Visible to the public Biblio

Filters: Keyword is static cookies  [Clear All Filters]
2020-04-17
Joseph, Justin, Bhadauria, Saumya.  2019.  Cookie Based Protocol to Defend Malicious Browser Extensions. 2019 International Carnahan Conference on Security Technology (ICCST). :1—6.
All popular browsers support browser extensions. They are small software module for customizing web browsers. It provides extra features like user interface modifications, ad blocking, cookie management and so on. As features increase, security becomes more difficult. The impact of malicious browser extensions is also enormous. More than 1 million Chrome users got affected by extensions from Chrome store itself. [1] The risk further increases with offline extension installations. The privileges browser extensions have, pave the path for many kinds of attacks. Replay attack and session hijacking are two of these attacks we are dealing here. Here we propose a defence system based on dynamic encrypted cookies to defend these attacks. We use cookies as token for continuous authentication, which protects entire communication. Static cookies are prone for session hijacking, and therefore we use dynamic cookies which are sealed with encryption. It also protects from replay attack by changing itself, making previous message obsolete. This essentially solves both of the problems.