Author(s): Michael Dietz and Dan S. Wallach

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014

Abstract:

Federated login protocols for the Web are intended to increase user security by reducing the use of passwords, however these protocols can be vulnerable to recent attacks against TLS that aim to steal bearer tokens. This paper presents two variants of the popular Persona federated login protocol that are hardened against these types of TLS attacks.