English
Related papers

Related papers: Mitigating CSRF attacks on OAuth 2.0 and OpenID Co…

200 papers

Approximately 61% of cyber attacks involve adversaries in possession of valid credentials. Attackers acquire credentials through various means, including phishing, dark web data drops, password reuse, etc. Multi-factor authentication (MFA)…

Cryptography and Security · Computer Science 2024-08-31 Sam Hays , Michael Sandborn , Jules White

Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work…

Cryptography and Security · Computer Science 2025-10-16 Anuj Gautam , Tarun Yadav , Garrett Smith , Kent Seamons , Scott Ruoti

Static, long-lived credentials for workload authentication create untenable security risks that violate Zero-Trust principles. This paper presents a multi-cloud framework using Workload Identity Federation (WIF) and OpenID Connect (OIDC)…

Cryptography and Security · Computer Science 2025-10-21 Saurabh Deochake , Ryan Murphy , Jeremiah Gearheart

We present models for utilizing blockchain and smart contract technology with the widely used OAuth 2.0 open authorization framework to provide delegated authorization for constrained IoT devices. The models involve different tradeoffs in…

Cryptography and Security · Computer Science 2019-05-07 Vasilios A. Siris , Dimitrios Dimopoulos , Nikos Fotiou , Spyros Voulgaris , George C. Polyzos

Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy…

Cryptography and Security · Computer Science 2018-04-20 Jinguang Han , Liqun Chen , Steve Schneider , Helen Treharne , Stephan Wesemeyer

Due to the recent outbreak of COVID-19, many governments suspended outdoor activities and imposed social distancing policies to prevent the transmission of SARS-CoV-2. These measures have had severe impact on the economy and peoples' daily…

Cryptography and Security · Computer Science 2020-11-04 Bo-Rong Chen , Yih-Chun Hu

Automated certificate authorities (CAs) have expanded the reach of public key infrastructure on the web and for software signing. The certificates that these CAs issue attest to proof of control of some digital identity. Some of these…

Cryptography and Security · Computer Science 2023-07-18 Zachary Newman

Credential theft and remote attacks are the most serious threats to user authentication mechanisms. The crux of these problems is that we cannot control such behaviors. However, if a password does not contain user secrets, stealing it is…

Cryptography and Security · Computer Science 2024-06-03 Suyun Borjigin

Passwords are a fragile, inadequate, and insecure tool for authenticating users, and are especially fraught with problems when used to secure access to network resources and services. In many cases, passwords provide a false sense of…

Cryptography and Security · Computer Science 2012-09-06 Travis Z. Suel

Background. 3-D Secure 2.0 (3DS 2.0) is an identity federation protocol authenticating the payment initiator for credit card transactions on the Web. Aim. We aim to quantify the impact of factors used by 3DS 2.0 in its fraud-detection…

Cryptography and Security · Computer Science 2020-09-29 Mohammed Aamir Ali , Thomas Groß , Aad van Moorsel

Cross Site Scripting (XSS) Flaws are currently the most popular security problems in modern web applications. These Flaws make use of vulnerabilities in the code of web-applications, resulting in serious consequences, such as theft of…

Cryptography and Security · Computer Science 2010-04-13 K. Selvamani , A. Duraisamy , A. Kannan

With the development of e-commerce, ssl protocol is more and more widely applied to various network services. It is one of key technologies to keep user's data in secure transmission via internet. This document majorly focuses on "SSLStrip"…

Cryptography and Security · Computer Science 2012-09-18 Fenil Kavathia , Ajay Modi

Web3's decentralised infrastructure has upended the standardised approach to digital identity established by protocols like OpenID Connect. Web2 and Web3 currently operate in silos, with Web2 leveraging selective disclosure JSON web tokens…

Cryptography and Security · Computer Science 2025-01-24 Ben Biedermann , Matthew Scerri , Victoria Kozlova , Joshua Ellul

Internet of Things (IoT) have gained popularity in recent times. With an increase in the number of IoT devices, security and privacy vulnerabilities are also increasing. For sensitive domains like healthcare and industrial sectors, such…

Cryptography and Security · Computer Science 2023-12-27 Sai Sreekar Vankayalapati , Srijanee Mookherji , Vanga Odelu

We are living in an era when online communication over social network services (SNSs) have become an indispensable part of people's everyday lives. As a consequence, online social deception (OSD) in SNSs has emerged as a serious threat in…

Cryptography and Security · Computer Science 2020-12-24 Zhen Guo , Jin-Hee Cho , Ing-Ray Chen , Srijan Sengupta , Michin Hong , Tanushree Mitra

Although there have been many solutions applied, the safety challenges related to the password security mechanism are not reduced. The reason for this is that while the means and tools to support password attacks are becoming more and more…

Cryptography and Security · Computer Science 2019-12-05 Nguyen Hong Son , Ha Thanh Dung

Relay attacks are a major concern for RFID systems: during an authentication process an adversary transparently relays messages between a verifier and a remote legitimate prover. We present an authentication protocol suited for RFID…

Cryptography and Security · Computer Science 2008-09-25 Gildas Avoine , Aslan Tchamkerten

Attacks on Internet routing are typically viewed through the lens of availability and confidentiality, assuming an adversary that either discards traffic or performs eavesdropping. Yet, a strategic adversary can use routing attacks to…

Networking and Internet Architecture · Computer Science 2020-08-13 Yixin Sun , Maria Apostolaki , Henry Birge-Lee , Laurent Vanbever , Jennifer Rexford , Mung Chiang , Prateek Mittal

Today, Internet of Things (IoT) technology is being increasingly popular which is applied in a wide range of industry sectors such as healthcare, transportation and some critical infrastructures. With the widespread applications of IoT…

Cryptography and Security · Computer Science 2019-02-12 Jingwei Liu , Ailian Ren , Lihuan Zhang , Rong Sun , Xiaojiang Du , Mohsen Guizani

By expanding the connection of objects to the Internet and their entry to human life, the issue of security and privacy has become important. In order to enhance security and privacy on the Internet, many security protocols have been…

Cryptography and Security · Computer Science 2019-07-29 Masoumeh Safkhani , Nasour Bagheri