A proposed system for preventing session hijacking with modified one-time cookies
| Autor: | Vincy Joseph, Annies Minu Sathiyaseelan, Anuradha Srinivasaraghavan |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Authentication
Computer science 010401 analytical chemistry Session fixation Reverse proxy Session ID 02 engineering and technology Computer security computer.software_genre 01 natural sciences 0104 chemical sciences Unique identifier Session hijacking 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Session (computer science) computer |
| Zdroj: | 2017 International Conference on Big Data Analytics and Computational Intelligence (ICBDAC). |
| DOI: | 10.1109/icbdaci.2017.8070882 |
| Popis: | Most of TCP connections use HTTP to communicate; so, it becomes mandatory for every server to create a unique identifier for each and every connection. A session is a unique identifier generated by a server that is sent to a client for identifying current interaction session, which is stored in a cookie. A cookie is a short text file for identifying a particular client. Since cookies are transmitted over HTTP, they are visible and prone to attacks such as session hijacking. HTTPS is the most widely used mechanism to protect cookies, but utilizing full HTTPS support is not that easy, especially for applications that are highly distributed due to performance and financial issues. Hence, one-time cookies (OTC) are suggested as an alternative for authentication. OTC prevents various attacks, like for example session hijacking, as they are temporarily stored for a particular period of time or only for a particular session. In this work, we propose a mechanism that uses OTC to prevent an attacker to gain access to a cookie and backend server. A reverse proxy server with OTC, IP, session ID, and browser fingerprinting are used to prevent adversary from capturing session credentials. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|