Session hijacking attacks still affect thousands of users of web services every year. In this paper, we propose a novel lightweight hardware-binding protocol that associates a web session with a device using a unique fingerprint derived from an SRAM-based Physical Unclonable Function (PUF). The hardware/software co-design of the proposed protocol ensures continuous verification of the session’s legitimacy without introducing additional latency. Furthermore, it enables the timely termination of a hijacked session, thereby mitigating the impact of session hijacking attacks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

PUSH for Security: A PUF-Based Protocol to Prevent Session Hijacking

  • Emiliia Geloczi,
  • Nico Mexis,
  • Stefan Katzenbeisser

摘要

Session hijacking attacks still affect thousands of users of web services every year. In this paper, we propose a novel lightweight hardware-binding protocol that associates a web session with a device using a unique fingerprint derived from an SRAM-based Physical Unclonable Function (PUF). The hardware/software co-design of the proposed protocol ensures continuous verification of the session’s legitimacy without introducing additional latency. Furthermore, it enables the timely termination of a hijacked session, thereby mitigating the impact of session hijacking attacks.