Efficient Cookie Revocation for Web Authentication

被引:0
|
作者
Ye, Ruopeng [1 ]
Chan, Agnes [1 ]
Zhu, Feng [1 ]
机构
[1] Northeastern Univ, Coll Comp & Informat Sci, Boston, MA 02115 USA
来源
INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY | 2007年 / 7卷 / 01期
关键词
Cookie revocation; Web authentication;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Many web-based services use persistent cookies to store user authentication information on the disk. In these services, when a web browser connects to the server, it sends the persistent cookies to automate the authentication process so that the user does not need to type in the username or password. However, current web authentication architecture does not have a proper expiration mechanism. As a consequence, a hacker can use an expired cookie to gain unauthorized access to the web services. To fix this problem, we propose two schemes for the web servers to efficiently store and verify cookie state information. We show that these schemes can effectively stop the replay-attack from expired cookies and can be easily implemented.
引用
收藏
页码:320 / 329
页数:10
相关论文
共 50 条
  • [21] Enabling Fast and Privacy-Preserving Broadcast Authentication With Efficient Revocation for Inter-Vehicle Connections
    Lyu, Chen
    Pande, Amit
    Zhang, Yuanyuan
    Gu, Dawu
    Mohapatra, Prasant
    IEEE TRANSACTIONS ON MOBILE COMPUTING, 2024, 23 (04) : 3309 - 3327
  • [22] A Uniform Identity Authentication Method Based on Cookie Ticket
    Chen, Dejun
    Xiong, Zhuang
    Zhang, Yaqi
    Kong, Xiaoli
    Long, Yihong
    2016 3RD INTERNATIONAL CONFERENCE ON INFORMATION SCIENCE AND CONTROL ENGINEERING (ICISCE), 2016, : 134 - 138
  • [23] A new method for reducing the revocation delay in the attribute authentication
    Kakizaki, Yoshio
    Tsuji, Hidekazu
    ARES 2007: SECOND INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, 2007, : 1175 - +
  • [24] Anonymous authentication with optional shared anonymity revocation and linkability
    Schaffer, Martin
    Schartner, Peter
    SMART CARD RESEARCH AND ADVANCED APPLICATIONS, PROCEEDINGS, 2006, 3928 : 206 - 221
  • [25] A Scheme for Distributed Vehicle Authentication and Revocation in Decentralized VANETs
    Naskar, Sujash
    Brunetta, Carlo
    Hancke, Gerhard
    Zhang, Tingting
    Gidlund, Mikael
    IEEE ACCESS, 2024, 12 : 68648 - 68667
  • [26] Efficient offline certificate revocation
    Muñoz, JL
    Forné, J
    Esparza, O
    Soriano, M
    INTERACTIVE MULTIMEDIA ON NEXT GENERATION NETWORKS, 2003, 2899 : 319 - 330
  • [27] A Blockchain-Based Privacy-Awareness Authentication Scheme With Efficient Revocation for Multi-Server Architectures
    Xiong, Ling
    Li, Fagen
    Zeng, Shengke
    Peng, Tu
    Liu, Zhicai
    IEEE ACCESS, 2019, 7 : 125840 - 125853
  • [28] Efficient Revocation of Capability Tokens
    Buschsieweke, Marian
    Guenes, Mesut
    PROCEEDINGS OF THE IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM 2022, 2022,
  • [29] Efficient revocation in group signatures
    Bresson, E
    Stern, J
    PUBLIC KEY CRYPTOGRAPHY, PROCEEDINGS, 2001, 1992 : 190 - 206
  • [30] An efficient k-Means authentication scheme for digital certificates revocation validation in vehicular ad hoc networks
    Almulla, Mohammed
    Zhang, Qingwei
    Boukerche, Azzedine
    Ren, Yonglin
    WIRELESS COMMUNICATIONS & MOBILE COMPUTING, 2014, 14 (16): : 1546 - 1563
12345