Hardening Persona – Improving Federated Web Login
Download: Paper (PDF)
Date: 22 Feb 2014
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2014
Federated login protocols for the Web are intended to increase user security by reducing the use of passwords, however these protocols can be vulnerable to recent attacks against TLS that aim to steal bearer tokens. This paper presents two variants of the popular Persona federated login protocol that are hardened against these types of TLS attacks.