Data Portal @ linkeddatafragments.org

Matches in ScholarlyData for { <https://w3id.org/scholarlydata/inproceedings/www2012/paper/1238> ?p ?o. }

• 1238 creator chinmay-soman.
• 1238 creator dan-boneh.
• 1238 creator elie-bursztein.
• 1238 creator john-mitchell.
• 1238 type InProceedings.
• 1238 label "SessionJuggler: Secure Web Login From an Untrusted Terminal Using Session Hijacking".
• 1238 sameAs 1238.
• 1238 abstract "We use modern features of web browsers to develop a secure login system from an untrusted terminal. The system, called Session Juggler, requires no server-side changes and no special software on the terminal beyond a modern web browser. This important property makes adoption much easier than with previous proposals. With Session Juggler users never enter their long term credential on the untrusted terminal. Instead, users log in to a web site using a smartphone app and then transfer the entire session, including cookies and all other session state, to the untrusted terminal. We show that Session Juggler works on all the Alexa top 100 sites (except three because the Android browser is not able to render them). We also show that Session Juggler works flawlessly with Facebook connect. Beyond login, Session Juggler also provides a secure logout mechanism where the trusted phone is used to kill the session. To validate the session juggling concept we conducted a number of web site surveys that are of independent interest. First, we survey how web sites bind a session token to a specific device and show that most use fairly basic techniques that are easily defeated. Second, we survey how web sites handle logout and show that many popular sites surprisingly do not properly handle logout requests.".
• 1238 hasAuthorList authorList.
• 1238 isPartOf proceedings.
• 1238 keyword "Hijacking".
• 1238 keyword "Logout issues".
• 1238 keyword "Malware".
• 1238 keyword "Secure login".
• 1238 keyword "Smartphone".
• 1238 title "SessionJuggler: Secure Web Login From an Untrusted Terminal Using Session Hijacking".