安全的cookie协议

Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005. Pub Date : 2005-10-31 DOI:10.1109/ICCCN.2005.1523880

A. Liu, Jason M. Kovacs, Chin-Tser Huang, M. Gouda

{"title":"安全的cookie协议","authors":"A. Liu, Jason M. Kovacs, Chin-Tser Huang, M. Gouda","doi":"10.1109/ICCCN.2005.1523880","DOIUrl":null,"url":null,"abstract":"Cookies are the primary means for Web applications to authenticate HTTP requests and to maintain client states. Many Web applications (such as electronic commerce) demand a secure cookie protocol. Such a protocol needs to provide the following four services: authentication, confidentiality, integrity and antireplay. Several secure cookie protocols have been proposed in previous literature; however, none of them are completely satisfactory. In this paper, we propose a secure cookie protocol that is effective, efficient, and easy to deploy. In terms of effectiveness, our protocol provides all of the above four security services. In terms of efficiency, our protocol does not involve any database lookup or public key cryptography. In terms of deployability, our protocol can be easily deployed on an existing Web server, and it does not require any change to the Internet cookie specification. We implemented our secure cookie protocol using PHP, and the experimental results show that our protocol is very efficient.","PeriodicalId":379037,"journal":{"name":"Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005.","volume":"64 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"45","resultStr":"{\"title\":\"A secure cookie protocol\",\"authors\":\"A. Liu, Jason M. Kovacs, Chin-Tser Huang, M. Gouda\",\"doi\":\"10.1109/ICCCN.2005.1523880\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cookies are the primary means for Web applications to authenticate HTTP requests and to maintain client states. Many Web applications (such as electronic commerce) demand a secure cookie protocol. Such a protocol needs to provide the following four services: authentication, confidentiality, integrity and antireplay. Several secure cookie protocols have been proposed in previous literature; however, none of them are completely satisfactory. In this paper, we propose a secure cookie protocol that is effective, efficient, and easy to deploy. In terms of effectiveness, our protocol provides all of the above four security services. In terms of efficiency, our protocol does not involve any database lookup or public key cryptography. In terms of deployability, our protocol can be easily deployed on an existing Web server, and it does not require any change to the Internet cookie specification. We implemented our secure cookie protocol using PHP, and the experimental results show that our protocol is very efficient.\",\"PeriodicalId\":379037,\"journal\":{\"name\":\"Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005.\",\"volume\":\"64 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"45\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCN.2005.1523880\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2005.1523880","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 45

摘要

cookie是Web应用程序验证HTTP请求和维护客户机状态的主要手段。许多Web应用程序(如电子商务)需要安全的cookie协议。这样的协议需要提供以下四个服务:认证、机密性、完整性和防重放。在以前的文献中已经提出了几种安全cookie协议;然而，没有一个是完全令人满意的。在本文中，我们提出了一种有效、高效、易于部署的安全cookie协议。就有效性而言，我们的协议提供了上述四种安全服务。在效率方面，我们的协议不涉及任何数据库查找或公钥加密。就可部署性而言，我们的协议可以很容易地部署在现有的Web服务器上，并且不需要对Internet cookie规范进行任何更改。我们用PHP实现了我们的安全cookie协议，实验结果表明我们的协议是非常高效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A secure cookie protocol

Cookies are the primary means for Web applications to authenticate HTTP requests and to maintain client states. Many Web applications (such as electronic commerce) demand a secure cookie protocol. Such a protocol needs to provide the following four services: authentication, confidentiality, integrity and antireplay. Several secure cookie protocols have been proposed in previous literature; however, none of them are completely satisfactory. In this paper, we propose a secure cookie protocol that is effective, efficient, and easy to deploy. In terms of effectiveness, our protocol provides all of the above four security services. In terms of efficiency, our protocol does not involve any database lookup or public key cryptography. In terms of deployability, our protocol can be easily deployed on an existing Web server, and it does not require any change to the Internet cookie specification. We implemented our secure cookie protocol using PHP, and the experimental results show that our protocol is very efficient.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005.

自引率

0.00%

发文量