Secure and efficient protection for HTTP cookies with self‐verification

@article{Lee2019SecureAE,
  title={Secure and efficient protection for HTTP cookies with self‐verification},
  author={Wei-Bin Lee and Hsing-Bai Chen and Shun-Shyan Chang and Tzungher Chen},
  journal={International Journal of Communication Systems},
  year={2019},
  volume={32}
}
Hypertext transfer protocol (HTTP) cookies are used to store user‐related information sent by a website, and they can be read again later to maintain a link between a user's computer and the website and to remember the user's previous state on the website. In cloud services, cookies are used by service providers to maintain smooth operation for users. As cookies are sent in a public networking environment and saved on users' browsers, two problems are encountered when using cookies: (a) how to… 
Preventing Session Hijacking using Encrypted One-Time-Cookies
TLDR
This paper has used one time cookies to prevent attacker from performing cookie injection, and has verified that the proposed system can ensure confidentiality, authenticity and integrity through security analysis.
Key-Based Cookie-Less Session Management Framework for Application Layer Security
TLDR
A comprehensive scheme that allows the unification of multiple security mechanisms, thereby removing the burden of authentication, mutual authentication, continuous authentication, and session management from the application development life-cycle is proposed.
Forensic Artefact Discovery and Attribution from Android Cryptocurrency Wallet Applications
TLDR
It is demonstrated how one can acquire forensic artefacts from Android Bitcoin and Dogecoin cryptocurrency wallets, such as wallet IDs, transaction IDs, timestamp information, email addresses, cookies, and OAuth tokens.
An Intelligent System for Preventing SSL Stripping-based Session Hijacking Attacks
TLDR
An intelligent system to prevent SSL Stripping based session hijacking attacks is proposed in this paper and serves to both protect and educate users without causing them an unnecessary annoyance.
How Blockchain Technology Can Benefit Marketing: Six Pending Research Areas
TLDR
This conceptual paper illustrates how blockchain technology acts as incremental innovation, empowering the consumer-centric paradigm, and presents six propositions that will guide future blockchain-related research in the area of marketing.
Applications of Blockchain Technology for Digital Marketing
  • Kazi Turin Rahman
  • Business
    Advances in Marketing, Customer Relationship Management, and E-Services
  • 2021
TLDR
The chapter will look to uncover the various impacts of using blockchain technology on digital marketing, which include improving digital marketing security, countering click fraud, developing trust and transparency, and creating loyalty programs.

References

SHOWING 1-10 OF 34 REFERENCES
A secure cookie scheme
A New Design for a Practical Secure Cookies System
TLDR
A secure cookie system is presented that provides mutual authentication between clients and servers, and ensures the confidentiality and integrity of user information, and is compared to the Secure Socket Layer protocol that is widely used to provide the security in the HTTP environment.
One-time cookies: Preventing session hijacking attacks with stateless authentication tokens
TLDR
It is shown that OTC can be combined with HTTPS to effectively add another layer of security to Web applications with minimal impact on performance and scalability.
Path Leaks of HTTPS Side-Channel by Cookie Injection
TLDR
A new side-channel attack against HTTPS (HTTP over TLS) by exploiting cookie injection is presented, able to reveal the full path of unknown URLs visited by the victim, exploiting cookie-path matching vulnerabilities in Internet Explorer, Edge, Safari, etc.
The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information
TLDR
An in-depth assessment of a diverse set of major websites is conducted and reveals what functionality and information is exposed to attackers that have hijacked a user's HTTP cookies, suggesting that a significant portion of Tor users may be vulnerable to cookie hijacking.
The Dos and Don'ts of Client Authentication on the Web
TLDR
This work proposes a set of hints for designing a secure client authentication scheme and presents the design and analysis of a simple authentication scheme secure against forgeries by the interrogative adversary, in conjunction with SSL.
Cache cookies for browser authentication
TLDR
It is shown that despite limitations, cache cookies can play a useful role in the identification and authentication of users and can also help combat online security threats such as phishing and pharming that ordinary cookies cannot.
Protecting Web usage of credit cards using One-Time Pad cookie encryption
TLDR
This work introduces and discusses in detail the secure distributed storage of sensitive information using HTTP cookie encryption, and is able to employ One-Time Pads to encrypt the cookies, because encryption and decryption are both done by the server.
An Improved Privacy Preserving Construction for Data Integrity Verification in Cloud Storage
TLDR
A data integrity verification scheme by deploying a designated confirmer signature DCS as a building block that strikes the balance between public verifiable signatures and zero-knowledge proofs which can address disputes between the cloud storage server and any user, whoever acting as a malicious player during the two-round verification.
Secure Cookies on the Web
TLDR
Internet e-commerce is somewhat limited in using cookies because sensitive information cannot be securely stored and communicated in typical cookies, but Secure cookies offer a potential solution to this problem.
...
...