Cache Cookies for Browser Authentication ( Extended
نویسندگان
چکیده
Like conventional cookies, cache cookies are data objects that servers store in Web browsers. Cache cookies, however, are unintentional byproducts of protocol design for browser caches. They do not enjoy any explicit interface support or security policies. In this paper, we show that despite limitations, cache cookies can play a useful role in the identification and authentication of users. Many users today block conventional cookies in their browsers as a privacy measure. The cache-cookie tools we propose can help restore lost usability and convenience to such users while maintaining good privacy. As we show, our techniques can also help combat online security threats such as phishing and pharming that ordinary cookies cannot. The ideas we introduce for cache-cookie management can strengthen ordinary cookies as well. The full version of this paper may be referenced at www.ravenwhite.com.
منابع مشابه
Cache Cookies for Browser Authentication ( Extended Abstract ) Ari Juels Markus Jakobsson
Like conventional cookies, cache cookies are data objects that servers store in Web browsers. Cache cookies, however, are unintentional byproducts of protocol design for browser caches. They do not enjoy any explicit interface support or security policies. In this paper, we show that despite limitations, cache cookies can play a useful role in the identification and authentication of users. Man...
متن کاملSecure Cookies on the Web
T he World Wide Web facilitates e-commerce on the Internet via its underlying hypertext transport protocol, which carries all interactions between Web servers and browsers.1 Since HTTP is stateless, however, it does not support continuity for browser-server interaction between successive user visits. Without a concept of a session in HTTP, users are strangers to a website every time they access...
متن کاملActive Cookies for Browser Authentication
We propose active cookies as a tool for stronger user/client authentication on the Web. An ordinary cookie is automatically released to any server associated with a particular domain name. It is therefore vulnerable to capture by pharming, that is, spoofing of domain names. An active cookie, by contrast, resists such pharming attacks. Active cookies rely on a new protocol we propose that channe...
متن کاملHalf-Baked Cookies: Client Authentication on the Modern Web
Modern websites set multiple authentication cookies during the login process to allow users to remain authenticated over the duration of a web session. Web applications use cookiebased authentication to provide different levels of access and authorization; the complexity of websites’ code and various combinations of authentication cookies that allow such access introduce potentially serious vul...
متن کاملPrevention of Cross-Site Scripting Vulnerabilities using Dynamic Hash Generation Technique on the Server Side
Cookies are a means to provide stateful communication over the HTTP. In the World Wide Web (WWW), once the user using web browser has been successfully authenticated by the web server of the web application, then the web server will generate and transfer the cookie to the web browser. Now each time, if the user again wants to send a request to the web server as a part of the active connection, ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006