PUSH for Security: A PUF-Based Protocol to Prevent Session Hijacking
摘要
Session hijacking attacks still affect thousands of users of web services every year. In this paper, we propose a novel lightweight hardware-binding protocol that associates a web session with a device using a unique fingerprint derived from an SRAM-based Physical Unclonable Function (PUF). The hardware/software co-design of the proposed protocol ensures continuous verification of the session’s legitimacy without introducing additional latency. Furthermore, it enables the timely termination of a hijacked session, thereby mitigating the impact of session hijacking attacks.