On one-time cookies protocol based on one-time password

被引：0

作者：

Junhui He

Dezhi Han

Kuan-Ching Li

机构：

[1] Shanghai Maritime University,College of Information Engineering

[2] Providence University,Department of Computer Science and Information Engineering (CSIE)

来源：

Soft Computing | 2020年 / 24卷

关键词：

Web session security; Session hijacking; One-time cookies; One-time password; Hash chain;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Cookies are used for tracking user sessions in Web servers. Though, the security vulnerability of cookies may cause session being hijacked. To resist attacks, Dacosta et al. proposed one-time cookies (OTC) protocol. Unfortunately, one primary weakness is its availability relying on time synchronization between two machines, while the other is using a fixed session key to generate OTC during session period, turning possible adversaries to crack the key. Motivated by these shortcomings, a novel OTC protocol based on a one-time password (OTP) is proposed in the paper. The protocol adopts the OTP algorithm based on a hash chain to avoid time synchronization problems and generate a dynamic key for improving the security of OTC. For efficiency, we also enhanced the OTP algorithm. Security analysis and experimental results show that the proposed OTC protocol is promising to deliver high security and minimal burden on performance.

引用

页码：5657 / 5670

页数：13

共 30 条

[1]

Callegati F(2009)Man-in-the-middle attack to the HTTPS protocol IEEE Secur Priv 7 78-81

[2]

Cerroni W(2017)Surviving the web: a journey into web session security ACM Comput Surv 50 13-1513

[3]

Ramilli M(2016)Compound rank-k projections for bilinear analysis IEEE Trans Neural Netw Learn Syst 27 1502-1197

[4]

Calzavara S(2017)Bi-level semantic representation analysis for multimedia event detection IEEE Trans Cybern 47 1180-772

[5]

Focardi R(2012)One-time cookies: preventing session hijacking attacks with stateless authentication tokens ACM Trans Internet Technol 12 1-483

[6]

Squarcina M(1981)Password authentication with insecure communication Commun ACM 24 770-146

[7]

Tempesta M(2017)Enhancing the session security of zen cart based on HMAC-SHA256 KSII Trans Internet Inf Syst 11 466-143

[8]

Chang X(2018)One-time password based on the hash chain without shared secret and re-registration Comput Secur 75 138-undefined

[9]

Nie F(2018)A survey of detection methods for XSS attacks J Netw Comput Appl 118 113-undefined

[10]

Wang S(undefined)undefined undefined undefined undefined-undefined

← 1 2 3 →