Secure cookies on the web

IEEE Internet Computing

Volumn 4, Issue 4, 2000, Pages 36-44

  Park, Joon S ^a   Sandhu, Ravi ^b  

^a NAVAL RESEARCH LABORATORY   (United States)

^b GEORGE MASON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CLIENT SERVER COMPUTER SYSTEMS; ELECTRONIC COMMERCE; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; RANDOM ACCESS STORAGE; WEB BROWSERS;

HYPERTEXT TRANSPORT PROTOCOL; WEB SERVERS;

WORLD WIDE WEB;

EID: 0034229770     PISSN: 10897801     EISSN: None     Source Type: Journal    
DOI: 10.1109/4236.865085     Document Type: Article

References (17)

1. J. Gettys, J. Mogul, and H. Frystik, "HyperText Transfer Protocol (HTTP/1.1)," RFC 2616; available online at http://www.ietf.org/rfc/rfc2616.txt, June 1999.
2. D.M. Kristol and L. Montulli, "HTTP State Management Mechanism," work in progress; available online at http://ftp. ietf.org/internet-drafts/draft-ietf-http-state-man-mec-12.txt, Aug. 1999.
3. K. Moore and N. Freed, "Use of HTTP State Management," work in progress; available online at http.7/ftp.ietf.org/ internet-drafts/draft-iesg-http-cookies-03.txt, Apr. 2000.
4. J.S. Park and R. Sandhu, "Smart Certificates: Extending X.509 for Secure Attribute Services on the Web," Proc. 22nd National Information Systems Security Conf., U.S. Govt. Printing Office, Washington, D.C., 1999.
5. D. Wagner and B. Schneier, "Analysis of the SSL 3.0 Protocol," Proc. Second Usenix Workshop on Electronic Commerce, Usenix Press, Berkeley, Calif., Nov. 1996, pp. 29-40.
6. V. Mayer-Schonberger, "The Internet and Privacy Legislation: Cookies for a Threat?", West Virginia J. Law and Technology, West Virginia Univ. College of Law, Morgantown, W. Va., 1997.
7. Federal Information Processing Standards Publication, "Digital Signature Standard (DSS)," FIPS PUB 186, Nat'1 Inst. of Standards and Technology, Gaithersburg, Md., 1994.
8. R.L. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Comm. ACM,Vol. 21,No. 2,Feb. 1978, pp. 120-126.
9. C. Rigney et al., "Remote Authentication Dial-In User Service (RADIUS)," RFC 2138, Apr. 1997; available online at http://www.ietf.org/rfc/rfc2138.txt.
10. B.C. Neuman, "Using Kerberos for Authentication on Computer Networks," IEEE Comm., Vol. 32, No. 9, Sept. 1994.
11. W. Diffie and M.E. Hellman, "New Directions in Cryptography," IEEE Trans. Information Theory, Vol. IT-22, No. 6, Nov. 1976, pp. 644-654.
12. R.L. Rivest, "The MD5 Message-Digest Algorithm," RFC 1321, Apr. 1992; available online at http://www.ietf.org/ rfc/rfc1321.txt.
13. Federal Information Processing Standards Publication, "Secure Hash Standard," FIPS 180-1, Nat'l Inst. of Standards and Technology, Gaithersburg, Md., 1995.
14. M. Bellare, R. Canetti, and H. Krawczyk, "Keying Hash Functions for Message Authentication," in Proc. Advances in Cryptography - CRYPTO 96, Vol. 1109, Lecture Notes in Computer Science, Springer-Verlag, Berlin, 1996.
15. R.S. Sandhu et al., "Role-Base Access Control Models," Computer, Vol. 29, No. 2, Feb. 1996, pp. 38-47.
16. J.S. Park, R. Sandhu, and S. Ghanta, "RBAC on the Web by Secure Cookies," Proc. 13th IFIP WG11.3 Conf. Database Security, Kluwer Academic Publishers, Boston, 1999.
17. P.R. Zimmermann, The Official PGP User's Guide, MIT Press, Cambridge, Mass., 1995.