Protecting cookies against cross-site scripting attacks using cryptography

Authors:
S. Mohammadi;Farhad Koohbor
Affiliations:
Department of Industrial Engineering, K.N. Toosi University of Technology, Tehran, Iran;Department of Industrial Engineering, K.N. Toosi University of Technology, Tehran, Iran
Venue:
ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy
Year:
2010

Citing 1
Cited 0

Defeating script injection attacks with browser-enforced embedded policies

Proceedings of the 16th international conference on World Wide Web

Quantified Score

Hi-index	0.00

Visualization

Abstract

XSS attacks are the number one attacks in the Web applications. Web applications are becoming the dominant way to provide access to online services. In this paper however we will deal with protecting some resources such as cookies using cryptography. Our research proposes a method to confute attackers in using stolen cookies by encrypting the data that will be stored in the cookie. We assume that users profile can be stored in a cookie, so we should encrypt such data with a dynamic key driving from some dynamic inputs. Each time user logging in web site a new key will be generated and will be stored in the data base. Also we suppose that the data base is protecting by server side mechanism and we will only deal with client side protecting.