Docstoc

cookie

Document Sample
cookie Powered By Docstoc
					        A Secure Cookie Protocol

                       Alex X. Liu
             Department of Computer Sciences
             The University of Texas at Austin


Co-authors: Jason M. Kovacs (UT), Chin-Tser Huang (Univ. of
          South Carolina), Mohamed G. Gouda (UT)



                   Department of Computer Sciences
                                  The University of Texas at Austin
              HTTP is stateless

 Request/
 response




Alex X. Liu       The University of Texas at Austin   2
   Web Application is Stateful

Shopping
  cart




Alex X. Liu   The University of Texas at Austin   3
    Web
Authentication




 Alex X. Liu     The University of Texas at Austin   4
                           Cookie
 Cookie: data that records state of clients
              Browser               Server




                                             verify user/password




                                             verify cookie; if necessary, create a new cookie
                          …




 Cookies need to be secure

Alex X. Liu             The University of Texas at Austin                                       5
Security Requirements of Cookies
 Authentication
   ─ Login phase: verify client by password
   ─ Subsequent-requests phase: verify client by cookie
 Confidentiality
   ─ Observation: only server need to read cookie content!
   ─ Low-level: only server and client can read cookie content
   ─ High-level: only server can read cookie content
 Integrity
   ─ Detect modified cookies
 Anti-replay
   ─ Detect stolen cookies



Alex X. Liu             The University of Texas at Austin        6
        Efficiency Requirements


 No database lookup in verifying a cookie




Alex X. Liu      The University of Texas at Austin   7
              State of the art
 Fu’s cookie scheme:[Fu et al. 2001]

         user name|expiration time|data|
   HMAC( user name|expiration time|data, server key )


 Three security problems:
   ─ Lack of confidentiality
   ─ Replay attacks
   ─ Volume attacks


Alex X. Liu         The University of Texas at Austin   8
                 Confidentiality
          user name|expiration time|data|
    HMAC( user name|expiration time|data, server key )
 Lack of high-level confidentiality.
 Use server key?
 [Xu et al. 2002]: store 1 key/user in database
   ─ Database lookup is inefficient
 [Park & Sandhu 2000]: store unique key in cookie
   ─ Problem: public key cryptography is inefficient
 Our solution: use
   HMAC( user name|expiration time, server key )
  as the encryption key
Alex X. Liu            The University of Texas at Austin   9
                Replay attacks
          user name|expiration time|(data)k|
    HMAC( user name|expiration time|data, server key )
    k= HMAC( user name|expiration time, server key )
 To launch replay attacks
   ─ Steal someone’s cookie (using Trojans, worms, etc)
   ─ Replay the cookie
 Our Solution: make cookie session dependent
         user name|expiration time|(data)k|
 HMAC( user name|expiration time|data|session key, server key )
 k= HMAC( user name|expiration time, server key )

Alex X. Liu          The University of Texas at Austin       10
                Volume attacks
         user name|expiration time|(data)k|
 HMAC( user name|expiration time|data|session key, server key )
 k= HMAC( user name|expiration time, server key )

 Same server key for all cookies – not safe
 [Fu 2001] suggests to change server keys periodically
   ─ For some cookies, we have to verify twice
 Our Solution: replace server key by encryption key

            user name|expiration time|(data)k|
    HMAC( user name|expiration time|data|session key, k )
    k= HMAC( user name|expiration time, server key )

Alex X. Liu            The University of Texas at Austin      11
                   Implementation
   Keyed-hash msg auth code: HMAC-SHA1
   Encryption: Rijndael-256 algorithm
   Server key: 160 bits
   HMAC-SHA1 output: 320 bits
   Implemented 5 protocols:
    ─   Insecure cookie protocol
    ─   Fu’s cookie protocol with low-level confidentiality
    ─   Our cookie protocol with low-level confidentiality
    ─   Fu’s cookie protocol with high-level confidentiality
    ─   Our cookie protocol with high-level confidentiality
 Fu’s cookie protocol with high-level confidentiality: use
  the server key to encrypt data
Alex X. Liu                The University of Texas at Austin   12
                             Setup
 Server: medium-load server, 2.4 GHz Celeron, 512MB
  RAM, Windows server 2003 standard edition, IIS 6.0,
  PHP 4.3.10, MySQL 2.23
 Client: 2.8 GHz Pentium 4, 512 MB RAM, Red Hat 3.0
 Link: dedicated gigabit link, RRT=0.9ms
 Server creates a new cookie for each request
 End-to-end latency:
   ─   (1) time for transferring request with cookie to server
   ─   (2) time for verifying the cookie
   ─   (3) time for creating a new cookie
   ─   (4) time for transferring response with new cookie to client


Alex X. Liu              The University of Texas at Austin            13
       Results: impacts on client
                                                           Insecure Cookie Protocol
                                                      70
                                                           Fu's Cookie Protocol with Low-level Confidentiality
                                                           Our Cookie Protocol with Low-level Confidentiality
                                                      60   Fu's Cookie Protocol with High-level Confidentiality
              Client: average latency over SSL (ms)



                                                           Our Cookie Protocol with High-level Confidentiality
                                                      50                                               45.89
                                                                                              45.36
                                                                          42.66       43
                                                                 39.11
                                                      40


                                                      30


                                                      20


                                                      10


                                                      0



Alex X. Liu                                                          The University of Texas at Austin            14
     Results: impacts on server
                                                            7
                                                                Insecure Cookie Protocol
                                                                Fu's Cookie Protocol with Low-level Confidentiality
                                                            6
                                                                Our Cookie Protocol with Low-level Confidentiality
              verifying a cookie + creating a cookie (ms)
                                                                Fu's Cookie Protocol with High-level Confidentiality
                   Server: average processing time:


                                                            5   Our Cookie Protocol with High-level Confidentiality

                                                                                                             4.24
                                                                                                   3.99
                                                            4


                                                            3


                                                                                           1.89
                                                            2                   1.74


                                                            1         0.75


                                                            0




Alex X. Liu                                                             The University of Texas at Austin              15
                  Contributions
 Discover 3 problems in state-of-art cookie protocol

 Propose a cookie protocol that solves those problems

 Conduct performance evaluation and comparison

 Conclusion:
   ─ Security: better
   ─ Performance: close




Alex X. Liu           The University of Texas at Austin   16

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:26
posted:9/17/2012
language:Unknown
pages:16