Title :
Preventing Abuse of Cookies Stolen by XSS
Author :
Takahashi, Hiroki ; Yasunaga, Kenji ; Mambo, Masahiro ; Kwangjo Kim ; Heung Youl Youm
Author_Institution :
Kanazawa Univ., Ishikawa, Japan
Abstract :
Cross Site Scripting (XSS) makes victims execute an arbitrary script and leaks out personal information from victims´ computers. An adversary can easily get victim´s cookies by the XSS attack. If the adversary cannot use the stolen cookies to impersonate the victim, stealing cookie has no meaning. Therefore, we propose a method to prohibit the abuse of stolen cookies in order to make it ineffective to steal cookies through the XXS attack. The proposed method uses one-time password and challenge-response authentication to identify whether a person is a valid owner of the cookie or not.
Keywords :
Internet; security of data; Internet; XSS attack; arbitrary script; cookies stolen; cross site scripting; personal information; preventing abuse; stealing cookie; Authentication; Browsers; Educational institutions; Protocols; Servers; Synchronization; Cookies; Cross Cite Scripting; HTTP; Web Application;
Conference_Titel :
Information Security (Asia JCIS), 2013 Eighth Asia Joint Conference on
Conference_Location :
Seoul
DOI :
10.1109/ASIAJCIS.2013.20
