Department of Computer Sciences The University of Texas at Austin A Secure Cookie Protocol Alex X. Liu Department of Computer Sciences The University of.

Slides:



Advertisements
Similar presentations
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Advertisements

Cryptography and Network Security Chapter 16
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
1 Diverse Firewall Design Alex X. Liu The University of Texas at Austin, U.S.A. July 1, 2004 Co-author: Mohamed G. Gouda.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Firewall Query Engine and Firewall Comparison Engine Mohamed Gouda Alex X. Liu Computer Science Department The University of Texas at Austin.
Architecture & Integration: CP v x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
SSH Secure Login Connections over the Internet
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
Real Security InterSwyft Technical information's.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Session 11: Security with ASP.NET
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
DATA DYNAMICS AND PUBLIC VERIFIABILITY CHECKING WITHOUT THIRD PARTY AUDITOR GUIDED BY PROJECT MEMBERS: Ms. V.JAYANTHI M.E Assistant Professor V.KARTHIKEYAN.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure.
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Feedback #2 (under assignments) Lecture Code:
Network Security Essentials Chapter 5
Web Application Security Presented by Ben Lake. How the Web Works Hypertext Transfer Protocol (HTTP)  Application-level  Stateless Example  Web Browser.
Chapter 21 Distributed System Security Copyright © 2008.
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.
Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.
An Overview and Evaluation of Web Services Security Performance Optimizations Robert van Engelen & Wei Zhang Department of Computer Science Florida State.
Web Database Programming Week 7 Session Management & Authentication.
Department of Computer Engineering, Kyungpook National University Author : Eun-Jun Yoon, Wan-Soo Lee, Kee-Young Yoo Speaker : Wan-Soo Lee
Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
CIS 451: Cookies Dr. Ralph D. Westfall February, 2009.
Secure Messenger Protocol using AES (Rijndael) Sang won, Lee
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Web Technologies Lecture 6 State preservation. Motivation How to keep user data while navigating on a website? – Authenticate only once – Store wish list.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.
Presented By: Kasey Campbell John Geer.  Hermes Company Transfer will allow the passing of files, large or small, between companies.  All files are.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
Dos and Don’ts of Client Authentication on the Web Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster Presented: Jesus F. Morales.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
WEB SECURITY WEEK 1 Computer Security Group University of Texas at Dallas.
Group 18: Chris Hood Brett Poche
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
Web Systems Development (CSC-215)
SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET
Session Hijacking Tarun Lall.
Single Password, Multiple Accounts
Presentation transcript:

Department of Computer Sciences The University of Texas at Austin A Secure Cookie Protocol Alex X. Liu Department of Computer Sciences The University of Texas at Austin Co-authors: Jason M. Kovacs (UT), Chin-Tser Huang (Univ. of South Carolina), Mohamed G. Gouda (UT)

2 Alex X. LiuThe University of Texas at Austin HTTP is stateless Request/ response

3 Alex X. LiuThe University of Texas at Austin Web Application is Stateful Shopping cart

4 Alex X. LiuThe University of Texas at Austin Web Authentication

5 Alex X. LiuThe University of Texas at Austin Cookie  Cookie: data that records state of clients  Cookies need to be secure first request(user/password) subsequent request(cookie) response(cookie) Response(new cookie) … verify user/password verify cookie; if necessary, create a new cookie BrowserServer

6 Alex X. LiuThe University of Texas at Austin Security Requirements of Cookies  Authentication ─ Login phase: verify client by password ─ Subsequent-requests phase: verify client by cookie  Confidentiality ─ Observation: only server need to read cookie content! ─ Low-level: only server and client can read cookie content ─ High-level: only server can read cookie content  Integrity ─ Detect modified cookies  Anti-replay ─ Detect stolen cookies

7 Alex X. LiuThe University of Texas at Austin Efficiency Requirements  No database lookup in verifying a cookie

8 Alex X. LiuThe University of Texas at Austin State of the art  Fu’s cookie scheme:[Fu et al. 2001]  Three security problems: ─ Lack of confidentiality ─ Replay attacks ─ Volume attacks user name|expiration time|data| HMAC( user name|expiration time|data, server key )

9 Alex X. LiuThe University of Texas at Austin Confidentiality  Lack of high-level confidentiality.  Use server key?  [Xu et al. 2002]: store 1 key/user in database ─ Database lookup is inefficient  [Park & Sandhu 2000]: store unique key in cookie ─ Problem: public key cryptography is inefficient  Our solution: use HMAC( user name|expiration time, server key ) as the encryption key user name|expiration time|data| HMAC( user name|expiration time|data, server key )

10 Alex X. LiuThe University of Texas at Austin Replay attacks  To launch replay attacks ─ Steal someone’s cookie (using Trojans, worms, etc) ─ Replay the cookie  Our Solution: make cookie session dependent user name|expiration time|(data) k | HMAC( user name|expiration time|data, server key ) k= HMAC( user name|expiration time, server key ) user name|expiration time|(data) k | HMAC( user name|expiration time|data|session key, server key ) k= HMAC( user name|expiration time, server key )

11 Alex X. LiuThe University of Texas at Austin Volume attacks  Same server key for all cookies – not safe  [Fu 2001] suggests to change server keys periodically ─ For some cookies, we have to verify twice  Our Solution: replace server key by encryption key user name|expiration time|(data) k | HMAC( user name|expiration time|data|session key, server key ) k= HMAC( user name|expiration time, server key ) user name|expiration time|(data) k | HMAC( user name|expiration time|data|session key, k ) k= HMAC( user name|expiration time, server key )

12 Alex X. LiuThe University of Texas at Austin Implementation  Keyed-hash msg auth code: HMAC-SHA1  Encryption: Rijndael-256 algorithm  Server key: 160 bits  HMAC-SHA1 output: 320 bits  Implemented 5 protocols: ─ Insecure cookie protocol ─ Fu’s cookie protocol with low-level confidentiality ─ Our cookie protocol with low-level confidentiality ─ Fu’s cookie protocol with high-level confidentiality ─ Our cookie protocol with high-level confidentiality  Fu’s cookie protocol with high-level confidentiality: use the server key to encrypt data

13 Alex X. LiuThe University of Texas at Austin Setup  Server: medium-load server, 2.4 GHz Celeron, 512MB RAM, Windows server 2003 standard edition, IIS 6.0, PHP , MySQL 2.23  Client: 2.8 GHz Pentium 4, 512 MB RAM, Red Hat 3.0  Link: dedicated gigabit link, RRT=0.9ms  Server creates a new cookie for each request  End-to-end latency: ─ (1) time for transferring request with cookie to server ─ (2) time for verifying the cookie ─ (3) time for creating a new cookie ─ (4) time for transferring response with new cookie to client

14 Alex X. LiuThe University of Texas at Austin Results: impacts on client

15 Alex X. LiuThe University of Texas at Austin Results: impacts on server

16 Alex X. LiuThe University of Texas at Austin Contributions  Discover 3 problems in state-of-art cookie protocol  Propose a cookie protocol that solves those problems  Conduct performance evaluation and comparison  Conclusion: ─ Security: better ─ Performance: close

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.