Web Security

Besides the work on Web authentication described in the Internet identity page we have conducted research on file-sharing security and password security for user-administered collaborative applications.

We have also written a response to the Cybersecurity Green Paper.

File-Sharing Security

File sharing often refers to the exchange of files (such as MP3 files) over peer-to-peer networks, but our concern is with the sharing of files through a central Web repository, e.g. for the purpose of online collaboration. Centralized file-sharing may seem easier to secure than peer-to-peer file sharing, but it is exposed to a security threat that is often overlooked.

Some of the files that Web users may wish to share by uploading them to, and downloading them from, a Web repository are HTML files. HTML files may contain Javascript code or other active content, which is executed as the file is rendered by the browser, and which may be malicious. Files of various types other than HTML files may also rendered by the browser and carry malicious active content.

Malicious code may of course be found anywhere on the Web, but malicious code in shared files poses a special problem because, if no precautions are taken, it may execute in a trusted context. The problem is similar to the threat posed by cross-site scripting, but more difficult to address. Providers of Web applications that have a file-sharing feature often take no precautions against attacks through HTML shared files.

The white paper

describes a range of attacks through shared files, including cross-user attacks, attacks by former users, and cross-instance attacks. Then it proposes a technique for defending against such attacks by serving shared files from URLs having hostnames specific to the user files of a particular application instance.

We have been granted US patent 8,341,200 on this technique.

Password security for user-administered collaborative applications

It may be hard to believe that anything remains to be investigated regarding password security. But traditional passwords are now sometimes used in a new setting where new countermeasures are needed for protection against various attacks.

The new setting is that of a collaborative Web application that allows a user to create an application instance and provide subaccounts for users who do not register with the application provider. The application instance is administered by the user who created it, possibly aided by users to whom he or she delegates administrative duties and privileges.

We have invented two techniques for improving the security provided by traditional passwords in this setting.

The first technique addresses the threat of anonymous password-guessing attacks over the Internet, by enforcing a hard limit on the total number of guesses against a password. It is described in the white paper:

We have been granted US patent 8,046,827 on this technique.

The second technique allows an administrator to reset a user’s password and send a temporary password to a user, securely, over a channel that does not provide confidentiality, as long as the administrator has a way of authenticating a user as the sender of a subsequent message. It is described in the white paper:

We have been granted US patent 7,975,292 on this technique.