English
Related papers

Related papers: Mitigating CSRF attacks on OAuth 2.0 and OpenID Co…

200 papers

OAuth 2.0 is the industry-standard protocol for authorization. It facilitates secure service provisioning, as well as secure interoperability among diverse stakeholders. All OAuth 2.0 protocol flows result in the creation of an access…

Cryptography and Security · Computer Science 2020-01-29 Nikos Fotiou , Iakovos Pittaras , Vasilios A. Siris , Spyros Voulgaris , George C. Polyzos

This paper presents a timing attack on the FIDO2 (Fast IDentity Online) authentication protocol that allows attackers to link user accounts stored in vulnerable authenticators, a serious privacy concern. FIDO2 is a new standard specified by…

Cryptography and Security · Computer Science 2022-05-18 Michal Kepkowski , Lucjan Hanzlik , Ian Wood , Mohamed Ali Kaafar

Single sign-on (SSO) systems, such as OpenID and OAuth, allow web sites, so-called relying parties (RPs), to delegate user authentication to identity providers (IdPs), such as Facebook or Google. These systems are very popular, as they…

Cryptography and Security · Computer Science 2015-08-10 Daniel Fett , Ralf Kuesters , Guido Schmitz

OpenID Connect (OIDC) is a widely used authentication standard for the Web. In this work, we define a new Identity Certification Token (ICT) for OIDC. An ICT can be thought of as a JSON-based, short-lived user certificate for end-to-end…

Cryptography and Security · Computer Science 2024-06-13 Jonas Primbs , Michael Menth

Considering computer systems, security is the major concern with usability. Security policies need to be developed to protect information from unauthorized access. Passwords and secrete codes used between users and information systems for…

Cryptography and Security · Computer Science 2014-02-27 Sharayu A. Aghav , RajneeshKaur Bedi

The majority of current web authentication is built on username/password. Unfortunately, password replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication…

Cryptography and Security · Computer Science 2014-12-10 Yassine Sadqi , Ahmed Asimi , Younes Asimi

Self-Sovereign Identity (SSI), as a new and promising identity management paradigm, needs mechanisms that can ease a gradual transition of existing services and developers towards it. Systems that bridge the gap between SSI and established…

Cryptography and Security · Computer Science 2024-01-19 Felix Hoops , Florian Matthes

It is known that the exchange of information between web applications is done by means of the SOAP protocol. Securing this protocol is obviously a vital issue for any computer network. However, when it comes to cloud computing systems, the…

Cryptography and Security · Computer Science 2018-01-31 Hadi Razzaghi Kouchaksaraei , Alexander G. Chefranov

We propose a capability-based access control technique for sharing Web resources, based on Verifiable Credentials (VCs) and OAuth 2.0. VCs are a secure means for expressing claims about a subject. Although VCs are ideal for encoding…

Cryptography and Security · Computer Science 2021-04-30 Nikos Fotiou , Vasilios A. Siris , George C. Polyzos

Today, two-factor authentication (2FA) is a widely implemented mechanism to counter phishing attacks. Although much effort has been investigated in 2FA, most 2FA systems are still vulnerable to carefully designed phishing attacks, and some…

Cryptography and Security · Computer Science 2021-09-02 Yuanyi Sun , Sencun Zhu , Yao Zhao , Pengfei Sun

Most OAuth service providers, such as Google and Microsoft, offer only a limited range of coarse-grained data access. As a result, third-party OAuth applications often end up accessing more user data than necessary, even if their developers…

Cryptography and Security · Computer Science 2026-03-12 Qiyu Li , Yuhe Tian , Haojian Jin

Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is…

Cryptography and Security · Computer Science 2014-12-05 Christian Mainka , Vladislav Mladenov , Jörg Schwenk

User profiling is a critical component of adaptive risk-based authentication, yet it raises significant privacy concerns, particularly when handling sensitive data. Profiling involves collecting and aggregating various user features,…

Cryptography and Security · Computer Science 2025-08-05 Yaser Baseri , Abdelhakim Senhaji Hafid , Dimitrios Makrakis

In identity misbinding attacks against authenticated key-exchange protocols, a legitimate but compromised participant manipulates the honest parties so that the victim becomes unknowingly associated with a third party. These attacks are…

Cryptography and Security · Computer Science 2019-06-03 Mohit Sethi , Aleksi Peltonen , Tuomas Aura

This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in…

Cryptography and Security · Computer Science 2014-05-01 Wei Xie , Chen Zhang , Quan Zhang , Chaojing Tang

We present True2F, a system for second-factor authentication that provides the benefits of conventional authentication tokens in the face of phishing and software compromise, while also providing strong protection against token faults and…

Cryptography and Security · Computer Science 2019-08-13 Emma Dauterman , Henry Corrigan-Gibbs , David Mazières , Dan Boneh , Dominic Rizzo

Security situational awareness refers to identifying, mitigating, and preventing digital cyber threats by gathering information to understand the current situation. With awareness, the basis for decisions is present, particularly in complex…

Cryptography and Security · Computer Science 2025-03-07 Daniela Pöhn , Heiner Lüken

To protect users from data breaches and phishing attacks, service providers typically implement two-factor authentication (2FA) to add an extra layer of security against suspicious login attempts. However, since 2FA can sometimes hinder…

Cryptography and Security · Computer Science 2024-11-19 Zhi Wang , Xin Yang , Du Chen , Han Gao , Meiqi Tian , Yan Jia , Wanpeng Li

The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for…

Cryptography and Security · Computer Science 2021-01-22 Vassilis Papaspirou , Leandros Maglaras , Mohamed Amine Ferrag , Ioanna Kantzavelou , Helge Janicke , Christos Douligeris

This study investigates the effectiveness of multifactor authentication (MFA) in protecting commercial accounts from unauthorized access, with an additional focus on accounts with known credential leaks. We employ the benchmark-multiplier…

Cryptography and Security · Computer Science 2023-05-02 Lucas Augusto Meyer , Sergio Romero , Gabriele Bertoli , Tom Burt , Alex Weinert , Juan Lavista Ferres