Cache cookies for browser authentication

Author

Juels, Ari ; Jakobsson, Markus ; Jagatic, Tom N.

fYear

2006

fDate

21-24 May 2006

Lastpage

305

Abstract

Like conventional cookies, cache cookies are data objects that servers store in Web browsers. Cache cookies, however, are unintentional byproducts of protocol design for browser caches. They do not enjoy any explicit interface support or security policies. In this paper, we show that despite limitations, cache cookies can play a useful role in the identification and authentication of users. Many users today block conventional cookies in their browsers as a privacy measure. The cache-cookie tools we propose can help restore lost usability and convenience to such users while maintaining good privacy. As we show, our techniques can also help combat online security threats such as phishing and pharming that ordinary cookies cannot. The ideas we introduce for cache-cookie management can strengthen ordinary cookies as well. The full version of this paper may be referenced at www.ravenwhite.com

Keywords

cache storage; computer viruses; data privacy; online front-ends; Web browsers; browser authentication; browser caches; cache cookies; cache-cookie management; cache-cookie tools; data objects; data privacy; malware; online security threats; pharming; phishing; user authentication; user identification; Authentication; Data security; Displays; Image restoration; Laboratories; Privacy; Protocols; Usability; Web pages; Web server; Web browser; cache cookies; malware; personalization; pharming; phishing; privacy;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 2006 IEEE Symposium on

Conference_Location

Berkeley/Oakland, CA

ISSN

1081-6011

Print_ISBN

0-7695-2574-1

Type

conf

DOI

10.1109/SP.2006.8

Filename

1624020