Sessionlock: securing web sessions against eavesdropping

Sessionlock: securing web sessions against eavesdropping,10.1145/1367497.1367568,Ben Adida

Sessionlock: securing web sessions against eavesdropping   (Citations: 2)
BibTex | RIS | RefWorks Download
Typical web sessions can be hijacked easily by a network eavesdropper in attacks that have come to be designated "sidejacking. " The rise of ubiquitous wireless networks, often unprotected at the transport layer, has significantly aggra-vated this problem. While SSL can protect against eaves-dropping, its usability disadvantages often make it unsuit-able when the data is not considered highly confidential. Most web-based email services, for example, use SSL only on their login page and are thus vulnerable to sidejacking. We propose SessionLock, a simple approach to securing web sessions against eavesdropping without extending the use of SSL. SessionLock is easily implemented by web devel-opers using only JavaScript and simple server-side logic. Its performance impact is negligible, and all major web browsers are supported. Interestingly, it is particularly easy to imple-ment on single-page AJAX web applications, e. g. Gmail or Yahoo mail, with approximately 200 lines of JavaScript and 60 lines of server-side verification code.
Conference: World Wide Web Conference Series - WWW , pp. 517-524, 2008
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
Sort by: