Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

BetterAuth: Web Authentication Revisited

This paper presents "BetterAuth", an authentication protocol for Web
applications. Its design is based on the experiences of two decades with
the Web. BetterAuth addresses existing attacks on Web authentication,
ranging from network attacks to Cross-site Request Forgery up to
Phishing. Furthermore, the protocol can be realized completely in
standard JavaScript. This allows Web applications an early adoption,
even in a situation with limited browser support.

Author(s):

Martin Johns    
SAP Research
Germany

Sebastian Lekies    
SAP Research
Germany

Bastian Braun    
University of Passau
Germany

Benjamin Flesch    
SAP Research
Germany

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC