Using session identifiers as authentication tokens

  • Authors:

  • Lanxiang Chen;Dan Feng;Zhan Shi;Feng Zhou

  • Affiliations:

  • School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan Hubei, P.R.China and Department of Optoelectronics Information Storage, National Laboratory for Opto ...;School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan Hubei, P.R.China and Department of Optoelectronics Information Storage, National Laboratory for Opto ...;School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan Hubei, P.R.China and Department of Optoelectronics Information Storage, National Laboratory for Opto ...;School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan Hubei, P.R.China and Department of Optoelectronics Information Storage, National Laboratory for Opto ...

  • Venue:
  • ICC'09 Proceedings of the 2009 IEEE international conference on Communications
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

As authentication provides crucial online identity, it is the basis of data security. In this paper, a session based authentication is proposed and the long unique un-guessable session identifier is used as a parameter of an authentication token. It has the advantages of one-timeness, short-lived and no prior knowledge requirement. The session model is established with detailed implementation of communication protocol. The security of this protocol is then analyzed formally and the results show that the protocol can resist various attacks, e.g. session hijacking, message replay and pharming attacks etc. Finally, a case is studied and the performance of the application is evaluated, which indicates that the proposed scheme is simpler and more efficient than the existing schemes.