite-State Analysis of SSL 3.0. In: USENIX Security Symp., pp. 201–216 (1998)Google Scholar
  25. 25.
    Paulson, L.C.: Inductive Analysis of the Internet protocol TLS. ACM Trans. on Comp. and Syst. Sec. (3), 332–351 (1999)CrossRefGoogle Scholar
  26. 26.
    Pfitzmann, B., Waidner, M.: A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission. In: IEEE S&P 2001, pp. 184–200. IEEE Computer Society Press, Los Alamitos (2001)CrossRefGoogle Scholar
  27. 27.
    Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The Emperor’s New Security Indicators. In: IEEE S&P 2007, pp. 51–65. IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  28. 28.
    Schneier, B., Wagner, D.: Analysis of the SSL 3.0 protocol. In: USENIX Workshop on Electronic Commerce (1996)Google Scholar
  29. 29.
    Shoup, V.: OAEP Reconsidered. Journal of Cryptology 15(4), 223–249 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  30. 30.
    Soghoian, C., Jakobsson, M.: A Deceit-Augmented Ma. In: The Middle Attack Against Bank of America’s SiteKey Service (2007),
  31. 31.
    Suo, X., Zhu, Y., Owen, G.S.: Graphical Passwords: A Survey. In: Ann. Comp. Sec. Applic. Conf. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  32. 32.
    W3C. Document Object Model (DOM) (2005),

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Sebastian Gajek
    • 1
  • Mark Manulis
    • 2
  • Jörg Schwenk
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityGermany
  2. 2.UCL Crypto GroupBelgium

Personalised recommendations