Related papers: A Novel Protocol Using Captive Portals for FIDO2 N…
The use of passwords and the need to protect passwords are not going away. The majority of websites that require authentication continue to support password authentication. Even high-security applications such as Internet Banking portals,…
This paper describes a new password-based mutual authentication protocol for Web systems which prevents various kinds of phishing attacks. This protocol provides a protection of user's passwords against any phishers even if dictionary…
Authentication systems have evolved a lot since the 1960s when Fernando Corbato first proposed the password-based authentication. In 2013, the FIDO Alliance proposed using secure hardware for authentication, thus marking a milestone in the…
Passkeys -- discoverable WebAuthn credentials synchronised across devices are widely promoted as the future of passwordless authentication. Built on the FIDO2 standard, they eliminate shared secrets and resist phishing while offering…
Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work…
Continuous Authentication (CA) has been proposed as a potential solution to counter complex cybersecurity attacks that exploit conventional static authentication mechanisms that authenticate users only at an ingress point. However, widely…
The notion of an ad hoc network is a new paradigm that allows mobile hosts (nodes) to communicate without relying on a predefined infrastructure to keep the network connected. Most nodes are assumed to be mobile and communication is assumed…
Some protected password change protocols were proposed. However, the previous protocols were easily vulnerable to several attacks such as denial of service, password guessing, stolen-verifier and impersonation atacks etc. Recently, Chang et…
BrowserID is a complex, real-world Single Sign-On (SSO) System for web applications recently developed by Mozilla. It employs new HTML5 features (such as web messaging and web storage) and cryptographic assertions to provide decentralized…
The advent of end-to-end encrypted (E2EE) messaging and backup services has brought new challenges for usable authentication. Compared to regular web services, the nature of E2EE implies that the provider cannot recover data for users who…
Previous Web access authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. This paper proposes a new protocol using multifactor authentication system that is…
Passwordless authentication was first tested for seamless and secure merchant payments without the use of passwords or pins. It opened a whole new world of authentications giving up the former reliance on traditional passwords. It relied on…
Network & internet security is the burning question of today's world and they are deeply related to each other for secure successful data transmission. Network security approach is totally based on the concept of network security services.…
We propose a new platform for implementing secure wireless ad hoc networks. Our proposal is based on a modular architecture, with the software stack constructed directly on the Ethernet layer. Within our platform we use a new security…
Social authentication has been suggested as a usable authentication ceremony to replace manual key authentication in messaging applications. Using social authentication, chat partners authenticate their peers using digital identities…
Password security has been compelled to evolve in response to the growing computational capabilities of modern systems. However, this evolution has often resulted in increasingly complex security practices that alienate users, leading to…
Forced by regulations and industry demand, banks worldwide are working to open their customers' online banking accounts to third-party services via web-based APIs. By using these so-called Open Banking APIs, third-party companies, such as…
We present True2F, a system for second-factor authentication that provides the benefits of conventional authentication tokens in the face of phishing and software compromise, while also providing strong protection against token faults and…
With passkeys, the FIDO Alliance introduces the ability to sync FIDO2 credentials across a user's devices through passkey providers. This aims to mitigate user concerns about losing their devices and promotes the shift toward password-less…
Current authentication methods on the Web have serious weaknesses. First, services heavily rely on the traditional password paradigm, which diminishes the end-users' security and usability. Second, the lack of attribute-based authentication…