Robust and fast authentication of session cookies in collaborative and social media using position-indexed hashing

Abstract

The use of insecure cookies as a means to authenticate web transactions in collaborative and social media websites presents a hazard to users' privacy. In this paper, we propose and evaluate a novel protocol for protecting transmitted cookies using two dimensional one-way hash chains. In the first dimension, there is a hash chain that computes secret values used in the second dimension hash function. Multiple hash chains use the secret values created by the first dimension to authenticate session cookies in the second dimension. For improved security, the hashing operations in the second dimension use a concatenation of the secret values and the position index of the hash function within the hash chain. The performance of the scheme is evaluated using a detailed simulation testbed and an analytical model. The optimal lengths of the chains are derived when the number of transactions in the session is known. The protocol is extended to efficiently handle the case when the number of transactions is not known. The evaluation of the proposed scheme reveals that it achieves tremendous improvement over straightforwardly configured one-way hash chain schemes. Also, by adopting the position-indexed hashing protocol, energy consumption is reduced significantly especially with longer sessions making our protocol ideal for battery operated devices. © 2013 ICST.