Web Authentication
The following is a list of publications made in this project.
- On the Effective Prevention of TLS Man-In-The-Middle Attacks in Web Applications
- Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound
- Verena: End-to-End Integrity Protection for Web Applications
On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications
In this paper we consider TLS Man-In-The-Middle (MITM) attacks in the context of web applications, where the attacker is able to successfully impersonate the legitimate server to the user, with the goal of impersonating the user to the server and thus compromising the user's online account and data. We describe in detail why the recently proposed client authentication protocols based on TLS Channel IDs, as well as client web authentication in general, cannot fully prevent such attacks.
Nevertheless, we show that strong client authentication, such as Channel ID-based authentication, can be combined with the concept of server invariance, a weaker and easier to achieve property than server authentication, in order to protect against the considered attacks. We specifically leverage Channel ID-based authentication in combination with server invariance to create a novel mechanism that we call SISCA: Server Invariance with Strong Client Authentication. SISCA resists user impersonation via TLS MITM attacks, regardless of how the attacker is able to successfully achieve server impersonation. We analyze our proposal and show how it can be integrated in today's web infrastructure.
Related publications:
Nikolaos Karapanos and Srdjan Capkun
On the Effective Prevention of TLS Man-In-The-Middle Attacks in Web Applications
23rd USENIX Security Symposium, 2014 [DownloadPDF (PDF, 849 KB)vertical_align_bottom | Downloadbibtex (BIB, 485 Bytes)vertical_align_bottom | external pagevideocall_made]
Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound
Two-factor authentication protects online accounts even if passwords are leaked. Most users, however, still prefer password-only authentication. One of the reasons behind two-factor authentication being unpopular is the extra steps that the user must complete in order to log in. Current two-factor authentication mechanisms require the user to interact with his phone, and e.g., copy a verification code to the browser.
In this paper we propose Sound-Proof, a two-factor authentication mechanism that does not require interaction between the user and his phone. In Sound-Proof the second authentication factor is the proximity of the user's phone to the device being used to log in. The proximity of the two devices is verified by comparing the ambient noise recorded by their microphones. Audio recording and comparison are transparent to the user. Sound-Proof can be easily deployed as it works with major browsers without plugins. We build a prototype for both Android and iOS. We provide empirical evidence that ambient noise is a robust discriminant to determine the proximity of two devices both indoors and outdoors, and even if the phone is in a pocket or purse. We further conduct a user study designed to compare the perceived usability of Sound-Proof with Google 2-Step Verification. Participants ranked Sound-Proof as more usable and the majority would be willing to use Sound-Proof even for scenarios in which two-factor authentication is optional.
Related publications:
Nikolaos Karapanos, Claudio Marforio, Claudio Soriente and Srdjan Capkun
Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound
24rd USENIX Security Symposium, 2015 [DownloadPDF (PDF, 1.7 MB)vertical_align_bottom | Downloadbibtex (BIB, 517 Bytes)vertical_align_bottom | external pagevideocall_made | external pagedemo videocall_made | external pageproject websitecall_made]
arXiv:1503.03790, 2015 [external pagePDFcall_made]
Verena: End-to-End Integrity Protection for Web Applications
Web applications rely on web servers to protect the integrity of sensitive information. However, an attacker gaining access to the web server can tamper with the data and query computation results, and thus serve corrupted web pages to the user. Violating the integrity of the web page can have serious consequences, affecting application functionality and decision-making processes. Worse yet, data integrity violations may affect physical safety, as in the case of medical web applications which enable doctors to assign treatment to patients based on diagnostic information stored at the web server. One such example are implanted cardiac devices which report their measurements to web servers, allowing them to be accessed by medical professionals.
This paper presents Verena, a web application platform that provides end-to-end integrity guarantees against attackers that have full access to the web and database servers. In Verena, a client's browser can verify the integrity of a web page, by verifying both the data from the database and results of queries on the data. Verena provides strong integrity properties such as freshness, completeness, and correctness for both data and a common set of database queries, by relying on a very small trusted computing base. In a setting where there can be many users with different write permissions, Verena allows a developer to specify an integrity policy for data and query results based on our notion of trust contexts, and enforces this policy efficiently.
We implemented Verena on top of the Meteor framework. Our results show that Verena can support real applications with modest overhead.
Related publications:
Nikolaos Karapanos, Alexandros Filios, Raluca Ada Popa and Srdjan Capkun
Verena: End-to-End Integrity Protection for Web Applications
37th IEEE Symposium on Security and Privacy (S&P), 2016 [DownloadPDF (PDF, 526 KB)vertical_align_bottom | Downloadbibtex (BIB, 330 Bytes)vertical_align_bottom | external pagevideocall_made]