A New Design for a Practical Secure Cookies System
نویسندگان
چکیده
Because of the stateless character of HTTP, cookies were invented to maintain continuity and states on the Web. Cookies which have user-related information are transmitted and stored, so an attacker can easily copy and modify them for his own purpose. Therefore, cookies are exposed to serious security threats such as network threats, end-system threats, and cookie-harvesting threats. In this paper, we present a secure cookie system for solving these security weaknesses of typical web cookies. Since our system is based on the Public Key Infrastructure (PKI), it provides mutual authentication between clients and servers, and ensures the confidentiality and integrity of user information. We have implemented our secure cookie system and compare it here to the Secure Socket Layer (SSL) protocol that is widely used to provide the security in the HTTP environment.
منابع مشابه
Secure Cookies on the Web
T he World Wide Web facilitates e-commerce on the Internet via its underlying hypertext transport protocol, which carries all interactions between Web servers and browsers.1 Since HTTP is stateless, however, it does not support continuity for browser-server interaction between successive user visits. Without a concept of a session in HTTP, users are strangers to a website every time they access...
متن کاملDesign, Implementation and Evaluation of Electronic Teaching of Practical and Theoretical Histology Courses: a New Experience at Isfahan University of Medical Science
Introduction: Electronic education system using advanced and varied technology tries to improve quality of teaching-learning process. This research aimed to design and implement the new electronic teaching system in histology courses (theoretical and practical) at the Isfahan University of Medical Sciences. Methods: This action research was conducted in department of anatomy and molecular biol...
متن کاملMapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملChapter 1 RBAC ON THE WEB BY SECURE COOKIES
Current approaches to access control on Web servers do not scale to enterprisewide systems, since they are mostly based on individual users. Therefore, we were motivated by the need to manage and enforce the strong access control technology of RBAC in large-scale Web environments. Cookies can be used to support RBAC on the Web, holding users’ role information. However, it is insecure to store a...
متن کاملRBAC on the Web by Secure Cookies
Current approaches to access control on Web servers do not scale to enterprisewide systems, since they are mostly based on individual users. Therefore, we were motivated by the need to manage and enforce the strong access control technology of RBAC in large-scale Web environments. Cookies can be used to support RBAC on the Web, holding users’ role information. However, it is insecure to store a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- J. Inf. Sci. Eng.
دوره 22 شماره
صفحات -
تاریخ انتشار 2006