A Defense Mechanism Based on Session Status against Cookie Replay Attack in Web Applications

Jong Sun Won; Ji Su Park; Jin Gon Shon

A Defense Mechanism Based on Session Status against Cookie Replay Attack in Web Applications

Jong Sun Won

Ji Su Park

Jin Gon Shon

KIPS Transactions on Computer and Communication Systems, Vol. 4, No. 1, pp. 31-36, Jan. 2015

10.3745/KTCCS.2015.4.1.31, PDF Download:

Abstract

As web accessibility has been easier, security issue becomes much more important in web applications demanding user authentication. Cookie is used to reduce the load of the server from the session in web applications and manage the user information efficiently. However, the cookie containing user information can be sniffed by an attacker. With this sniffed cookie, the attacker can retain the web application session of the lawful user as if the attacker is the lawful user. This kind of attack are called cookie replay attack and it causes serious security problems in web applications. In this paper, we have introduced a mechanism to detect cookie replay attacks and defend them, and verified effectiveness of the mechanism.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

J. S. Won, J. S. Park, J. G. Shon, "A Defense Mechanism Based on Session Status against Cookie Replay Attack in Web Applications," KIPS Transactions on Computer and Communication Systems, vol. 4, no. 1, pp. 31-36, 2015. DOI: 10.3745/KTCCS.2015.4.1.31.

[ACM Style]

Jong Sun Won, Ji Su Park, and Jin Gon Shon. 2015. A Defense Mechanism Based on Session Status against Cookie Replay Attack in Web Applications. KIPS Transactions on Computer and Communication Systems, 4, 1, (2015), 31-36. DOI: 10.3745/KTCCS.2015.4.1.31.