Preventing Session Hijacking using Encrypted One-Time-Cookies

Preventing Session Hijacking using Encrypted One-Time-Cookies

Hypertext Transfer Protocol (HTTP) cookies are pieces of information shared between HTTP server and client to remember stateful information for the stateless HTTP protocol or to record a user's browsing activity. Cookies are often used in web applications to identify a user and corresponding au...

Full description

Saved in:
Bibliographic Details
Published in:2020 Wireless Telecommunications Symposium (WTS) pp. 1 - 6
Main Authors: Prapty, Renascence Tarafder, Azmin Md, Shuhana, Hossain, Shohrab, Narman, Husnu S.
Format: Conference Proceeding
Language:English
Published: IEEE 01-04-2020
Subjects:
Browsers
Digital signatures
Encryption
One Time Cookie
Protocols
Public-Key Cryptography
Reverse Proxy Server
Servers
Session Hijacking
Symmetric Encryption
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Hypertext Transfer Protocol (HTTP) cookies are pieces of information shared between HTTP server and client to remember stateful information for the stateless HTTP protocol or to record a user's browsing activity. Cookies are often used in web applications to identify a user and corresponding authenticated session. Thus, stealing a cookie can lead to hijacking an authenticated user's session. To prevent this type of attack, a cookie protection mechanism is required. In this paper, we have proposed a secure and efficient cookie protection system. We have used one time cookies to prevent attacker from performing cookie injection. To ensure cookie integrity and confidentiality, we have encrypted sensitive information in the cookie. We have verified that our proposed system can ensure confidentiality, authenticity and integrity through security analysis. Our proposed system can efficiently prevent session hijacking performed through replay attack and cookie poisoning attack.
DOI:10.1109/WTS48268.2020.9198717