Efficient Cookie Revocation for Web Authentication

被引:0
|
作者
Ye, Ruopeng [1 ]
Chan, Agnes [1 ]
Zhu, Feng [1 ]
机构
[1] Northeastern Univ, Coll Comp & Informat Sci, Boston, MA 02115 USA
来源
INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY | 2007年 / 7卷 / 01期
关键词
Cookie revocation; Web authentication;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Many web-based services use persistent cookies to store user authentication information on the disk. In these services, when a web browser connects to the server, it sends the persistent cookies to automate the authentication process so that the user does not need to type in the username or password. However, current web authentication architecture does not have a proper expiration mechanism. As a consequence, a hacker can use an expired cookie to gain unauthorized access to the web services. To fix this problem, we propose two schemes for the web servers to efficiently store and verify cookie state information. We show that these schemes can effectively stop the replay-attack from expired cookies and can be easily implemented.
引用
收藏
页码:320 / 329
页数:10
相关论文
共 50 条
  • [1] An efficient authentication scheme with revocation capability
    Department of Information Management, Chinese Culture University, 55, Hwa-Kang Road, Yang-Ming-Shan, Taipei , Taiwan
    WSEAS Trans. Inf. Sci. Appl., 2007, 6 (1263-1268):
  • [2] TACKing Together Efficient Authentication, Revocation, and Privacy in VANETs
    Studer, Ahren
    Shi, Elaine
    Bai, Fan
    Perrig, Adrian
    2009 6TH ANNUAL IEEE COMMUNICATIONS SOCIETY CONFERENCE ON SENSOR, MESH AND AD HOC COMMUNICATIONS AND NETWORKS (SECON 2009), 2009, : 484 - +
  • [3] Flexible Certificate Revocation List for Efficient Authentication in IoT
    Duan, Li
    Li, Yong
    Liao, Lijun
    PROCEEDINGS OF THE 8TH INTERNATIONAL CONFERENCE ON THE INTERNET OF THINGS (IOT'18), 2018,
  • [4] ARBRA: Anonymous reputation-based revocation with efficient authentication
    Xi, Li
    Shao, Jianxiong
    Yang, Kang
    Feng, Dengguo
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2014, 8783 : 33 - 53
  • [5] A Secure and Efficient Authentication Protocol (SEAP) for MANETs with Membership Revocation
    Maity, Soumyadev
    Hansdah, R. C.
    2013 IEEE 27TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS WORKSHOPS (WAINA), 2013, : 363 - 370
  • [6] Efficient Message Authentication with Revocation Transparency Using Blockchain for Vehicular Networks
    Li, Kang
    Lau, Wang Fat
    Au, Man Ho
    Ho, Ivan Wang-Hei
    Wang, Yilei
    COMPUTERS & ELECTRICAL ENGINEERING, 2020, 86
  • [7] The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws
    Drakonakis, Kostas
    Ioannidis, Sotiris
    Polakis, Jason
    CCS '20: PROCEEDINGS OF THE 2020 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2020, : 1953 - 1970
  • [8] Half-Baked Cookies: Hardening Cookie-Based Authentication for the Modern Web
    Mundada, Yogesh
    Feamster, Nick
    Krishnamurthy, Balachander
    ASIA CCS'16: PROCEEDINGS OF THE 11TH ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, : 675 - 686
  • [9] Cross Cookie: A Cookie Protocol for Web Mashups
    Guo, Rui
    Zhou, Bosheng
    PROCEEDINGS OF THE INTERNATIONAL SYMPOSIUM ON ELECTRONIC COMMERCE AND SECURITY, 2008, : 416 - 420
  • [10] An efficient conditional privacy-preserving authentication scheme with scalable revocation for VANETs
    Shen, Leyan
    Wang, Liangliang
    Zhang, Kai
    Li, Jinguo
    Chen, Kefei
    JOURNAL OF SYSTEMS ARCHITECTURE, 2022, 133
12345