HTTP Cookies: Standards, privacy, and politics
ACM Transactions on Internet Technology (TOIT)
IEEE Internet Computing
Protecting Web Usage of Credit Cards Using One-Time Pad Cookie Encryption
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Dos and don'ts of client authentication on the web
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
WISM'11 Proceedings of the 2011 international conference on Web information systems and mining - Volume Part I
Getting web authentication right: a best-case protocol for the remaining life of passwords
SP'11 Proceedings of the 19th international conference on Security Protocols
A new scheme with secure cookie against SSLStrip attack
WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
Cookie-proxy: a scheme to prevent SSLStrip attack
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
| Hi-index | 0.00 |
HTTP (Hypertext Transfer Protocol) is a stateless protocol widely used in internet world wide web. The idea behind a stateless design is to simplify the server conception because there is no need to dynamically allocate storage to deal with conversations in progress. If a client dies in mid-transaction, no part of the system needs to be responsible for cleaning the present state of the server. However, this forces web developers to use alternative methods to authenticate HTTP requests and to maintain users' states. A common method for solving this problem involves sending and receiving cookies. Such mechanism implies a serious security threats. Some secure cookie solutions have been proposed in literature, but still vulnerable, particularly to replay attacks. In this paper, we propose a secure cookie mechanism that implements an intermediary reverse Proxy patterns to ensure users' sessions management and to provide the following security services: source authentication, integrity control and no-replay attacks.