Achieving communication effectiveness of web authentication protocol with key update

Zijian Zhang; Chongxi Shen; Liehuang Zhu; Chen Xu; Salabat Khan Wazir; Chuyi Chen

doi:10.1007/978-981-10-8890-2_11

Achieving communication effectiveness of web authentication protocol with key update

Zijian Zhang, Chongxi Shen, Liehuang Zhu^*, Chen Xu, Salabat Khan Wazir, Chuyi Chen

^*Corresponding author for this work

School of Cyberspace Science and Technology

Beijing Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Today, with the presence of a large number of Man-In-The-Middle (MITM) attacks, identity authentication plays an important role in computer communication network. Series of authentication protocols have been proposed to resist against MITM attacks. Due to the lack of two-way certification between the client and the server, an attack named Man-In-The-Middle-Script-In-The-Browser (MITM-SITB) still works in most protocols. In order to protect against this kind of attack, a Channel-ID based authentication protocol named Server-Invariance-with-Strong-Client-Authentication (SISCA) is put forward. This protocol can not support key update and execute inefficiently. To solve this problem, we propose a Communication-Effectiveness-of-Web-Authentication (CEWA) protocol. We design a new certification process to make the protocol support key update, thus avoiding the risk of key leaks. Simultaneously, We designed the key storage method to manage the keys. We improve the efficiency of implementation. We also analyze its security and the experimental analysis shows the better performance of the efficiency than that in SISCA protocol.

Original language	English
Title of host publication	Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers
Editors	Liehuang Zhu, Sheng Zhong
Publisher	Springer Verlag
Pages	146-162
Number of pages	17
ISBN (Print)	9789811088896
DOIs	https://doi.org/10.1007/978-981-10-8890-2_11
Publication status	Published - 2018
Event	13th International Conference on Mobile Ad-hoc and Sensor Networks, MSN 2017 - Beijing, China Duration: 17 Dec 2017 → 20 Dec 2017

Publication series

Name	Communications in Computer and Information Science
Volume	747
ISSN (Print)	1865-0929

Conference

Conference	13th International Conference on Mobile Ad-hoc and Sensor Networks, MSN 2017
Country/Territory	China
City	Beijing
Period	17/12/17 → 20/12/17

Keywords

Channel ID
Key update
Man-in-the-middle (MITM) attack
TLS
Web authentication

Access to Document

10.1007/978-981-10-8890-2_11

Cite this

Zhang, Z., Shen, C., Zhu, L., Xu, C., Wazir, S. K., & Chen, C. (2018). Achieving communication effectiveness of web authentication protocol with key update. In L. Zhu, & S. Zhong (Eds.), Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers (pp. 146-162). (Communications in Computer and Information Science; Vol. 747). Springer Verlag. https://doi.org/10.1007/978-981-10-8890-2_11

@inproceedings{b79e78eb80bb4e2c96db4723d174ad86,

title = "Achieving communication effectiveness of web authentication protocol with key update",

abstract = "Today, with the presence of a large number of Man-In-The-Middle (MITM) attacks, identity authentication plays an important role in computer communication network. Series of authentication protocols have been proposed to resist against MITM attacks. Due to the lack of two-way certification between the client and the server, an attack named Man-In-The-Middle-Script-In-The-Browser (MITM-SITB) still works in most protocols. In order to protect against this kind of attack, a Channel-ID based authentication protocol named Server-Invariance-with-Strong-Client-Authentication (SISCA) is put forward. This protocol can not support key update and execute inefficiently. To solve this problem, we propose a Communication-Effectiveness-of-Web-Authentication (CEWA) protocol. We design a new certification process to make the protocol support key update, thus avoiding the risk of key leaks. Simultaneously, We designed the key storage method to manage the keys. We improve the efficiency of implementation. We also analyze its security and the experimental analysis shows the better performance of the efficiency than that in SISCA protocol.",

keywords = "Channel ID, Key update, Man-in-the-middle (MITM) attack, TLS, Web authentication",

author = "Zijian Zhang and Chongxi Shen and Liehuang Zhu and Chen Xu and Wazir, {Salabat Khan} and Chuyi Chen",

note = "Publisher Copyright: {\textcopyright} Springer Nature Singapore Pte Ltd. 2018.; 13th International Conference on Mobile Ad-hoc and Sensor Networks, MSN 2017 ; Conference date: 17-12-2017 Through 20-12-2017",

year = "2018",

doi = "10.1007/978-981-10-8890-2_11",

language = "English",

isbn = "9789811088896",

series = "Communications in Computer and Information Science",

publisher = "Springer Verlag",

pages = "146--162",

editor = "Liehuang Zhu and Sheng Zhong",

booktitle = "Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers",

address = "Germany",

}

Zhang, Z, Shen, C, Zhu, L, Xu, C, Wazir, SK & Chen, C 2018, Achieving communication effectiveness of web authentication protocol with key update. in L Zhu & S Zhong (eds), Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers. Communications in Computer and Information Science, vol. 747, Springer Verlag, pp. 146-162, 13th International Conference on Mobile Ad-hoc and Sensor Networks, MSN 2017, Beijing, China, 17/12/17. https://doi.org/10.1007/978-981-10-8890-2_11

Achieving communication effectiveness of web authentication protocol with key update. / Zhang, Zijian; Shen, Chongxi; Zhu, Liehuang et al.
Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers. ed. / Liehuang Zhu; Sheng Zhong. Springer Verlag, 2018. p. 146-162 (Communications in Computer and Information Science; Vol. 747).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Achieving communication effectiveness of web authentication protocol with key update

AU - Zhang, Zijian

AU - Shen, Chongxi

AU - Zhu, Liehuang

AU - Xu, Chen

AU - Wazir, Salabat Khan

AU - Chen, Chuyi

N1 - Publisher Copyright: © Springer Nature Singapore Pte Ltd. 2018.

PY - 2018

Y1 - 2018

N2 - Today, with the presence of a large number of Man-In-The-Middle (MITM) attacks, identity authentication plays an important role in computer communication network. Series of authentication protocols have been proposed to resist against MITM attacks. Due to the lack of two-way certification between the client and the server, an attack named Man-In-The-Middle-Script-In-The-Browser (MITM-SITB) still works in most protocols. In order to protect against this kind of attack, a Channel-ID based authentication protocol named Server-Invariance-with-Strong-Client-Authentication (SISCA) is put forward. This protocol can not support key update and execute inefficiently. To solve this problem, we propose a Communication-Effectiveness-of-Web-Authentication (CEWA) protocol. We design a new certification process to make the protocol support key update, thus avoiding the risk of key leaks. Simultaneously, We designed the key storage method to manage the keys. We improve the efficiency of implementation. We also analyze its security and the experimental analysis shows the better performance of the efficiency than that in SISCA protocol.

AB - Today, with the presence of a large number of Man-In-The-Middle (MITM) attacks, identity authentication plays an important role in computer communication network. Series of authentication protocols have been proposed to resist against MITM attacks. Due to the lack of two-way certification between the client and the server, an attack named Man-In-The-Middle-Script-In-The-Browser (MITM-SITB) still works in most protocols. In order to protect against this kind of attack, a Channel-ID based authentication protocol named Server-Invariance-with-Strong-Client-Authentication (SISCA) is put forward. This protocol can not support key update and execute inefficiently. To solve this problem, we propose a Communication-Effectiveness-of-Web-Authentication (CEWA) protocol. We design a new certification process to make the protocol support key update, thus avoiding the risk of key leaks. Simultaneously, We designed the key storage method to manage the keys. We improve the efficiency of implementation. We also analyze its security and the experimental analysis shows the better performance of the efficiency than that in SISCA protocol.

KW - Channel ID

KW - Key update

KW - Man-in-the-middle (MITM) attack

KW - TLS

KW - Web authentication

UR - http://www.scopus.com/inward/record.url?scp=85045312298&partnerID=8YFLogxK

U2 - 10.1007/978-981-10-8890-2_11

DO - 10.1007/978-981-10-8890-2_11

M3 - Conference contribution

AN - SCOPUS:85045312298

SN - 9789811088896

T3 - Communications in Computer and Information Science

SP - 146

EP - 162

BT - Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers

A2 - Zhu, Liehuang

A2 - Zhong, Sheng

PB - Springer Verlag

T2 - 13th International Conference on Mobile Ad-hoc and Sensor Networks, MSN 2017

Y2 - 17 December 2017 through 20 December 2017

ER -

Zhang Z, Shen C, Zhu L, Xu C, Wazir SK, Chen C. Achieving communication effectiveness of web authentication protocol with key update. In Zhu L, Zhong S, editors, Mobile Ad-hoc and Sensor Networks - 13th International Conference, MSN 2017, Revised Selected Papers. Springer Verlag. 2018. p. 146-162. (Communications in Computer and Information Science). doi: 10.1007/978-981-10-8890-2_11

Achieving communication effectiveness of web authentication protocol with key update

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this