Related papers: Mitigating CSRF attacks on OAuth 2.0 and OpenID Co…
Approximately 61% of cyber attacks involve adversaries in possession of valid credentials. Attackers acquire credentials through various means, including phishing, dark web data drops, password reuse, etc. Multi-factor authentication (MFA)…
Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work…
Static, long-lived credentials for workload authentication create untenable security risks that violate Zero-Trust principles. This paper presents a multi-cloud framework using Workload Identity Federation (WIF) and OpenID Connect (OIDC)…
We present models for utilizing blockchain and smart contract technology with the widely used OAuth 2.0 open authorization framework to provide delegated authorization for constrained IoT devices. The models involve different tradeoffs in…
Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy…
Due to the recent outbreak of COVID-19, many governments suspended outdoor activities and imposed social distancing policies to prevent the transmission of SARS-CoV-2. These measures have had severe impact on the economy and peoples' daily…
Automated certificate authorities (CAs) have expanded the reach of public key infrastructure on the web and for software signing. The certificates that these CAs issue attest to proof of control of some digital identity. Some of these…
Credential theft and remote attacks are the most serious threats to user authentication mechanisms. The crux of these problems is that we cannot control such behaviors. However, if a password does not contain user secrets, stealing it is…
Passwords are a fragile, inadequate, and insecure tool for authenticating users, and are especially fraught with problems when used to secure access to network resources and services. In many cases, passwords provide a false sense of…
Background. 3-D Secure 2.0 (3DS 2.0) is an identity federation protocol authenticating the payment initiator for credit card transactions on the Web. Aim. We aim to quantify the impact of factors used by 3DS 2.0 in its fraud-detection…
Cross Site Scripting (XSS) Flaws are currently the most popular security problems in modern web applications. These Flaws make use of vulnerabilities in the code of web-applications, resulting in serious consequences, such as theft of…
With the development of e-commerce, ssl protocol is more and more widely applied to various network services. It is one of key technologies to keep user's data in secure transmission via internet. This document majorly focuses on "SSLStrip"…
Web3's decentralised infrastructure has upended the standardised approach to digital identity established by protocols like OpenID Connect. Web2 and Web3 currently operate in silos, with Web2 leveraging selective disclosure JSON web tokens…
Internet of Things (IoT) have gained popularity in recent times. With an increase in the number of IoT devices, security and privacy vulnerabilities are also increasing. For sensitive domains like healthcare and industrial sectors, such…
We are living in an era when online communication over social network services (SNSs) have become an indispensable part of people's everyday lives. As a consequence, online social deception (OSD) in SNSs has emerged as a serious threat in…
Although there have been many solutions applied, the safety challenges related to the password security mechanism are not reduced. The reason for this is that while the means and tools to support password attacks are becoming more and more…
Relay attacks are a major concern for RFID systems: during an authentication process an adversary transparently relays messages between a verifier and a remote legitimate prover. We present an authentication protocol suited for RFID…
Attacks on Internet routing are typically viewed through the lens of availability and confidentiality, assuming an adversary that either discards traffic or performs eavesdropping. Yet, a strategic adversary can use routing attacks to…
Today, Internet of Things (IoT) technology is being increasingly popular which is applied in a wide range of industry sectors such as healthcare, transportation and some critical infrastructures. With the widespread applications of IoT…
By expanding the connection of objects to the Internet and their entry to human life, the issue of security and privacy has become important. In order to enhance security and privacy on the Internet, many security protocols have been…