Radio frequency identification (RFID) is one popular technology being deployed for a variety of applications. Privacy and security issues play major roles in the success of RFID applications due to ease with masquerade, eavesdropping, etc. over the insecure channel between the tag and the reader. These security requirements are summarized: indistinguishability, forward security, ownership transfer, and resistance to replay attack and tag killing. Much research has been proposed. Except Osaka et al.'s scheme, none can meet all requirements. However, this paper introduces a new type of DoS attack which is ignored in these research studies to endanger their securities. As Osaka et al.'s scheme is superior to the others in terms of the functionalities, we take it as an example to show the possibility of the new DoS attack. A remedy is further provided to enhance the security to make the scheme more practical.
Hypertext transfer protocol (HTTP) cookies are used to store user-related information sent by a website, and they can be read again later to maintain a link between a user's computer and the website and to remember the user's previous state on the website. In cloud services, cookies are used by service providers to maintain smooth operation for users. As cookies are sent in a public networking environment and saved on users' browsers, two problems are encountered when using cookies: (a) how to protect sensitive information on a cookie from disclosure and (b) how to determine whether cookies have been modified maliciously. Several studies have been conducted on web security to assess problems that occur when cookies are injected and hijacked. In the present study, a secure and efficient cookie protection scheme is proposed. The scheme is designed with the following principles: (a) a key is hidden within a cookie, (b) the integrity of the cookie is verified by both the web server and the web browser, and (c) the key and sensitive information in the cookie can only be read by the website. The proposed method was analyzed for its security and efficiency. Moreover, the methods from related studies and the proposed method were compared. The results revealed that the proposed cookie scheme is effective at improving cookie security.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.