IEEE Internet Computing
Enhancing the Security of Cookies
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
| Hi-index | 0.00 |
The HTTP does not support continuity for browser-server interaction between successive visits of a user due to a stateless feature. Cookies were invented to maintain continuity and state on the Web. Because cookies are transmitted in plain and contain text-character strings encoding relevant information about the user, the attacker can easily copy and modify them for his undue profit. In this paper, we design a secure cookies scheme based on public key certificate for solving these security weakness of typical web cookies. Our secure cookies scheme provides not only mutual authentication between client and server but also confidentiality and integrity of user information. Additionally, we implement our secure cookies scheme and compare it to the performance with SSL (Secure Socket Layer) protocol that is widely used for security of HTTP environment.