2006 IEEE Symposium on Security and Privacy (S&P'06) (2006)
May 21, 2006 to May 24, 2006
pp: 5 pp.-305
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2006.8
Like conventional cookies, cache cookies are data objects that servers store in Web browsers. Cache cookies, however, are unintentional byproducts of protocol design for browser caches. They do not enjoy any explicit interface support or security policies. In this paper, we show that despite limitations, cache cookies can play a useful role in the identification and authentication of users. Many users today block conventional cookies in their browsers as a privacy measure. The cache-cookie tools we propose can help restore lost usability and convenience to such users while maintaining good privacy. As we show, our techniques can also help combat online security threats such as phishing and pharming that ordinary cookies cannot. The ideas we introduce for cache-cookie management can strengthen ordinary cookies as well. The full version of this paper may be referenced at www.ravenwhite.com
Authentication, Privacy, Web pages, Displays, Web server, Laboratories, Protocols, Data security, Image restoration, Usability
A. Juels, M. Jakobsson and T. Jagatic, "Cache cookies for browser authentication," 2006 IEEE Symposium on Security and Privacy (S&P'06)(SECPRI), Berkeley/Oakland, CA, 2009, pp. 5 pp.-305.