• Login
    View Item 
    •   SMARTech Home
    • College of Computing (CoC)
    • School of Computer Science (SCS)
    • School of Computer Science Technical Reports
    • View Item
    •   SMARTech Home
    • College of Computing (CoC)
    • School of Computer Science (SCS)
    • School of Computer Science Technical Reports
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    One-Time Cookies: Preventing Session Hijacking Attacks with Disposable Credentials

    Thumbnail
    View/Open
    GT-CS-11-04.pdf (373.9Kb)
    Date
    2011
    Author
    Dacosta, Italo
    Chakradeo, Saurabh
    Ahamad, Mustaque
    Traynor, Patrick
    Metadata
    Show full item record
    Abstract
    Many web applications are vulnerable to session hijacking attacks due to the insecure use of cookies for session management. The most recommended defense against this threat is to completely replace HTTP with HTTPS. However, this approach presents several challenges (e.g., performance and compatibility concerns) and therefore, has not been widely adopted. In this paper, we propose “One-Time Cookies” (OTC), an HTTP session authentication protocol that is efficient, easy to deploy and resistant to session hijacking. OTC’s security relies on the use of disposable credentials based on a modified hash chain construction. We implemented OTC as a plug-in for the popular WordPress platform and conducted extensive performance analysis using extensions developed for both Firefox and Firefox for mobile browsers. Our experiments demonstrate the ability to maintain session integrity with a throughput improvement of 51% over HTTPS and a performance approximately similar to a cookie-based approach. In so doing, we demonstrate that one-time cookies can significantly improve the security of web sessions with minimal changes to current infrastructure.
    URI
    http://hdl.handle.net/1853/37000
    Collections
    • College of Computing Technical Reports [505]
    • School of Computer Science Technical Reports [105]

    Browse

    All of SMARTechCommunities & CollectionsDatesAuthorsTitlesSubjectsTypesThis CollectionDatesAuthorsTitlesSubjectsTypes

    My SMARTech

    Login

    Statistics

    View Usage StatisticsView Google Analytics Statistics
    facebook instagram twitter youtube
    • My Account
    • Contact us
    • Directory
    • Campus Map
    • Support/Give
    • Library Accessibility
      • About SMARTech
      • SMARTech Terms of Use
    Georgia Tech Library266 4th Street NW, Atlanta, GA 30332
    404.894.4500
    • Emergency Information
    • Legal and Privacy Information
    • Human Trafficking Notice
    • Accessibility
    • Accountability
    • Accreditation
    • Employment
    © 2020 Georgia Institute of Technology