On the Security of Authentication Protocols for the Web
THÈSE DE DOCTORAT de l’Université de recherche Paris Sciences et Lettres PSL Research University Préparée dans le cadre d’une cotutelle entre l’École Normale Supérieure et l’Inria Paris-Rocqencourt On the Security of Authentication Protocols for the Web Ecole doctorale n°386 Sciences Mathématiques de Paris Centre Spécialité Informatique COMPOSITION DU JURY : Mme. CORTIER Véronique LORIA, Rapporteur M. GREEN Matthew U. John Hopkins, Rapporteur M. POINTCHEVAL David Soutenue par Antoine ENS Paris, Membre du jury Delignat-Lavaud M. MAFFEIS Sergio le 14 mars 2016 Imperial College, Membre du jury M. KUESTERS Ralf Dirigée par Karthikeyan U. Trier, Membre du jury Bhargavan M. BHARGAVAN Karthikeyan Inria, Directeur de thèse The École Normale Supérieure neither endorse nor censure authors’ opinions expressed in the theses: these opinions must be considered to be those of their authors. Keywords: web security, authentication, protocol analysis, http, transport layer security, tls, javascript, same-origin policy, x.509, public key infrastructure, single sign-on, delegated authentication, compositional security, channel binding, compound authentication, triple handshake Mots clés : sécurité du web, authentification, analyse de protocoles, http, transport layer security, tls, javascript, same-origin policy, x.509, infrastructure à clé publique, authentification unique, composition de protocoles, lieur de canal, triple poignée de main This thesis has been prepared at Inria Paris-Rocquencourt B.P. 105 Team Prosecco Domaine de Voluceau - Rocquencourt 78153 Le Chesnay France T +33 (0)1 39 63 55 11 v +33 (0)1 39 63 53 30 Web Site http://www.inria.fr Abstract xiii On the Security of Authentication Protocols for the Web Abstract As ever more private user data gets stored on the Web, ensuring proper protection of this data (in partic- ular when it transits through untrusted networks, or when it is accessed by the user from her browser) becomes increasingly critical.
[Show full text]