| Title | Cookie Based Protocol to Defend Malicious Browser Extensions |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Joseph, Justin, Bhadauria, Saumya |
| Conference Name | 2019 International Carnahan Conference on Security Technology (ICCST) |
| Date Published | oct |
| Keywords | authentication, authentication protocol, browser extension, Browsers, Chrome store, composability, compositionality, cookie management, cryptography, customizing web browsers, defend malicious browser extensions, dynamic cookies, dynamic encrypted cookies, features increase, HTTP cookie, Human Behavior, human factors, Internet, Metrics, offline extension installations, online front-ends, password, privileges browser extensions, Protocols, pubcrawl, replay attack, resilience, Resiliency, Servers, session hijacking, software module, static cookies, user interface modifications, user interfaces, Web Browser Security |
| Abstract | All popular browsers support browser extensions. They are small software module for customizing web browsers. It provides extra features like user interface modifications, ad blocking, cookie management and so on. As features increase, security becomes more difficult. The impact of malicious browser extensions is also enormous. More than 1 million Chrome users got affected by extensions from Chrome store itself. [1] The risk further increases with offline extension installations. The privileges browser extensions have, pave the path for many kinds of attacks. Replay attack and session hijacking are two of these attacks we are dealing here. Here we propose a defence system based on dynamic encrypted cookies to defend these attacks. We use cookies as token for continuous authentication, which protects entire communication. Static cookies are prone for session hijacking, and therefore we use dynamic cookies which are sealed with encryption. It also protects from replay attack by changing itself, making previous message obsolete. This essentially solves both of the problems. |
| DOI | 10.1109/CCST.2019.8888425 |
| Citation Key | joseph_cookie_2019 |
Cookie Based Protocol to Defend Malicious Browser Extensions