Welcome to the InfoSci Platform
Reference Hub3
PAKE on the Web

PAKE on the Web

Xunhua Wang, Hua Lin
Copyright: © 2009 |Volume: 3 |Issue: 4 |Pages: 14
ISSN: 1930-1650|EISSN: 1930-1669|ISSN: 1930-1650|EISBN13: 9781616920685|EISSN: 1930-1669|DOI: 10.4018/jisp.2009100103
Cite Article Cite Article

MLA

Wang, Xunhua, and Hua Lin. "PAKE on the Web." IJISP vol.3, no.4 2009: pp.29-42. http://doi.org/10.4018/jisp.2009100103

APA

Wang, X. & Lin, H. (2009). PAKE on the Web. International Journal of Information Security and Privacy (IJISP), 3(4), 29-42. http://doi.org/10.4018/jisp.2009100103

Chicago

Wang, Xunhua, and Hua Lin. "PAKE on the Web," International Journal of Information Security and Privacy (IJISP) 3, no.4: 29-42. http://doi.org/10.4018/jisp.2009100103

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Unlike existing password authentication mechanisms on the web that use passwords for client-side authentication only, password-authenticated key exchange (PAKE) protocols provide mutual authentication. In this article, we present an architecture to integrate existing PAKE protocols to the web. Our integration design consists of the client-side part and the server-side part. First, we implement the PAKE client-side functionality with a web browser plug-in, which provides a secure implementation base. The plug-in has a log-in window that can be customized by a user when the plug-in is installed. By checking the user-specific information in a log-in window, an ordinary user can easily detect a fake log-in window created by mobile code. The server-side integration comprises a web interface and a PAKE server. After a successful PAKE mutual authentication, the PAKE plug-in receives a one-time ticket and passes it to the web browser. The web browser authenticates itself by presenting this ticket over HTTPS to the web server. The plug-in then fades away and subsequent web browsing remains the same as usual, requiring no extra user education. Our integration design supports centralized log-ins for web applications from different web sites, making it appropriate for digital identity management. A prototype is developed to validate our design. Since PAKE protocols use passwords for mutual authentication, we believe that the deployment of this design will significantly mitigate the risk of phishing attacks.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.