Achieving communication effectiveness of web authentication protocol with key update

Zijian Zhang; Chongxi Shen; Liehuang Zhu; Chen Xu; Salabat Khan Wazir; Chuyi Chen

doi:10.1007/978-981-10-8890-2_11

Achieving communication effectiveness of web authentication protocol with key update

Zijian Zhang, Chongxi Shen, Liehuang Zhu^*, Chen Xu, Salabat Khan Wazir, Chuyi Chen

^*此作品的通讯作者

网络空间安全学院

Beijing Institute of Technology

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

摘要

Today, with the presence of a large number of Man-In-The-Middle (MITM) attacks, identity authentication plays an important role in computer communication network. Series of authentication protocols have been proposed to resist against MITM attacks. Due to the lack of two-way certification between the client and the server, an attack named Man-In-The-Middle-Script-In-The-Browser (MITM-SITB) still works in most protocols. In order to protect against this kind of attack, a Channel-ID based authentication protocol named Server-Invariance-with-Strong-Client-Authentication (SISCA) is put forward. This protocol can not support key update and execute inefficiently. To solve this problem, we propose a Communication-Effectiveness-of-Web-Authentication (CEWA) protocol. We design a new certification process to make the protocol support key update, thus avoiding the risk of key leaks. Simultaneously, We designed the key storage method to manage the keys. We improve the efficiency of implementation. We also analyze its security and the experimental analysis shows the better performance of the efficiency than that in SISCA protocol.

源语言	英语
主期刊名	Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers
编辑	Liehuang Zhu, Sheng Zhong
出版商	Springer Verlag
页	146-162
页数	17
ISBN（印刷版）	9789811088896
DOI	https://doi.org/10.1007/978-981-10-8890-2_11
出版状态	已出版 - 2018
活动	13th International Conference on Mobile Ad-hoc and Sensor Networks, MSN 2017 - Beijing, 中国期限: 17 12月 2017 → 20 12月 2017

出版系列

姓名	Communications in Computer and Information Science
卷	747
ISSN（印刷版）	1865-0929

会议

会议	13th International Conference on Mobile Ad-hoc and Sensor Networks, MSN 2017
国家/地区	中国
市	Beijing
时期	17/12/17 → 20/12/17

访问文件

10.1007/978-981-10-8890-2_11

其它文件与链接

链接到 Scopus 的出版物

引用此

Zhang, Z., Shen, C., Zhu, L., Xu, C., Wazir, S. K., & Chen, C. (2018). Achieving communication effectiveness of web authentication protocol with key update. 在 L. Zhu, & S. Zhong (编辑), Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers (页码 146-162). (Communications in Computer and Information Science; 卷 747). Springer Verlag. https://doi.org/10.1007/978-981-10-8890-2_11

Zhang, Zijian ; Shen, Chongxi ; Zhu, Liehuang 等. / Achieving communication effectiveness of web authentication protocol with key update. Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers. 编辑 / Liehuang Zhu ; Sheng Zhong. Springer Verlag, 2018. 页码 146-162 (Communications in Computer and Information Science).

@inproceedings{b79e78eb80bb4e2c96db4723d174ad86,

title = "Achieving communication effectiveness of web authentication protocol with key update",

abstract = "Today, with the presence of a large number of Man-In-The-Middle (MITM) attacks, identity authentication plays an important role in computer communication network. Series of authentication protocols have been proposed to resist against MITM attacks. Due to the lack of two-way certification between the client and the server, an attack named Man-In-The-Middle-Script-In-The-Browser (MITM-SITB) still works in most protocols. In order to protect against this kind of attack, a Channel-ID based authentication protocol named Server-Invariance-with-Strong-Client-Authentication (SISCA) is put forward. This protocol can not support key update and execute inefficiently. To solve this problem, we propose a Communication-Effectiveness-of-Web-Authentication (CEWA) protocol. We design a new certification process to make the protocol support key update, thus avoiding the risk of key leaks. Simultaneously, We designed the key storage method to manage the keys. We improve the efficiency of implementation. We also analyze its security and the experimental analysis shows the better performance of the efficiency than that in SISCA protocol.",

keywords = "Channel ID, Key update, Man-in-the-middle (MITM) attack, TLS, Web authentication",

author = "Zijian Zhang and Chongxi Shen and Liehuang Zhu and Chen Xu and Wazir, {Salabat Khan} and Chuyi Chen",

note = "Publisher Copyright: {\textcopyright} Springer Nature Singapore Pte Ltd. 2018.; 13th International Conference on Mobile Ad-hoc and Sensor Networks, MSN 2017 ; Conference date: 17-12-2017 Through 20-12-2017",

year = "2018",

doi = "10.1007/978-981-10-8890-2_11",

language = "English",

isbn = "9789811088896",

series = "Communications in Computer and Information Science",

publisher = "Springer Verlag",

pages = "146--162",

editor = "Liehuang Zhu and Sheng Zhong",

booktitle = "Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers",

address = "Germany",

}

Zhang, Z, Shen, C, Zhu, L, Xu, C, Wazir, SK & Chen, C 2018, Achieving communication effectiveness of web authentication protocol with key update. 在 L Zhu & S Zhong (编辑), Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers. Communications in Computer and Information Science, 卷 747, Springer Verlag, 页码 146-162, 13th International Conference on Mobile Ad-hoc and Sensor Networks, MSN 2017, Beijing, 中国, 17/12/17. https://doi.org/10.1007/978-981-10-8890-2_11

Achieving communication effectiveness of web authentication protocol with key update. / Zhang, Zijian; Shen, Chongxi; Zhu, Liehuang 等.
Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers. 编辑 / Liehuang Zhu; Sheng Zhong. Springer Verlag, 2018. 页码 146-162 (Communications in Computer and Information Science; 卷 747).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Achieving communication effectiveness of web authentication protocol with key update

AU - Zhang, Zijian

AU - Shen, Chongxi

AU - Zhu, Liehuang

AU - Xu, Chen

AU - Wazir, Salabat Khan

AU - Chen, Chuyi

N1 - Publisher Copyright: © Springer Nature Singapore Pte Ltd. 2018.

PY - 2018

Y1 - 2018

N2 - Today, with the presence of a large number of Man-In-The-Middle (MITM) attacks, identity authentication plays an important role in computer communication network. Series of authentication protocols have been proposed to resist against MITM attacks. Due to the lack of two-way certification between the client and the server, an attack named Man-In-The-Middle-Script-In-The-Browser (MITM-SITB) still works in most protocols. In order to protect against this kind of attack, a Channel-ID based authentication protocol named Server-Invariance-with-Strong-Client-Authentication (SISCA) is put forward. This protocol can not support key update and execute inefficiently. To solve this problem, we propose a Communication-Effectiveness-of-Web-Authentication (CEWA) protocol. We design a new certification process to make the protocol support key update, thus avoiding the risk of key leaks. Simultaneously, We designed the key storage method to manage the keys. We improve the efficiency of implementation. We also analyze its security and the experimental analysis shows the better performance of the efficiency than that in SISCA protocol.

AB - Today, with the presence of a large number of Man-In-The-Middle (MITM) attacks, identity authentication plays an important role in computer communication network. Series of authentication protocols have been proposed to resist against MITM attacks. Due to the lack of two-way certification between the client and the server, an attack named Man-In-The-Middle-Script-In-The-Browser (MITM-SITB) still works in most protocols. In order to protect against this kind of attack, a Channel-ID based authentication protocol named Server-Invariance-with-Strong-Client-Authentication (SISCA) is put forward. This protocol can not support key update and execute inefficiently. To solve this problem, we propose a Communication-Effectiveness-of-Web-Authentication (CEWA) protocol. We design a new certification process to make the protocol support key update, thus avoiding the risk of key leaks. Simultaneously, We designed the key storage method to manage the keys. We improve the efficiency of implementation. We also analyze its security and the experimental analysis shows the better performance of the efficiency than that in SISCA protocol.

KW - Channel ID

KW - Key update

KW - Man-in-the-middle (MITM) attack

KW - TLS

KW - Web authentication

UR - http://www.scopus.com/inward/record.url?scp=85045312298&partnerID=8YFLogxK

U2 - 10.1007/978-981-10-8890-2_11

DO - 10.1007/978-981-10-8890-2_11

M3 - Conference contribution

AN - SCOPUS:85045312298

SN - 9789811088896

T3 - Communications in Computer and Information Science

SP - 146

EP - 162

BT - Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers

A2 - Zhu, Liehuang

A2 - Zhong, Sheng

PB - Springer Verlag

T2 - 13th International Conference on Mobile Ad-hoc and Sensor Networks, MSN 2017

Y2 - 17 December 2017 through 20 December 2017

ER -

Zhang Z, Shen C, Zhu L, Xu C, Wazir SK, Chen C. Achieving communication effectiveness of web authentication protocol with key update. 在 Zhu L, Zhong S, 编辑, Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers. Springer Verlag. 2018. 页码 146-162. (Communications in Computer and Information Science). doi: 10.1007/978-981-10-8890-2_11

Achieving communication effectiveness of web authentication protocol with key update

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此