Title :
Using Session Identifiers as Authentication Tokens
Author :
Chen, Lanxiang ; Feng, Dan ; Shi, Zhan ; Zhou, Feng
Author_Institution :
Sch. of Comput. Sci. & Technol., Huazhong Univ. of Sci. & Technol., Wuhan, China
Abstract :
As authentication provides crucial online identity, it is the basis of data security. In this paper, a session based authentication is proposed and the long unique un-guessable session identifier is used as a parameter of an authentication token. It has the advantages of one-timeness, short-lived and no prior knowledge requirement. The session model is established with detailed implementation of communication protocol. The security of this protocol is then analyzed formally and the results show that the protocol can resist various attacks, e.g. session hijacking, message replay and pharming attacks etc. Finally, a case is studied and the performance of the application is evaluated, which indicates that the proposed scheme is simpler and more efficient than the existing schemes.
Keywords :
protocols; security of data; authentication tokens; communication protocol; crucial online identity; data security; message replay; pharming attacks; session based authentication; session hijacking; unique unguessable session identifier; Authentication; Communications Society; Computer science; Content addressable storage; Data security; Fingerprint recognition; Laboratories; Paper technology; Protocols; Uniform resource locators;
Conference_Titel :
Communications, 2009. ICC '09. IEEE International Conference on
Conference_Location :
Dresden
Print_ISBN :
978-1-4244-3435-0
Electronic_ISBN :
1938-1883
DOI :
10.1109/ICC.2009.5199560
