Title :
A secure cookie protocol
Author :
Liu, Alex X. ; Kovacs, Jason M. ; Huang, Chin-Tser ; Gouda, Mohamed G.
Author_Institution :
Dept. of Comput. Sci., Texas Univ., Austin, TX, USA
Abstract :
Cookies are the primary means for Web applications to authenticate HTTP requests and to maintain client states. Many Web applications (such as electronic commerce) demand a secure cookie protocol. Such a protocol needs to provide the following four services: authentication, confidentiality, integrity and antireplay. Several secure cookie protocols have been proposed in previous literature; however, none of them are completely satisfactory. In this paper, we propose a secure cookie protocol that is effective, efficient, and easy to deploy. In terms of effectiveness, our protocol provides all of the above four security services. In terms of efficiency, our protocol does not involve any database lookup or public key cryptography. In terms of deployability, our protocol can be easily deployed on an existing Web server, and it does not require any change to the Internet cookie specification. We implemented our secure cookie protocol using PHP, and the experimental results show that our protocol is very efficient.
Keywords :
Internet; client-server systems; data integrity; file servers; hypermedia; message authentication; telecommunication security; telecommunication services; transport protocols; HTTP request authentication; Internet; PHP; Web server; client state; cookie protocol security; data integrity; hypertext transfer protocol; security service; Application software; Authentication; Computer science; Cryptographic protocols; Data security; Databases; Electronic commerce; Maintenance engineering; Public key cryptography; Web server;
Conference_Titel :
Computer Communications and Networks, 2005. ICCCN 2005. Proceedings. 14th International Conference on
Print_ISBN :
0-7803-9428-3
DOI :
10.1109/ICCCN.2005.1523880
