RFC2617: HTTP Authentication: Basic and Digest Access Authentication1999 RFC
Skip Abstract Section
Abstract
"HTTP/1.0", includes the specification for a Basic Access Authentication scheme. This scheme is not considered to be a secure method of user authentication (unless used in conjunction with some external secure system such as SSL [5]), as the user name and password are passed over the network as cleartext.
RFC Downloads
ZIP
Cited By
- Anand J, Sivanathan A, Hamza A and Gharakheili H PARVP Proceedings of the 2021 Workshop on Descriptive Approaches to IoT Security, Network, and Application Configuration, (10-16)
- Nikooghadam M and Amintoosi H (2020). A secure and robust elliptic curve cryptography‐based mutual authentication scheme for session initiation protocol, Security and Privacy, 3:1, Online publication date: 6-Jan-2020.
- Ravanbakhsh N, Mohammadi M and Nikooghadam M (2019). Perfect forward secrecy in VoIP networks through design a lightweight and secure authenticated communication scheme, Multimedia Tools and Applications, 78:9, (11129-11153), Online publication date: 1-May-2019.
- Cohney S, Green M and Heninger N Practical State Recovery Attacks against Legacy RNG Implementations Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, (265-280)
- Nguyen N and Chang C (2018). A biometric-based authenticated key agreement scheme for session initiation protocol in ip-based multimedia networks, Multimedia Tools and Applications, 77:18, (23909-23947), Online publication date: 1-Sep-2018.
- Guyang W, Shulin Y, Xuelei R and Bin W Research on WebSocket-Based Authentication System Proceedings of the 2017 VI International Conference on Network, Communication and Computing, (102-105)
- Irshad A, Kumari S, Li X, Wu F, Chaudhry S and Arshad H (2017). An Improved SIP Authentication Scheme Based on Server-Oriented Biometric Verification, Wireless Personal Communications: An International Journal, 97:2, (2145-2166), Online publication date: 1-Nov-2017.
- Lu Y, Li L, Peng H and Yang Y (2017). An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography, Multimedia Tools and Applications, 76:2, (1801-1815), Online publication date: 1-Jan-2017.
- Lin H, Wen F and Du C (2017). An anonymous and secure authentication and key agreement scheme for session initiation protocol, Multimedia Tools and Applications, 76:2, (2315-2329), Online publication date: 1-Jan-2017.
- Kumari S, Wu F, Li X, Farash M, Jiang Q, Khan M and Das A (2016). Single round-trip SIP authentication scheme with provable security for Voice over Internet Protocol using smart card, Multimedia Tools and Applications, 75:24, (17215-17245), Online publication date: 1-Dec-2016.
- Fett D, Küsters R and Schmitz G A Comprehensive Formal Security Analysis of OAuth 2.0 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, (1204-1215)
- Reddy A, Yoon E, Das A and Yoo K An Enhanced Anonymous Two-factor Mutual Authentication with Key-agreement Scheme for Session Initiation Protocol Proceedings of the 9th International Conference on Security of Information and Networks, (145-149)
- Hussain I, Djahel S, Zhang Z and Naït-Abdesselam F (2015). A comprehensive study of flooding attack consequences and countermeasures in Session Initiation Protocol SIP, Security and Communication Networks, 8:18, (4436-4451), Online publication date: 1-Dec-2015.
- Xia Y, Liu Y, Tan C, Ma M, Guan H, Zang B and Chen H TinMan Proceedings of the Tenth European Conference on Computer Systems, (1-16)
- Levillain O, Gourdin B and Debar H TLS Record Protocol Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, (225-236)
- Braun B, Pauli K, Posegga J and Johns M LogSec Proceedings of the 30th Annual ACM Symposium on Applied Computing, (2149-2156)
- Stock B and Johns M Protecting users against XSS-based password manager abuse Proceedings of the 9th ACM symposium on Information, computer and communications security, (183-194)
- Gamache P Pragmatic hypermedia Proceedings of the 23rd International Conference on World Wide Web, (931-936)
- Sisalem D, Kuthan J and Ott J A Short History of VoIP Services The Convergence of Telecom and Internet on Evolution of Telecommunication Services - Volume 7768, (90-110)
- Zhu B, Wei D, Yang M and Yan J Security implications of password discretization for click-based graphical passwords Proceedings of the 22nd international conference on World Wide Web, (1581-1591)
- Yamanoue T, Oda K and Shimozono K (2012). A simple application program interface for saving java program data on a wiki, Advances in Software Engineering, 2012, (2-2), Online publication date: 1-Jan-2012.
- Langsworth A (2011). Using static analysis tools to detect and correct non-compliant cryptography, ACM SIGSOFT Software Engineering Notes, 36:6, (1-7), Online publication date: 14-Nov-2011.
- Liu F and Koenig H Cryptanalysis of a SIP authentication scheme Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security, (134-143)
- da Silva Maciel L and Hirata C Extending timestamp-based two phase commit protocol for RESTful services to meet business rules Proceedings of the 2011 ACM Symposium on Applied Computing, (778-785)
- Al-Zoubi K and Wainer G RISE Proceedings of the Winter Simulation Conference, (2968-2980)
- Zhang R, Wang X, Yang X and Jiang X (2010). On the billing vulnerabilities of SIP-based VoIP systems, Computer Networks: The International Journal of Computer and Telecommunications Networking, 54:11, (1837-1847), Online publication date: 1-Aug-2010.
- Boudol G, Luo Z, Rezk T and Serrano M Towards reasoning for web applications Proceedings of the 2010 Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications, (3-14)
- Al-Zoubi K and Wainer G Performing distributed simulation with RESTful web-services Winter Simulation Conference, (1323-1334)
- Dacosta I, Balasubramaniyan V, Ahamad M and Traynor P Improving authentication performance of distributed SIP proxies Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications, (1-11)
- Ekberg J, Asokan N, Kostiainen K and Rantala A Scheduling execution of credentials in constrained secure environments Proceedings of the 3rd ACM workshop on Scalable trusted computing, (61-70)
- Hsieh C, Chen J, Lin Y, Chen K, Liao H and Liang C (2008). NTP-DownloadT: a conformance test tool for secured mobile download services, International Journal of Security and Networks, 3:4, (240-249), Online publication date: 1-Oct-2008.
- Wang X, Zhang R, Yang X, Jiang X and Wijesekera D Voice pharming attack and the trust of VoIP Proceedings of the 4th international conference on Security and privacy in communication netowrks, (1-11)
- Adida B Sessionlock Proceedings of the 17th international conference on World Wide Web, (517-524)
- Mannan M and van Oorschot P Privacy-enhanced sharing of personal content on the web Proceedings of the 17th international conference on World Wide Web, (487-496)
- Wu C and Liu T Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS) Proceedings of the 2008 Spring simulation multiconference, (844-851)
- Sasaki Y, Wang L, Ohta K and Kunihiro N Security of MD5 challenge and response Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology, (1-18)
- Perlman R and Kaufman C User-centric PKI Proceedings of the 7th symposium on Identity and trust on the Internet, (59-71)
- Belimpasakis P, Luoma J and Börzsei M Content sharing middleware for mobile devices Proceedings of the 1st international conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications, (1-8)
- Orihara S, Tsuruoka Y and Takahashi K Certificate-less user authentication with consent Proceedings of the 2007 ACM workshop on Digital identity management, (11-16)
- Gouda M, Liu A, Leung L and Alam M (2007). SPP, Computer Networks: The International Journal of Computer and Telecommunications Networking, 51:13, (3715-3726), Online publication date: 1-Sep-2007.
- Zhang R, Wang X, Yang X and Jiang X Billing attacks on SIP-based VoIP systems Proceedings of the first USENIX workshop on Offensive Technologies, (1-8)
- Aichernig B, Weiglhofer M, Peischl B and Wotawa F Test purpose generation in an industrial application Proceedings of the 3rd international workshop on Advances in model-based testing, (115-125)
- Severina D, Brunato M, Ordine A and Veltri L UniWireless Proceedings of the 4th international workshop on Wireless mobile applications and services on WLAN hotspots, (30-36)
- Stier M, Eick E and Koerner E A practical approach to SIP, qos and AAA integration Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems, (654-665)
- Vazquez J, de Ipiña D and Sedano I SOAM Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV, (108-117)
- Hughes E and Somayaji A Towards network awareness Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19, (12-12)
- `Xiao-rong C, Qi-yuan F, Chao D and Ming-quan Z Research and Realization of Authentication Technique Based on OTP and Kerberos Proceedings of the Eighth International Conference on High-Performance Computing in Asia-Pacific Region
- Straub T, Ginkel T and Buchmann J A multipurpose delegation proxy for WWW credentials Proceedings of the Second European conference on Public Key Infrastructure, (1-21)
- Canfora G, Di Santo G, Venturi G, Zimeo E and Zito M Migrating web application sessions in mobile computing Special interest tracks and posters of the 14th international conference on World Wide Web, (1166-1167)
- Xia H and Brustoloni J Hardening Web browsers against man-in-the-middle and eavesdropping attacks Proceedings of the 14th international conference on World Wide Web, (489-498)
- Chang C, Lu Y, Pang A and Kuo T Design and implementation of SIP security Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking, (669-678)
- Kim J, Kim H, Ahn S and Chung J The authentication and processing performance of session initiation protocol (SIP) based multi-party secure closed conference system Proceedings of the Second international conference on Parallel and Distributed Processing and Applications, (725-729)
- Bauer M New covert channels in HTTP Proceedings of the 2003 ACM workshop on Privacy in the electronic society, (72-78)
- Bayardo Jr. R, Agrawal R, Gruhl D and Somani A YouServ Proceedings of the 11th international conference on World Wide Web, (345-354)
- Evans M and Furnell S A web-based resource migration protocol using WebDAV Proceedings of the 11th international conference on World Wide Web, (263-271)
- Fu K, Sit E, Smith K and Feamster N Dos and don'ts of client authentication on the web Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
- van den Akker T, Snell Q and Clement M The YGuard access control model Proceedings of the sixth ACM symposium on Access control models and technologies, (75-84)
- Howell J and Kotz D End-to-end authorization Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Please enable JavaScript to view thecomments powered by Disqus.
Recommendations
Unconditionally secure ring authentication
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications securityWe propose ring authentication in unconditionally secure setting. In a ring authentication system a sender can choose a set of users and construct an authenticated message for a receiver such that the receiver can verify authenticity of the message with ...
Practical Anonymous Password Authentication and TLS with Anonymous Client Authentication
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityAnonymous authentication allows one to authenticate herself without revealing her identity, and becomes an important technique for constructing privacy-preserving Internet connections. Anonymous password authentication is highly desirable as it enables ...