A Cryptographic Mutual Authentication Scheme for Web Applications
This work addresses security and deployment challenges for web applications, but it appears incremental as it builds on existing cryptographic methods without introducing a new paradigm.
The paper tackles the security and usability issues of password-based web authentication by proposing StrongAuth, a cryptographic mutual authentication scheme that maintains user experience while improving security, as shown by its resistance to various attacks.
The majority of current web authentication is built on username/password. Unfortunately, password replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication scheme called StrongAuth which preserves most password authentication advantages and simultaneously improves security using cryptographic primitives. Our scheme not only offers webmasters a clear framework which to build secure user authentication, but it also provides almost the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.