Saturday, June 26, 2010

A Secure Cookie Protocol

Abstract
Cookies are the primary means for web applications to authenticate HTTP requests and to maintain client states.Many web applications (such as electronic commerce)demand a secure cookie protocol.Such a protocol needs to provide the following four services: authentication,confidentiality, integrity and anti-replay.Several secure cookie protocols have been proposed in previous literature; however,none of them are completely satisfactory.In this paper,we propose a secure cookie protocol that is effective,efficient,and easy to deploy.In terms of effectiveness,our protocol provides all of the above four security services.In terms of efficiency, our protocol does not involve any database lookup or public key cryptography. In terms of deploy-ability,our protocol can be easily deployed on an existing web server,and it does not require any change to the Internet cookie specification.We implemented our secure cookie protocol using PHP,and the experimental results show that our protocol is very efficient.

Download PDF

No comments: