Portal de Periódicos da CAPES

WSKE: Web Server Key Enabled Cookies

2007; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-540-77366-5_28

1611-3349

Chris Masone, Kwang‐Hyun Baek, Sean W. Smith,

Advanced Malware Detection Techniques

In this paper, we present the design and prototype of a new approach to cookie management: if a server deposits a cookie only after authenticating itself via the SSL handshake, the browser will return the cookie only to a server that can authenticate itself, via SSL, to the same keypair. This approach can enable usable but secure client authentication. This approach can improve the usability of server authentication by clients. This approach is superior to the prior work on Active Cookies in that it defends against both DNS spoofing and IP spoofing—and does not require binding a user's interaction with a server to individual IP addresses.