International Association for Cryptologic Research

Ph.D. Database

The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and access to the full text. On the second hand, it deals with Ph.D. subjects currently under investigation. This way, we provide a timely map of contemporary research in cryptology. All entries or changes need to be approved by an editor. You can contact them via phds (at)


Thomas Gross (#191)
Name Thomas Gross
Personal Homepage
Topic of his/her doctorate. Browser-based Identity Federation
Category applications
Keywords identification protocols
Ph.D. Supervisor(s) Birgit Pfitzmann, Ahmad-Reza Sadeghi
Year of completion 2009

Given the increasing popularity of Web 2.0 applications, web-based three-party authentication gets more and more important. Identity federation fulfills this requirement through standardized protocols that authenticate Web users across trust domains.

This thesis considers the problem of secure authentication by browser-based identity federation. This special class of identity federation only uses a standard web browser as client and therefore provides a zero-footprint authentication. Instead of a traditional key exchange and subsequent channel establishment, browser-based identity federation bootstraps a server-authenticated secure channel with a third-party credential to obtain mutual authentication. Thanks to this deviation from prevalent security research, it represents an interesting research area. We will discuss the most important archetypes and standards of browser-based identity federation. The results of our careful investigation include vulnerabilities as well as novel security mechanisms, which have improved major standards. We will present the first formal model for browser-based protocols built upon the Reactive Simulatability framework, and establish channel authenticity as new security goal for this area. Through our formal model of the standardized WS-Federation Passive Requestor Profile, we achieve the first rigorous security proof for browser-based identity federation.

E-Mail Address thomasgross (at)
Last Change 2011-02-14 01:51:16
To provide an update on this entry, please click .

Contact: phds (at)

[ IACR home page ] [ IACR PhDs page ] © IACR