Robust and low-cost solution for preventing sidejacking attacks in wireless networks using a rolling code

Cashion, Jeffrey; Bassiouni, Mostafa A.

doi:10.1145/2069105.2069110

Cited by 6 publications

(7 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The hash chain approach used by the OTC scheme generates a sequence of values to be used as authentication tokens which cannot be reused once recognized by the web application. Another approach, the Rolling Code protocol [8], replaces the hash chain by two hash operations in each transaction: one to compute a randomized value d and the other to produce a one-time authentication token by applying a hash function on the Exclusive-OR of a secret seed and the random value d. The protocol is less secure than OTC but is lightweight and more suitable for devices with low memory capabilities. The SCRHC protocol [9] also uses a similar OHC approach equipped with different levels of caching to suit various environments with different memory capacities.…”

Section: Previous Workmentioning

confidence: 99%

See 1 more Smart Citation

A hierarchical two-tier one-way hash chain protocol for secure internet transactions

Alabrah

Bassiouni

2012

2012 IEEE Global Communications Conference (GLOBECOM)

Self Cite

View full text Add to dashboard Cite

One-way hash chains are a popular cryptographic technique used in many security applications. In this paper, we present a two-tier one-way hash chain (TTOHC) protocol to secure cookie-based Internet transactions. The use of cookies as a cheaper alternative to secure Internet sessions is extremely dangerous since session cookies can be easily sniffed out resulting in session hijacking. By utilizing different cryptographic hash functions arranged in two tiers, our hierarchical TTOHC protocol gives significant performance improvement over previously proposed solutions for securing Internet cookies. A detailed Java testbed has been used to evaluate alternative configurations for the hierarchical scheme and investigate the optimal set up of the two tiers. Detailed performance results obtained from this testbed are presented and analyzed.

show abstract

Section: Previous Workmentioning

confidence: 99%

“…In this case, the dynamic TTOHC configuration would be practically acceptable because the early (more certain) transactions would be authenticated by second-tier chains of small lengths (e.g., 1,2,4,8) and are therefore given good performance. …”

Section: Dynamic N Smentioning

confidence: 99%

A hierarchical two-tier one-way hash chain protocol for secure internet transactions

Alabrah

Bassiouni

2012

2012 IEEE Global Communications Conference (GLOBECOM)

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [6], we presented a protocol to prevent cookie hijacking in wireless networks. The protocol, called Rolling Code, utilizes the initial secure HTTPS authentication to exchange a shared secret between the server and the user browser.…”

Section: Previous Workmentioning

confidence: 99%

“…In this section, we extend our work in [6] and present a security authentication protocol for mitigating the risk of hijacking social networking sites. It is important to stress that our protocol is only intended to prevent attacks related to cookie hijacking in social networks.…”

Section: Authentication Protocolmentioning

confidence: 99%

“…miniCacheInterval := √k //square root of k miniCacheK := k -miniCacheInterval //highest item miniCacheIndex := cache.size -1 //point to last item cache[0] = s; For i := 1 to miniCacheIndex Do cache[i] := hash miniCacheInterval (cache[i-1]) End-For For example, if k is 100, then miniCacheInterval = 10, miniCacheK = 90, and miniCacheIndex = 9. The For-Loop essentially achieves the following: cache[0] = hash 0 (s), cache [1] = hash 10 (s), cache [2] = hash 20 (s), cache [3] = hash 30 (s), cache [4] = hash 40 (s), cache [5] = hash 50 (s), cache [6] = hash 60 (s), cache [7] = hash 70 (s), cache [8] = hash 80 (s), and cache [9] = hash 90 (s).…”

Section: Initializationmentioning

confidence: 99%

See 1 more Smart Citation

Protocol for Mitigating the Risk of Hijacking Social Networking Sites

Cashion¹,

Bassiouni²

2011

Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing

Self Cite

View full text Add to dashboard Cite

The proliferation of social and collaborative media has been accompanied by an increased level of cyber attacks on social networking and collaboration sites. One serious type of attack is session hijacking attacks which enable the attacker to impersonate the victim and take over his/her networking session(s). In this paper, we present a security authentication protocol for mitigating the risk of hijacking social networking and collaboration sites. The protocol is based on the recognition that users of social and collaborative media connect to their websites using a variety of platforms and connection speeds. To appeal to both mobile devices such as smart phones or tablets using Wi-Fi connections and high-end workstations such as PC's using high-speed connections, a novel Self-Configuring Repeatable Hash Chains (SCRHC) protocol was developed to prevent the hijacking of session cookies. The protocol supports three different levels of caching, giving the user the ability to forfeit storage space for increased performance and reduced workload. Performance evaluation tests are presented to show the effectiveness and flexibility of the SCRHC protocol.

show abstract