The Design and Implementation of Improved Secure Cookies Based on Certificate

Yang, Jong-Phil; Rhee, Kyung-Hyune

doi:10.1007/3-540-36231-2_25

Jong-Phil Yang⁶ &
Kyung-Hyune Rhee⁷

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2551))

Included in the following conference series:

International Conference on Cryptology in India

535 Accesses
6 Altmetric

Abstract

The HTTP does not support continuity for browser-server interaction between successive visits of a user due to a stateless feature. Cookies were invented to maintain continuity and state on the Web. Because cookies are transmitted in plain and contain text-character strings encoding relevant information about the user, the attacker can easily copy and modify them for his undue profit. In this paper, we design a secure cookies scheme based on public key certificate for solving these security weakness of typical web cookies. Our secure cookies scheme provides not only mutual authentication between client and server but also confidentiality and integrity of user information. Additionally, we implement our secure cookies scheme and compare it to the performance with SSL(Secure Socket Layer) protocol that is widely used for security of HTTP environment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Joon S. Park and Ravi Sandhu, “Secure Cookies on the Web” IEEE Internet Computing, Volume: 4 Issue: 4, July-Aug. 2000
Google Scholar
Scott Oaks, “Java Security, 2nd Edition”, O’Reilly. 2001
Google Scholar
V. Khu-smith and C. J. Mitchell, “Enhancing the security of cookies”, in: K. Kim (ed.), Information Security and Cryptology-ICISC 2001-Proceedings of the 4th International Conference, Seoul, Korea, December 2001, Springer-Verlag (LNCS 2288), Berlin (2002), pp.132–145
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, Pukyong Nat’l Univ., 599-1, Daeyeon3-Dong, Nam-Gu, 608-737, Pusan, Republic of Korea
Jong-Phil Yang
Division of Electronic, Computer and Telecommunication Engineering, Pukyong Nat’l Univ., 599-1, Daeyeon3-Dong, Nam-Gu, 608-737, Pusan, Republic of Korea
Kyung-Hyune Rhee

Authors

Jong-Phil Yang
View author publications
You can also search for this author in PubMed Google Scholar
Kyung-Hyune Rhee
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Combinatorics and Optimization, University of Waterloo, N2L 3G1, Waterloo, Ontario, Canada
Alfred Menezes
Applied Statistics Unit, Indian Statistical Institute, 203, B.T. Road, 700108, Kolkata, India
Palash Sarkar

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Yang, JP., Rhee, KH. (2002). The Design and Implementation of Improved Secure Cookies Based on Certificate. In: Menezes, A., Sarkar, P. (eds) Progress in Cryptology — INDOCRYPT 2002. INDOCRYPT 2002. Lecture Notes in Computer Science, vol 2551. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36231-2_25

Download citation

DOI: https://doi.org/10.1007/3-540-36231-2_25
Published: 18 December 2002
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00263-5
Online ISBN: 978-3-540-36231-9
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics