Securely outsourcing cookies to the cloud via private information retrieval
作者: Levon Nazaryan , Ruofan Jin , Chaoqun Yue , Ozgur Oksuz , Bing Wang
DOI: 10.1109/WIMOB.2016.7763250
关键词: Computer security 、 Computer science 、 Computer network 、 Session hijacking 、 Server 、 Web navigation 、 Session (computer science) 、 Upload 、 Information sensitivity 、 Web application 、 Cloud computing
摘要: Many smartphone applications are web based and rely on cookies to maintain the status of a session. Cookies, however, may lead security threats since they contain sensitive information. In addition, an attacker having access cookie can easily impersonate legitimate user. this paper, we propose implement system that securely outsources browser cloud ensures user privacy using Private Information Retrieval. Experimental evaluation traces collected from operational cellular WiFi networks demonstrates our achieves satisfactory performance for most real-life browsing scenarios: average latency is within 1.0 1.2 seconds (well users' tolerance) even when retrieving tens over LTE or network, amount generated traffic significantly lower than downloading entire database.
ieeecomputersociety.org
ed.ac.uk 参考文章(28)
Philippe De Ryck, Lieven Desmet, Wouter Joosen, Frank Piessens, Automatic and Precise Client-Side Protection against CSRF Attacks Computer Security – ESORICS 2011. pp. 100- 116 ,(2011) , 10.1007/978-3-642-23822-2_6
Zhiqiang Yang, Sheng Zhong, Rebecca N. Wright, Privacy-Preserving Queries on Encrypted Data Computer Security – ESORICS 2006. pp. 479- 495 ,(2006) , 10.1007/11863908_29
Keith Winstein, Hari Balakrishnan, Anirudh Sivaraman, Stochastic forecasts achieve high throughput and low delay over cellular networks networked systems design and implementation. pp. 459- 472 ,(2013)
Yves Younan, Wouter Joosen, Wannes Meert, Nick Nikiforakis, Martin Johns, SessionShield: lightweight protection against session hijacking international conference on engineering secure software and systems. ,vol. 6542, pp. 87- 100 ,(2011) , 10.5555/1946341.1946351
Tielei Wang, Long Lu, Kangjie Lu, Wenke Lee, Simon Chung, Jekyll on iOS: when benign apps become evil usenix security symposium. pp. 559- 572 ,(2013)
Sergey Yekhanin, Private information retrieval Communications of The ACM. ,vol. 53, pp. 68- 73 ,(2010) , 10.1145/1721654.1721674
Italo Dacosta, Saurabh Chakradeo, Mustaque Ahamad, Patrick Traynor, One-time cookies ACM Transactions on Internet Technology. ,vol. 12, pp. 1- 24 ,(2012) , 10.1145/2220352.2220353
Benny Chor, Eyal Kushilevitz, Oded Goldreich, Madhu Sudan, Private information retrieval Journal of the ACM. ,vol. 45, pp. 965- 981 ,(1998) , 10.1145/293347.293350
Alex X. Liu, Jason M. Kovacs, Mohamed G. Gouda, A secure cookie scheme Computer Networks. ,vol. 56, pp. 1723- 1730 ,(2012) , 10.1016/J.COMNET.2012.01.013
J.S. Park, R. Sandhu, Secure cookies on the Web IEEE Internet Computing. ,vol. 4, pp. 36- 44 ,(2000) , 10.1109/4236.865085