Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Computer Sciences The University of Texas at Austin A Secure Cookie Protocol Alex X. Liu Department of Computer Sciences The University of.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Department of Computer Sciences The University of Texas at Austin A Secure Cookie Protocol Alex X. Liu Department of Computer Sciences The University of."— Presentation transcript:

1 Department of Computer Sciences The University of Texas at Austin A Secure Cookie Protocol Alex X. Liu Department of Computer Sciences The University of Texas at Austin Co-authors: Jason M. Kovacs (UT), Chin-Tser Huang (Univ. of South Carolina), Mohamed G. Gouda (UT)

2 2 Alex X. LiuThe University of Texas at Austin HTTP is stateless Request/ response

3 3 Alex X. LiuThe University of Texas at Austin Web Application is Stateful Shopping cart

4 4 Alex X. LiuThe University of Texas at Austin Web Authentication

5 5 Alex X. LiuThe University of Texas at Austin Cookie  Cookie: data that records state of clients  Cookies need to be secure first request(user/password) subsequent request(cookie) response(cookie) Response(new cookie) … verify user/password verify cookie; if necessary, create a new cookie BrowserServer

6 6 Alex X. LiuThe University of Texas at Austin Security Requirements of Cookies  Authentication ─ Login phase: verify client by password ─ Subsequent-requests phase: verify client by cookie  Confidentiality ─ Observation: only server need to read cookie content! ─ Low-level: only server and client can read cookie content ─ High-level: only server can read cookie content  Integrity ─ Detect modified cookies  Anti-replay ─ Detect stolen cookies

7 7 Alex X. LiuThe University of Texas at Austin Efficiency Requirements  No database lookup in verifying a cookie

8 8 Alex X. LiuThe University of Texas at Austin State of the art  Fu’s cookie scheme:[Fu et al. 2001]  Three security problems: ─ Lack of confidentiality ─ Replay attacks ─ Volume attacks user name|expiration time|data| HMAC( user name|expiration time|data, server key )

9 9 Alex X. LiuThe University of Texas at Austin Confidentiality  Lack of high-level confidentiality.  Use server key?  [Xu et al. 2002]: store 1 key/user in database ─ Database lookup is inefficient  [Park & Sandhu 2000]: store unique key in cookie ─ Problem: public key cryptography is inefficient  Our solution: use HMAC( user name|expiration time, server key ) as the encryption key user name|expiration time|data| HMAC( user name|expiration time|data, server key )

10 10 Alex X. LiuThe University of Texas at Austin Replay attacks  To launch replay attacks ─ Steal someone’s cookie (using Trojans, worms, etc) ─ Replay the cookie  Our Solution: make cookie session dependent user name|expiration time|(data) k | HMAC( user name|expiration time|data, server key ) k= HMAC( user name|expiration time, server key ) user name|expiration time|(data) k | HMAC( user name|expiration time|data|session key, server key ) k= HMAC( user name|expiration time, server key )

11 11 Alex X. LiuThe University of Texas at Austin Volume attacks  Same server key for all cookies – not safe  [Fu 2001] suggests to change server keys periodically ─ For some cookies, we have to verify twice  Our Solution: replace server key by encryption key user name|expiration time|(data) k | HMAC( user name|expiration time|data|session key, server key ) k= HMAC( user name|expiration time, server key ) user name|expiration time|(data) k | HMAC( user name|expiration time|data|session key, k ) k= HMAC( user name|expiration time, server key )

12 12 Alex X. LiuThe University of Texas at Austin Implementation  Keyed-hash msg auth code: HMAC-SHA1  Encryption: Rijndael-256 algorithm  Server key: 160 bits  HMAC-SHA1 output: 320 bits  Implemented 5 protocols: ─ Insecure cookie protocol ─ Fu’s cookie protocol with low-level confidentiality ─ Our cookie protocol with low-level confidentiality ─ Fu’s cookie protocol with high-level confidentiality ─ Our cookie protocol with high-level confidentiality  Fu’s cookie protocol with high-level confidentiality: use the server key to encrypt data

13 13 Alex X. LiuThe University of Texas at Austin Setup  Server: medium-load server, 2.4 GHz Celeron, 512MB RAM, Windows server 2003 standard edition, IIS 6.0, PHP 4.3.10, MySQL 2.23  Client: 2.8 GHz Pentium 4, 512 MB RAM, Red Hat 3.0  Link: dedicated gigabit link, RRT=0.9ms  Server creates a new cookie for each request  End-to-end latency: ─ (1) time for transferring request with cookie to server ─ (2) time for verifying the cookie ─ (3) time for creating a new cookie ─ (4) time for transferring response with new cookie to client

14 14 Alex X. LiuThe University of Texas at Austin Results: impacts on client

15 15 Alex X. LiuThe University of Texas at Austin Results: impacts on server

16 16 Alex X. LiuThe University of Texas at Austin Contributions  Discover 3 problems in state-of-art cookie protocol  Propose a cookie protocol that solves those problems  Conduct performance evaluation and comparison  Conclusion: ─ Security: better ─ Performance: close

Download ppt "Department of Computer Sciences The University of Texas at Austin A Secure Cookie Protocol Alex X. Liu Department of Computer Sciences The University of."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
1 Diverse Firewall Design Alex X. Liu The University of Texas at Austin, U.S.A. July 1, 2004 Co-author: Mohamed G. Gouda.

1 Diverse Firewall Design Alex X. Liu The University of Texas at Austin, U.S.A. July 1, 2004 Co-author: Mohamed G. Gouda.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Firewall Query Engine and Firewall Comparison Engine Mohamed Gouda Alex X. Liu Computer Science Department The University of Texas at Austin.

Firewall Query Engine and Firewall Comparison Engine Mohamed Gouda Alex X. Liu Computer Science Department The University of Texas at Austin.
Architecture & Integration: CP v3.1. 3.x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)

Architecture & Integration: CP v x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.

1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

Similar presentations

Ads by Google