Sciweavers

FC
2007
Springer

WSKE: Web Server Key Enabled Cookies

14 years 5 months ago
WSKE: Web Server Key Enabled Cookies
In this paper, we present the design and prototype of a new approach to cookie management: if a server deposits a cookie only after authenticating itself via the SSL handshake, the browser will return the cookie only to a server that can authenticate itself, via SSL, to the same keypair. This approach can enable usable but secure client authentication. This approach can improve the usability of server authentication by clients. This approach is superior to the prior work on Active Cookies in that it defends against both DNS spoofing and IP spoofing—and does not require binding a user’s interaction with a server to individual IP addresses.
Chris Masone, Kwang-Hyun Baek, Sean W. Smith
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where FC
Authors Chris Masone, Kwang-Hyun Baek, Sean W. Smith
Comments (0)