Skip to main content
SpringerLink
Log in
Book cover

International Conference on Web Information Systems and Mining

WISM 2012: Web Information Systems and Mining pp 214–221Cite as

A New Scheme with Secure Cookie against SSLStrip Attack

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7529))

Abstract

In 2009 Moxie Marlinspike proposed a new Man-in-the- Middle (MitM) attack on secure socket layer (SSL) called SSLStrip attack at Black Hat DC, which is a serious threat to Web users. Some solutions have been proposed in literature. However, until now there is no practical countermeasure to resist on such attack. In this paper, we propose a new scheme to defend against SSLStrip attack by improving the previous secure cookie protocols and using proxy pattern and reverse proxy pattern. It implements a secure LAN guaranteed proxy in client-side, a secure server guaranteed proxy in server-side and a cookie authentication mechanism to provide the following security services: source authentication, integrity control and defending SSLStrip attack.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Nikiforakis, N., Younan, Y., Joosen, W.: HProxy: Client-Side Detection of SSL Stripping Attacks. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 200–218. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  2. Shin, D., Lopes, R.: An empirical study of visual security cues to prevent the sslstripping attack. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011, pp. 287–296. ACM, New York (2011)

    Google Scholar 

  3. Callegati, F., Cerroni, W., Ramilli, M.: Man-in-the-middle attack to the https protocol. IEEE Security Privacy 7(1), 78–81 (2009)

    Article  Google Scholar 

  4. Fu, K., Sit, E., Smith, K., Feamster, N.: Dos and don’ts of client authentication on the web. In: Proceedings of the 10th Conference on USENIX Security Symposium, SSYM 2001, vol. 10, pp. 19–35. USENIX Association, Berkeley (2001)

    Google Scholar 

  5. Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)

    Google Scholar 

  6. Liu, A., Kovacs, J., Huang, C.T., Gouda, M.: A secure cookie protocol. In: Proceeding of 14th International Conference on Computer Communications and Networks, ICCCN 2005, pp. 333–338 (October 2005)

    Google Scholar 

  7. Pujolle, G., Serhrouchni, A., Ayadi, I.: Secure session management with cookies. In: Processing of 7th International Conference on Information, Communications and Signal, ICICS 2009, pp. 1–6 (December 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Research Center, Harbin Engineering University, Harbin City, 150001, China

    Sendong Zhao & Wu Yang

  2. College of Computer Science and Technology, Harbin Engineering University, Harbin City, 150001, China

    Ding Wang

  3. China Telecom Co., Ltd. Fuzhou Branch, Fuzhou City, 350005, China

    Wenzhen Qiu

Authors
  1. Sendong Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wu Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ding Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wenzhen Qiu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Deaprtment of Business Administration, Caritas Institute of Higher Education, 18 Chui Ling Road, Tseung Kwan O, Hong Kong, China

    Fu Lee Wang

  2. School of Computer and Information Engineering, Shanghai University of Electric Power, 200090, Shanghai, China

    Jingsheng Lei

  3. Department of Computer and Inforamtion Science, University of Macau, Av. Padre Tomás Pereira, Taipa, Macau, China

    Zhiguo Gong

  4. School of Computer, Shanghai University, 200444, Shanghai, China

    Xiangfeng Luo

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhao, S., Yang, W., Wang, D., Qiu, W. (2012). A New Scheme with Secure Cookie against SSLStrip Attack. In: Wang, F.L., Lei, J., Gong, Z., Luo, X. (eds) Web Information Systems and Mining. WISM 2012. Lecture Notes in Computer Science, vol 7529. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33469-6_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33469-6_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33468-9

  • Online ISBN: 978-3-642-33469-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation