Bursztein et al., 2012 - Google Patents
Sessionjuggler: secure web login from an untrusted terminal using session hijackingBursztein et al., 2012
View PDF- Document ID
- 1007066194486740040
- Author
- Bursztein E
- Soman C
- Boneh D
- Mitchell J
- Publication year
- Publication venue
- Proceedings of the 21st international conference on World Wide Web
External Links
Snippet
We use modern features of web browsers to develop a secure login system from an untrusted terminal. The system, called Session Juggler, requires no server-side changes and no special software on the terminal beyond a modern web browser. This important …
- 235000014510 cooky 0 abstract description 27
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H04L63/083—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H04L63/0815—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H04L63/0869—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/02—Network-specific arrangements or communication protocols supporting networked applications involving the use of web-based technology, e.g. hyper text transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/14—Network-specific arrangements or communication protocols supporting networked applications for session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/22—Tracking the activity of the user
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12413624B2 (en) | Cyber secure communications system | |
| Huang et al. | Using one-time passwords to prevent password phishing attacks | |
| Sun et al. | The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems | |
| Ghasemisharif et al. | O single {Sign-Off}, where art thou? an empirical analysis of single {Sign-On} account hijacking and session management on the web | |
| Bui et al. | {Man-in-the-Machine}: Exploiting {Ill-Secured} Communication Inside the Computer | |
| Bursztein et al. | Sessionjuggler: secure web login from an untrusted terminal using session hijacking | |
| Czeskis et al. | Lightweight server support for browser-based CSRF protection | |
| US20150007283A1 (en) | Delegating authentication for a web service | |
| Bhavani | Cross-site scripting attacks on android webview | |
| Bojjagani et al. | Stamba: Security testing for Android mobile banking apps | |
| Mladenov et al. | On the security of modern single sign-on protocols: Second-order vulnerabilities in openid connect | |
| Yoo et al. | Case study of the vulnerability of OTP implemented in internet banking systems of South Korea | |
| Kuchhal et al. | Evaluating the security posture of real-world fido2 deployments | |
| Ali et al. | Parental controls: safer internet solutions or new pitfalls? | |
| Bauer et al. | Analyzing the dangers posed by Chrome extensions | |
| Bai et al. | All your sessions are belong to us: Investigating authenticator leakage through backup channels on android | |
| Liu et al. | Android single sign-on security: Issues, taxonomy and directions | |
| De Ryck et al. | Primer on client-side web security | |
| Mayer et al. | Guardians of the clouds: When identity providers fail | |
| Gautam et al. | Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers | |
| Sun et al. | OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle | |
| Bhardwaj et al. | Reducing the threat surface to minimise the impact of cyber-attacks | |
| Sentamilselvan et al. | Survey on Cross Site Request Forgery | |
| Holtmann | Single sign-on security: security analysis of real-life openid connect implementations | |
| Roberts-Morpeth et al. | Some security issues for web based frameworks |