Dos and Don'ts of Client Authentication on the Web

{LANG_NAVORIGIN} Authentication
By: Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster, 02/26/2005

8 Conclusion

To provide designers and implementers with a clear framework, we have given a description of the limitations, requirements, and security models specific to Web client authentication. We presented a set of hints on how to design a secure client authentication scheme, based on experience gained from our informal survey of commercial schemes. The survey showed that many sites are not secure against the interrogative adversary. We proposed an authentication scheme secure against the interrogative adversary.

Web sites have such a large range of requirements that no one authentication scheme can meet them all. Currently SSL remains too costly and client authentication infrastructures remain hardly deployed. This partially explains why so many home-brew schemes exist. The Web community ought to recommend a secure standard or secure practices if there is any hope to eliminate the proliferation of insecure home-brew authentication schemes. We hope that this paper will help schemes in resisting common attacks.

For more information and our source code, download our technical report [18] or visit our Web site at http://cookies.lcs.mit.edu/.

9 Acknowledgments

We thank David Andersen, Ian Anderson, Jeffrey W. Baker, Richard Barbalace, Andrew M. Boardman, Benjie Chen, David Dittrich, Paul Hill, Frans Kaashoek, David Mazières, Robert T. Morris, Steve Morris, Joon Park, Matt Power, Ron Rivest, Jerry Saltzer, Richard Smith, Win Treese, the anonymous reviewers, and the members of the PDOS group at MIT. We also thank the companies who talked with us about the security of their Web sites: FatBrain.com, WSJ.com, and yahoo.com. The students of the MIT Applied Security Reading Group (http://pdos.lcs.mit.edu/asrg/) deserve credit for the genesis of this project. Finally, we thank Duncan Hines for manufacturing the materials necessary to sustain our efforts.

References

Martín Abadi and Roger Needham.
Prudent engineering practice for cryptographic protocols.
Technical Report 125, DEC Systems Research Center, June 1994.
Allaire Corporation.
Personal Communication, January 2001.
Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway.
Relations among notions of security for public-key encryption schemes.
In Hugo Krawczyk, editor, Proceedings of Advances in Cryptology--CRYPTO 98, volume 1462 of Lecture Notes in Computer Science, pages 26-45, Santa Barbara, CA, 1998. Springer-Verlag.
Mihir Bellare and Phillip Rogaway.
The AuthA protocol for password-based authenticated key exchange.
Technical report, IEEE P1363, March 2000.
http://grouper.ieee.org/groups/1363/StudyGroup/Passwd.html#autha.
Steven M. Bellovin and Michael Merritt.
Encrypted key exchange: Password-based protocols secure against dictionary attacks.
In Proceedings of the 1992 IEEE Symposium on Security and Privacy, pages 72-84, Oakland, CA, May 1992.
F. Bergadano, B. Crispo, and M. Eccettuato.
Secure WWW transactions using standard HTTP and Java applets.
In Proceedings of the 3rd USENIX Workshop on Electronic Commerce, pages 109-119, Boston, MA, September 1998.
Victor Boyko, Philip MacKenzie, and Sarvar Patel.
Provably secure password authenticated key exchange using Diffie-Hellman.
In B. Preneel, editor, Proceedings of Advances in Cryptology--EUROCRYPT 2000, volume 1807 of Lecture Notes in Computer Science, Bruges, Belgium, May 2000. Springer-Verlag.
CCITT.
Recommendation X.509: The directory authentication framework, 1998.
CERT.
Malicious HTML tags embedded in client Web requests.
CA-2000-02, February 2000.
http://www.cert.org/advisories/CA-2000-02.html.
Dominique de Waleffe and Jean-Jaques Quisquater.
Better login protocols for computer networks.
In B. Preneel, R. Govaerts, and J. Vandewalle, editors, Proceedings of Computer Security and Industrial Cryptography, volume 741 of Lecture Notes in Computer Science, pages 50-70. Springer-Verlag, 1993.
Tim Dierks and Christopher Allen.
The TLS protocol version 1.0.
RFC 2246, Network Working Group, January 1999.
Danny Dolev, Cynthia Dwork, and Moni Naor.
Non-malleable cryptography.
In Proceedings of the 23rd ACM Symposium on Theory of Computing, pages 542-552, New Orleans, LA, 1991.
Carl Ellison and Bruce Schneier.
Ten risks of PKI: What you're not being told about public key infrastructure.
Computer Security Journal, 16(1):1-7, 2000.
Roy Fielding, James Gettys, Jeffrey Mogul, Henrik Frystyk, Larry Masinter, Paul Leach, and Tim Berners-Lee.
Hypertext Transfer Protocol -- HTTP/1.1.
RFC 2616, Network Working Group, June 1999.
FIPS 180-1.
Secure Hash Standard.
U.S. Department of Commerce/N.I.S.T., National Technical Information Service, Springfield, VA, April 1995.
John Franks, Phillip Hallam-Baker, Jeffrey Hostetler, Scott Lawrence, Paul Leach, Ari Luotonen, and Lawrence Stewart.
HTTP authentication: Basic and digest access authentication.
RFC 2617, Network Working Group, June 1999.
Kevin Fu, M. Frans Kaashoek, and David Mazières.
Fast and secure distributed read-only file system.
In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2000), pages 181-196, San Diego, CA, October 2000.
Kevin Fu, Emil Sit, Kendra Smith, and Nick Feamster.
Dos and don'ts of client authentication on the Web.
Technical Report 818, MIT Laboratory for Computer Science, May 2001.
http://www.lcs.mit.edu/.
Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest.
A digital signature scheme secure against adaptive chosen-message attacks.
SIAM Journal of Computing, 17(2):281-308, April 1988.
Neil Haller.
The S/KEY one-time password system.
In Proceedings of the ISOC Symposium on Network and Distributed System Security, pages 151-157, San Diego, CA, February 1994.
Neil Haller.
The S/KEY one-time password system.
RFC 1760, Network Working Group, February 1995.
IEEE P1363a: Standard specifications for public key cryptography: Additional techniques.
http://www.manta.ieee.org/groups/1363/P1363a.
John T. Kohl.
The use of encryption in Kerberos for network authentication.
In G. Brassard, editor, Proceedings of Advances in Cryptology--CRYPTO 89, volume 435 of Lecture Notes in Computer Science, pages 35-43. Springer-Verlag, 1990.
Hugo Krawczyk, Mihir Bellare, and Ran Canetti.
HMAC: Keyed-hashing for message authentication.
RFC 2104, Network Working Group, February 1997.
David Kristol and Lou Montulli.
HTTP State Management Mechanism.
RFC 2965, Network Working Group, October 2000.
Leslie Lamport.
Password authentication with insecure communication.
Communications of the ACM, 24(11):770-771, November 1981.
Butler Lampson.
Hints for computer system design.
In Proceedings of the 9th ACM Symposium on Operating Systems Principles, pages 33-48, Bretton Woods, NH, 1983.
Arjen Lenstra and Eric Verheul.
Selecting cryptographic key sizes.
http://www.cryptosavvy.com/cryptosizes.pdf, November 1999.
Thomas Levergood, Lawrence Stewart, Stephen Morris, Andrew Payne, and Winfield Treese.
Internet server access control and monitoring systems.
U.S. patent #5,708,780, Open Market, January 1998.
Richard Li and Archit Shah.
ArsDigita Community System (ACS) security design.
http://developer.arsdigita.com/doc/security-design.html.
Alfred J. Menezes, Paul C. Van Oorschot, and Scott A. Vanstone.
Handbook of applied cryptography.
The CRC Press series on discrete mathematics and its applications. CRC Press, 1997.
Keith Moore and Ned Freed.
Use of HTTP State Management.
RFC 2964, Network Working Group, October 2000.
Robert Morris and Ken Thompson.
Password security: A case history.
Communications of the ACM, 22(11):584-597, November 1979.
B. Clifford Neuman and Theodore Ts'o.
Kerberos: An authentication service for computer networks.
IEEE Communications Magazine, 32(9):33-38, September 1994.
Joon S. Park and Ravi Sandhu.
Secure cookies on the Web.
IEEE Internet Computing, 4(4):36-44, July/August 2000.
Microsoft passport.
http://www.passport.com/.
Eric Rescorla.
SSL and TLS: Designing and Building Secure Systems.
Addison-Wesley, 2000.
Vipin Samar.
Single sign-on using cookies for Web applications.
In Proceedings of the 8th IEEE Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pages 158-163, Palo Alto, CA, 1999.
The Shibboleth Project.
http://middleware.internet2.edu/shibboleth/.
Dug Song.
dsniff.
http://www.monkey.org/~dugsong/dsniff/.
Jennifer Steiner, Clifford Neuman, and Jeffrey Schiller.
Kerberos: An authentication service for open network systems.
In Proceedings of the Winter 1988 USENIX, pages 191-202, Dallas, TX, February 1988.
Paul Syverson, Stuart Stubblebine, and David Goldschlag.
Unlinkable serial transactions.
In R. Hirschfeld, editor, Proceedings of Financial Cryptography, volume 1318 of Lecture Notes in Computer Science, Anguilla, BWI, 1997. Springer-Verlag.
Andrew Tanenbaum, Sape Mullender, and Robbert van Renesse.
Using sparse capabilities in a distributed system.
In Proceedings of the 6th International Conference on Distributed Computing, pages 558-563, Cambridge, MA, 1986.
David Wagner and Ian Goldberg.
Proofs of security for the Unix password hashing algorithm.
In T. Okamoto, editor, Proceedings of Advances in Cryptology--ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, Kyoto, Japan, December 2000. Springer-Verlag.
Thomas Wu.
The secure remote password protocol.
In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pages 97-111, San Diego, CA, March 1998.

Footnotes

This research was supported by a USENIX scholars fellowship.

Continued 1 2 3 4 5

E-Mail Link

Your IP address will be sent with this e-mail