Enhancing security of cookie-based sessions in mobile networks using sparse caching

Abstract

The exponential growth in the use of mobile phones and tablets to gain wireless access to the Internet has been accompanied by a similar growth in cyber attacks over wireless links to steal session cookies and compromise private users' accounts. The popular one-way hash chain authentication technique in its conventional format is not optimal for mobile phones and other handheld devices due to its high computational overhead. In this paper, we propose and evaluate the use of sparse caching techniques to reduce the overhead of one-way hash chain authentication. Sparse caching schemes with uniform spacing, non-uniform spacing and geometric spacing are designed and analyzed. A Weighted Overhead formula is used to obtain insight into the suitable cache size for different classes of mobile devices. Additionally, the scheme is evaluated from an energy consumption perspective. We show that sparse caching can also be effective in the case of uncertainty in the number of transactions per user session. Our extensive performance tests have shown the significant improvement achieved by the sparse caching schemes. © 2013 Springer-Verlag Berlin Heidelberg.