Skip to main content
SpringerLink
Log in

A Universally Composable Framework for the Analysis of Browser-Based Security Protocols

  • Conference paper
Provable Security (ProvSec 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5324))

Included in the following conference series:

Abstract

Browser-based security protocols perform cryptographic tasks within the constraints of commodity browsers. They are the bearer protocols for many security critical applications on the Internet. Roughly speaking, they are the offspring of key exchange and secure sessions protocols. Although browser-based protocols are widely deployed, their security has not been formally proved. We provide a security model for the analysis of browser-based protocols based on the Universal Composability framework.

Please contact the author for the full version.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barak, B., Lindell, Y., Rabin, T.: Protocol initialization for the framework of universal composability. Cryptology ePrint Archive, Report 2004/006 (2004), http://eprint.iacr.org/

  2. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  3. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS, pp. 136–145. IEEE Computer Society, Los Alamitos (2001)

    Google Scholar 

  4. Canetti, R., Cheung, L., Kaynar, D., Liskov, M., Lynch, N., Pereira, O., Segala, R.: Analyzing Security Protocols Using Time-Bounded Task-PIOAs. Discrete Event Dynamic Systems 18(1), 111–159 (2008)

    Article  MATH  Google Scholar 

  5. Canetti, R., Halevi, S., Steiner, M.: Mitigating dictionary attacks on password-protected local storage. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 160–179. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Dhamija, R., Tygar, J.D., Hearst, M.A.: Why phishing works. In: CHI, pp. 581–590. ACM, New York (2006)

    Google Scholar 

  8. Dolev, D., Yao, A.C.-C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  9. Ellison, C.: Ceremony design and analysis. Cryptology ePrint Archive, Report 2007/399 (2007)

    Google Scholar 

  10. Gajek, S., Manulis, M., Sadeghi, A.-R., Schwenk, J.: Provably secure browser-based user-aware mutual authentication over TLS. In: ASIACCS, pp. 300–311. ACM Press, New York (2008)

    Chapter  Google Scholar 

  11. Gross, T., Pfitzmann, B.: SAML artifact information flow revisited. In: IEEE Workshop on Web Services Security, Berkeley, USA (May 2006); Appeared also as IBM Research Report RZ 3643 (#99653) 01/03/06, IBM Research Division, Zurich (January 2006)

    Google Scholar 

  12. Groß, T., Pfitzmann, B., Sadeghi, A.-R.: Browser model for security analysis of browser-based protocols. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 489–508. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. Herzberg, A.: Why Johnny can’t surf, safely? (Work in Progress) (2007)

    Google Scholar 

  14. Herzberg, A., Yoffe, I.: Layered specifications, design and analysis of security protocols. Cryptology ePrint Archive, Report 2006/398 (2006)

    Google Scholar 

  15. Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting browsers from dns rebinding attacks. In: CCS 2007, pp. 421–431. ACM, New York (2007)

    Google Scholar 

  16. Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: CCS 2007, pp. 58–71. ACM, New York (2007)

    Google Scholar 

  17. Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, pp. 184–200 (2001)

    Google Scholar 

  18. Pfitzmann, B., Waidner, M.: Analysis of liberty single-sign-on with enabled clients. IEEE Internet Computing 7(6), 38–44 (2003)

    Article  Google Scholar 

  19. Sebastian Gajek, M.M., Pereira, O.: Universally composable security analysis of tls—secure sessions with handshake and record layer protocols. Cryptology ePrint Archive, Report 2008/251 (2008), http://eprint.iacr.org/

  20. Shoup, V.: On formal models for secure key exchange (version 4). Technical report, IBM Research Report RZ 3120, November 15 (1999)

    Google Scholar 

  21. Soghoian, C., Jakobsson, M.: A deceit-augmented man in the middle attack against bank of america’s sitekey service (2007)

    Google Scholar 

  22. Stuart Schechter, A.O., Dhamija, R., Fischer, I.: The emperor’s new security indicators. In: Symposium on Security and Privacy, pp. 51–65. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany

    Sebastian Gajek

Authors
  1. Sebastian Gajek
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Joonsang Baek

  2. Institute for Infocomm Research, 119613, Singapore

    Feng Bao

  3. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China

    Kefei Chen  & Xuejia Lai  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gajek, S. (2008). A Universally Composable Framework for the Analysis of Browser-Based Security Protocols. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds) Provable Security. ProvSec 2008. Lecture Notes in Computer Science, vol 5324. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88733-1_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-88733-1_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-88732-4

  • Online ISBN: 978-3-540-88733-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation