Web Authentication based on a Community of Trust and on a
By Karima Boudaoud and Nicolas Nobelis (I3S-CNRS Laboratory /
of Nice Sophia Antipolis)
With the increasing growth of e-commerce and its importance to
economy, the security of e-commerce systems and particularly of Web
becoming more and more important. Many mechanisms have been proposed to
ensure confidentiality and integrity of transactions. But even if some
these solutions have been deployed, security of e-commerce Web sites is
fragile. E-commerce Web sites are still vulnerable to many kind of
and those attacks are evolving continously. For example several
Web sites such as Yahoo, Amazon, Ebay and financial institutions have
subject of spectacular attacks such as Denial of service and Phishing
that have caused important damages and the loss of a lot of money.
The aim of this paper is to propose a user-centered approach
security against the new generation of Web spoofing attacks.
Strategies against Web-spoofing attacks.
To manage Web spoofing attacks, several security solutions,
and reactive approaches, are proposed.
- Proactive approaches:
- Security toolbars implemented bybrowser vendors.
- user may distrust the toolbar's decision process
- user may not pay attention to security warnings
- Pop-up security warnings. However,
- too many warnings exasperate the user
- too general warnings don't help theuser in
- Web page personalization. However,
- image-based solutions are not applicable for people
with visual disabilities [CAPTCHA]
- Reactive approaches:
- Intrusion detection and prevention systems deployed at
- to detect suspicious behaviors such as multiple
accesses to a Web site during a short period of time, logos and Web
- ISPs intervention to block and close phishing Web sites.
In order to be more efficient against Web spoofing attacks,
strategy is to think about a collaborative approach between solutions
deployed at server-side, client-side, particularly browsers, and ISPs.
Better trust relationships between users, browsers and Web
The success of recent phishing attacks has revealed the
authentication mechanims used by e-commerce Web sites. In fact, if we
the example of phishing attacks that have been launched against
institutions, their success is due to the fact that users believed in
they receive and in the Web Sites to which they connected. Thus, the
defense strategy against these kind of attacks is to help users to be
the identity of the Web site to which they connect.
Certificate-based authentication solutions seem a strong
ensure a trusted relationship between Web Sites and Users. However:
- Some Web sites use certificates that are not recognised by
- Free certificates delivered by some certification
authorities (example CAcert)
- Certificates recognised by browsers are not free
- Self-signed certificates are free but not recognised by
One possible naive solution could be proposed for W3C to:
However, this solution seems unlikely to be accepted by big
authorities such as Verisign.
- establish a list of trusted certification authorities that
deliver free certificates,
- push browsers vendors to recognise this list
Thus, the questions are
- How to improve the identification of safe Web sites ?
- How to help browers to recognise suspicious Web sites ?
- Does it make sense to integrate the user in the recognition
Actually, nowadays, browsers are able to help users in
suspicious web sites, based mainly on Web sites certificates. However,
is not sufficient. What is required is a solution that ensures explicit
collaboration between browsers and users in the validation process of
sites. Therefore, in our opinion, we need to go through more
approaches that make a balance between user believes, browsers trust
and security constraints.
If we consider that browsers use a kind of trust engine that
metrics and blacklists to validate Web sites, it will be important to
integrate the user in the decision process by offering the opportunity
- The user's own whitelist, for trusted sites, and/or
blacklists for untrusted sites
- personal trust metrics
- certificates and/or the certification authorities the users
So, a possible solution will be to offer the user an
permits him to indicate the Web sites which he trusts.
Let us consider :
When the user tries to connect to a Web Site the trust engine will use,
addition to its own trust metrics, this UserTrustedList to validate the
- a user who wants to connect to a Web site
- a whitelist of trusted Web sites managed by this user,
noted UserTrustedList, where each Web site is associated to its public
Even if this approach is at its first stage, it seems to us very
improve the trust relationship between users and Web sites.
- If the Web site is in theUserTrustedList, the browser will
let the user to connect to the requested site.
- If it is not, it will ask the Web site to send a list of
Web sites that trust him, called SiteTrustMeList. Then the trust engine
will search if one of the Web site contained in the SiteTrustMeList
exists in the UserTrustedList.
- If it is the case, it will ask the new Web site to
return the public key of the initial Web site. This key will then be
added to the UserTrustedList and the user will be connected.
- If no Web Site exists in the UserTrustedList, the
browser will check its blacklist. If no suspicious site is identified
in the SiteTrustMeList, the browser will ask anyone in the list (for
example the first one) to give the public key of the initial Web site
and its own SiteTrustMeList.
- The process will be repeated until a Web site is found
in the UserTrustedList or in a blacklist.
Recommendations for an efficient defense strategy against Web
In our opinion, to efficiently manage security of the Web
spoofing attacks, we must :
- Look at Web security problems from a global point of view
and not in isolation, which means from:
- a user point of view (i.e.User or Client-side)
- a service provider point of view (i.e. Server-side)
- a network point of view (i.e at Network-level)
- Take into account both technological and social engineering
- Design evolutionary and flexible security solutions to
follow the evolution of the Web threat model
- Design solutions at client-side that:
- are acceptable to users
- for example, can we propose solutions that oblige
users to have a certificate or a public/private key..
- can be easily implemented (particularly in browsers)
- can be easily used
- Design more collaborative security solutions based on:
- collaboration between users, browser tools and service
- a community of trust