Shun‐Shyan Chang scite author profile

Shun‐Shyan Chang

2Publications

4Citation Statements Received

51Citation Statements Given

How they've been cited

How they cite others

Affiliations

Feng Chia University

Publications

Order By: Most citations

Secure and efficient protection for HTTP cookies with self‐verification

Lee

Chen

Chang

et al. 2018

Int J Communication

View full text Add to dashboard Cite

Hypertext transfer protocol (HTTP) cookies are used to store user-related information sent by a website, and they can be read again later to maintain a link between a user's computer and the website and to remember the user's previous state on the website. In cloud services, cookies are used by service providers to maintain smooth operation for users. As cookies are sent in a public networking environment and saved on users' browsers, two problems are encountered when using cookies: (a) how to protect sensitive information on a cookie from disclosure and (b) how to determine whether cookies have been modified maliciously. Several studies have been conducted on web security to assess problems that occur when cookies are injected and hijacked. In the present study, a secure and efficient cookie protection scheme is proposed. The scheme is designed with the following principles: (a) a key is hidden within a cookie, (b) the integrity of the cookie is verified by both the web server and the web browser, and (c) the key and sensitive information in the cookie can only be read by the website. The proposed method was analyzed for its security and efficiency. Moreover, the methods from related studies and the proposed method were compared. The results revealed that the proposed cookie scheme is effective at improving cookie security.

show abstract

An Anti-phishing User Authentication Scheme without Using a Sensitive Key Table

Lee

Chen

Chang

et al. 2011

View full text Add to dashboard Cite

Phishing is a popular technique that attackers use for the obtainment of sensitive information about users. Last year, over 44 million users became victims of phishing websites. Mutual authentication between user and server is an essential part of anti-phishing mechanisms. Lee et al. proposed a scheme that achieves mutual authentication to protect users from phishing attacks. However, a sensitive key table is necessary if users want to achieve mutual authentication on different servers. This attracts attackers' attention and increases the cost of maintaining the key. In this paper, a novel anti-phishing authentication scheme without a sensitive key table is presented. No sensitive key table is needed if the user is present at that time. Moreover, the proposed scheme can prevent guessing and replay attacks, which are serious threats to user authentication.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Shun‐Shyan Chang

Secure and efficient protection for HTTP cookies with self‐verification

An Anti-phishing User Authentication Scheme without Using a Sensitive Key Table

Contact Info

Product

Resources

About