WSKE: Web Server Key Enabled Cookies
نویسندگان
چکیده
In this paper, we present the design and prototype of a new approach to cookie management: if a server deposits a cookie only after authenticating itself via the SSL handshake, the browser will return the cookie only to a server that can authenticate itself, via SSL, to the same keypair. This approach can enable usable but secure client authentication. This approach can improve the usability of server authentication by clients. This approach is superior to the prior work on Active Cookies in that it defends against both DNS spoofing and IP spoofing—and does not require binding a user’s interaction with a server to individual IP addresses.
منابع مشابه
Secure Cookies on the Web
T he World Wide Web facilitates e-commerce on the Internet via its underlying hypertext transport protocol, which carries all interactions between Web servers and browsers.1 Since HTTP is stateless, however, it does not support continuity for browser-server interaction between successive user visits. Without a concept of a session in HTTP, users are strangers to a website every time they access...
متن کاملClient Side Filter Enhancement using Web Proxy
In early days, web pages always use a state for keeping an authentication state between browsers and web applications called cookies, these cookies are sent to the browser by the web server’s after the users have been successfully authenticated. Every request that contains the valid cookies will be automatically allowed by the web sites without any further check. The cookies are used to identif...
متن کاملPrevention of Cross-Site Scripting Vulnerabilities using Dynamic Hash Generation Technique on the Server Side
Cookies are a means to provide stateful communication over the HTTP. In the World Wide Web (WWW), once the user using web browser has been successfully authenticated by the web server of the web application, then the web server will generate and transfer the cookie to the web browser. Now each time, if the user again wants to send a request to the web server as a part of the active connection, ...
متن کاملHardened Stateless Session Cookies
Stateless session cookies allow web applications to alter their behaviour based on user preferences and access rights, without maintaining server-side state for each session. This is desirable because it reduces the impact of denial of service attacks and eases database replication issues in load-balanced environments. The security of existing session cookie proposals depends on the server prot...
متن کاملBloom Cookies: Web Search Personalization without User Tracking
We propose Bloom cookies that encode a user’s profile in a compact and privacy-preserving way, without preventing online services from using it for personalization purposes. The Bloom cookies design is inspired by our analysis of a large set of web search logs that shows drawbacks of two profile obfuscation techniques, namely profile generalization and noise injection, today used by many privac...
متن کامل