Efficient Cookie Revocation for Web Authentication

被引：0

作者：

Ye, Ruopeng ^{[1
]}

Chan, Agnes ^{[1
]}

Zhu, Feng ^{[1
]}

机构：

[1] Northeastern Univ, Coll Comp & Informat Sci, Boston, MA 02115 USA

来源：

INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY | 2007年 / 7卷 / 01期

关键词：

Cookie revocation; Web authentication;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Many web-based services use persistent cookies to store user authentication information on the disk. In these services, when a web browser connects to the server, it sends the persistent cookies to automate the authentication process so that the user does not need to type in the username or password. However, current web authentication architecture does not have a proper expiration mechanism. As a consequence, a hacker can use an expired cookie to gain unauthorized access to the web services. To fix this problem, we propose two schemes for the web servers to efficiently store and verify cookie state information. We show that these schemes can effectively stop the replay-attack from expired cookies and can be easily implemented.

引用

页码：320 / 329

页数：10

共 50 条

[31] An efficient identity authentication protocol with revocation, tracking and fine-grained access control for electronic medical system
Ma, Kui
Song, Guoji
Zhou, Yanwei
Xu, Ran
Yang, Bo
COMPUTER STANDARDS & INTERFACES, 2024, 88
[32] Certificate Revocation Guard (CRG): An Efficient Mechanism for Checking Certificate Revocation
Hu, Qinwen
Asghar, Muhammad Rizwan
Brownlee, Nevil
2016 IEEE 41ST CONFERENCE ON LOCAL COMPUTER NETWORKS (LCN), 2016, : 527 - 530
[33] Fully Decentralized Authentication and Revocation Scheme in Data Sharing Systems
Li, Xiehua
Jiang, Jie
Chen, Yichen
2018 17TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (IEEE TRUSTCOM) / 12TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING (IEEE BIGDATASE), 2018, : 674 - 680
[34] Research of Passing Parameters of Web Base on Cookie
Kou, Qiongjie
Zhang, Quanyou
EPLWW3S 2011: 2011 INTERNATIONAL CONFERENCE ON ECOLOGICAL PROTECTION OF LAKES-WETLANDS-WATERSHED AND APPLICATION OF 3S TECHNOLOGY, VOL 1, 2011, : 429 - 431
[35] Authentication Mechanism with Immediate Revocation in POD Copy Protection System
Ju, HakSoo
Nam, SuhYun
Kim, DaeYoub
2010 DIGEST OF TECHNICAL PAPERS INTERNATIONAL CONFERENCE ON CONSUMER ELECTRONICS ICCE, 2010,
[36] A method of user revocation using authentication tree of group signature
Cai, Yong-Quan
Liu, Yan
Beijing Gongye Daxue Xuebao / Journal of Beijing University of Technology, 2010, 36 (01): : 104 - 111
[37] An authentication logic with formal semantics supporting synchronization, revocation, and recency
Stubblebine, SG
Wright, RN
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2002, 28 (03) : 256 - 285
[38] A Privacy-Preserving Authentication and Pseudonym Revocation Scheme for VANETs
Qi, Jiayu
Gao, Tianhan
IEEE ACCESS, 2020, 8 : 177693 - 177707
[39] An Anonymous Authentication Protocol With Delegation and Revocation for Content Delivery Networks
Xiong, Hu
Zhou, Zhida
Wang, Lili
Zhao, Zetong
Huang, Xin
Zhang, Hao
IEEE SYSTEMS JOURNAL, 2022, 16 (03): : 4118 - 4129
[40] Investigate and Improve the Certificate Revocation in Web PKI
Zhang, Chengyuan
An, Changqing
Yu, Tao
Zheng, Zhiyan
Wang, Jilong
PROCEEDINGS OF 2024 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, NOMS 2024, 2024,

← 1 2 3 4 5 →