Open Access
ARTICLE
Design of an Efficient and Provable Secure Key Exchange Protocol for HTTP Cookies
1 Graduate School of Engineering Science and Technology, National Yunlin University of Science and Technology, Yunlin, 64002, Taiwan
2 Future Technology Research Center, National Yunlin University of Science and Technology, Yunlin, 64002, Taiwan
3 Department of Computer Science, Lahore Garrison University, Lahore, 54920, Pakistan
4 Department of Computer Science and Information Technology, College of Engineering, Abu Dhabi University, Abu Dhabi, 69911, United Arab Emirates
5 Department of Software Engineering, Faculty of Engineering and Architecture, Nisantasi University, Istanbul, 34398, Turkey
6 Department of Cybersecurity, Ajou University, Suwon, 16499, Republic of Korea
* Corresponding Author: Taeshik Shon. Email:
Computers, Materials & Continua 2024, 80(1), 263-280. https://doi.org/10.32604/cmc.2024.052405
Received 01 April 2024; Accepted 20 June 2024; Issue published 18 July 2024
Abstract
Cookies are considered a fundamental means of web application services for authenticating various Hypertext Transfer Protocol (HTTP) requests and maintains the states of clients’ information over the Internet. HTTP cookies are exploited to carry client patterns observed by a website. These client patterns facilitate the particular client’s future visit to the corresponding website. However, security and privacy are the primary concerns owing to the value of information over public channels and the storage of client information on the browser. Several protocols have been introduced that maintain HTTP cookies, but many of those fail to achieve the required security, or require a lot of resource overheads. In this article, we have introduced a lightweight Elliptic Curve Cryptographic (ECC) based protocol for authenticating client and server transactions to maintain the privacy and security of HTTP cookies. Our proposed protocol uses a secret key embedded within a cookie. The proposed protocol is more efficient and lightweight than related protocols because of its reduced computation, storage, and communication costs. Moreover, the analysis presented in this paper confirms that proposed protocol resists various known attacks.Keywords
Cite This Article
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.