Title

Robust And Low-Cost Solution For Preventing Sidejacking Attacks In Wireless Networks Using A Rolling Code

Keywords

Cookie sidejacking; Security protocols; Wireless hotspots; Wireless networks

Abstract

With the recent explosion in wireless hotspots, more and more users find themselves browsing the internet in an insecure manner. This is due to the typical lack of security in the Wi-Fi Access Points at popular hotspots such as coffee shops and airports. A common vulnerability in this scenario is when a user's cookie information is transmitted in plain-text, exposing potential session information. This would typically include the session id, which, if stolen, could lead to session hijacking, also known as sidejacking. In this paper, we present a novel way of authenticating the client to the server using what we call a Rolling Code, much like the rolling code technology used to prevent perpetrators from recording a code and replaying it to open a garage door. By using this technique, the client is able to prove to the server with each request that they are the legitimate client and no other person could have hijacked the session. Our protocol also offers optional payload integrity and confidentiality via a multilevel security model. Our Rolling Code protocol is efficient and is particularly suitable for mobile devices used in wireless networks. We implemented a benchmark of the Rolling Code authentication and used it to evaluate the performance of the scheme for different hardware platforms. Our tests have shown that the Rolling Code protocol is more computationally efficient than the hash chains approach used in a recent cookie security protocol to prevent session sidejacking. Copyright 2011 ACM.

Publication Date

12-13-2011

Publication Title

Q2SWinet'11 - Proceedings of the 7th ACM Symposium on QoS and Security for Wireless and Mobile Networks, Co-located with MSWiM'11

Number of Pages

21-26

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1145/2069105.2069110

Socpus ID

83055180203 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/83055180203

This document is currently not available here.

Share

COinS