Top

International Journal of Information Security

Published in:

01-08-2014 | Regular Contribution

Enhancing security of cookie-based sessions in mobile networks using sparse caching

Authors: Amerah Alabrah, Jeffrey Cashion, Mostafa Bassiouni

Published in: International Journal of Information Security | Issue 4/2014

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The exponential growth in the use of mobile phones and tablets to gain wireless access to the Internet has been accompanied by a similar growth in cyber attacks over wireless links to steal session cookies and compromise private users’ accounts. The popular one-way hash chain authentication technique in its conventional format is not optimal for mobile phones and other handheld devices due to its high computational overhead. In this paper, we propose and evaluate the use of sparse caching techniques to reduce the overhead of one-way hash chain authentication. Sparse caching schemes with uniform spacing, non-uniform spacing and geometric spacing are designed and analyzed. A Weighted Overhead formula is used to obtain insight into the suitable cache size for different classes of mobile devices. Additionally, the scheme is evaluated from an energy consumption perspective. We show that sparse caching can also be effective in the case of uncertainty in the number of transactions per user session. Our extensive performance tests have shown the significant improvement achieved by the sparse caching schemes.

previous article Sufficient conditions for sound tree and sequential hashing modes

next article ARITO: Cyber-attack response system using accurate risk impact tolerance

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Chen, J., Jiang, M., Liu, Y.: Wireless LAN security and IEEE 802.11i. IEEE Wirel. Commun. 12(1), 27–36 (2005)CrossRef

Sreedhar, C., Madhusudhana, S., Kasiviswanath, N.: A survey on security issues in wireless ad hoc network routing protocols. Int. J. Comp. Sci. Eng. 12(2), 224–232 (2010)

Siddiqui, M., Hong, C.: Security issues in wireless mesh networks. In: Proceedings of IEEE International Conference on Multimedia and Ubiquitous Engineering (MUE’07). Seoul, Korea (2007)

Zhou, Y., Fang, Y., Zhang, Y.: Securing wireless sensor networks: a survey. IEEE Commun. Surv. 10(3), 6–28 (2008)CrossRef

Ponurkiewicz, B.: FaceNiff—A new Android download application. http://faceniff.ponury.net/. Accessed 26 Jan 2012

Butler, E.: FireSheep: cookie snatching made simple. In: ToorCon Conference. San Diego, CA (2010). Software available at http://codebutler.com/firesheep

Riley, R., Ali, N., Al-Senaidi, K., Al-Kuwari, A.: Empowering users against sidejacking attacks. In: Proceedings of the ACM SIGCOMM Conference on SIGCOMM. New Delhi, India (2010)

Liu, A., Kovacs, J., Huang, C., Gouda, M.: A secure cookie protocol. In: Proceedings of 14th International Conference on Computer Communications and Networks (2005)

Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)CrossRefMathSciNet

10.

Zhang, Y., Fang, Y.: ARSA: an attack-resilient security architecture for multihop wireless mesh networks. IEEE J. Sel. Areas Commun. 24(10), 1916–1928 (2006)CrossRefMathSciNet

11.

Hu, Y., Perrig, A., Johnson, D.: Ariadne: a secure on-demand routing protocol for ad hoc networks. Wirel. Netw. 11(1–2), 21–38 (2005)CrossRef

12.

Hu, Y., Johnson, D., Perrig, A.: SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks. In: Proceedings of the 4th IEEE Workshop on Mobile Computing Systems and Applications (WMCSA 2002), pp. 3–13. Calicoon, NY (2002)

13.

Dacosta, I., Chakradeo, S., Ahamad, M., Traynor, P.: One-time cookies: preventing session hijacking attacks with disposable credentials. Technical Report Georgia Institute of Technology (2011). http://smartech.gatech.edu/bitstream/handle/1853/37000/GT-CS-11-04.pdf

14.

Cashion, J., Bassiouni, M.: Robust and low-cost solution for preventing sidejacking attacks in wireless networks using a rolling code. In: Proceedings of the 7th ACM International Symposium on QoS and Security of Wireless and Mobile Networks (Q2SWinet’11), pp. 21–26. Miami Beach, Florida (2011)

15.

Liu, D., Ning, P.: Multilevel \(\mu \)TESLA: broadcast authentication for distributed sensor networks. Trans. Embed. Comput. Syst. (TECS) 3(40) (2004)

16.

Tan, H., Jha, S., Ostry, D., Zic, J., Sivaraman, V.: Secure multi-hop network programming with multiple one-way key chains. In: Proceedings of the First ACM Conference on Wireless Network Security-WiSec ’08 (2008)

17.

Khalil, I., Bagchi, S., Rotaru, C.N., Shroff, N.B.: UnMask: utilizing neighbor monitoring for attack mitigation in multihop wireless sensor networks. Ad Hoc Netw. 8(2), 148–164 (2010)CrossRef

18.

Li, M., Yu, S., Guttman, J.D., Lou, W., Ren, K.: Secure ad hoc trust initialization and key management in wireless body area networks. ACM Trans. Sens. Netw. (TOSN) 9(2), 18 (2013)

19.

Chen, T.H., Hsiang, H.C., Shih, W.K.: Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Gener. Comput. Syst. 27(4), 377–380 (2011)

20.

Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J Netw. Comput. Appl. 33(1), 1–5 (2010)CrossRef

21.

Dai, X., Grundy, J.: NetPay: an off-line, decentralized micro-payment system for thin-client applications. Electron. Commer. Res. Appl. 6(1), 91–101 (2007)CrossRef

22.

Liaw, H., Lin, J., Wu, W.: A new electronic traveler’s check scheme based on one-way hash function. Electron. Commer. Res. Appl. 6(4), 499–508 (2008)CrossRef

23.

Gupta, A., Weber, W., Mowry, T.: Reducing Memory and Traffic Requirements for Scalable Directory-based Cache Coherence Schemes. Springer, NY (1992)

24.

Deftu, A., Murarasu, A.: Optimization techniques for dimensionally truncated sparse grids on heterogeneous systems. In: Proceedings of the 21st Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 351–358 (2013)

25.

Lau, W., Kumar, M., Venkatesh, S.: A cooperative cache architecture in support of caching multimedia objects in MANETs. In: Proceedings of the 5th ACM International Workshop on Wireless Mobile Multimedia, pp. 56–63 (2002)

26.

Douglas, C. C., Hu, J., Iskandarani, M., Kowarschik, M., Rüde, U., Weiss, C.: Maximizing cache memory usage for multigrid algorithms. In: Chen, Z., et al. (eds.) Multiphase Flows and Transport in Porous Media: State of the Art. Lecture Notes in Physics, vol. 552, pp. 124–137. Springer, Berlin (2000)

27.

Hu, Y., Jakobsson, M., Perrig, A.: Efficient constructions for one-way hash chains. In: Applied Cryptography and Network Security. Lecture Notes in Computer Science, vol. 3531, pp. 423–441. Springer, Berlin (2005)

28.

Chandramouli, R., Bapatla, S., Subbalakshmi, K., Uma, R.: Battery power-aware encryption. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(2), 162–180 (2006)CrossRef

29.

Potlapally, N., Ravi, S., Raghunathan, A., Jha, N.: Analyzing the energy consumption of security protocols. In: Proceedings of the 2003 International Symposium on Low Power Electronics and Design, pp. 30–35 (2003)

Title: Enhancing security of cookie-based sessions in mobile networks using sparse caching
Authors: Amerah Alabrah
Jeffrey Cashion
Mostafa Bassiouni
Publication date: 01-08-2014
Publisher: Springer Berlin Heidelberg
Published in: International Journal of Information Security / Issue 4/2014
Print ISSN: 1615-5262
Electronic ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-013-0223-8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 4/2014

Lattice-based certificateless public-key encryption in the standard model

Randomized gossip algorithms under attack

Sufficient conditions for sound tree and sequential hashing modes

ARITO: Cyber-attack response system using accurate risk impact tolerance

Efficient verifiably encrypted signatures from lattices

Premium Partner