Enhanced CSRF Defense Using a Secret Value Between Server and User 


Vol. 39,  No. 3, pp. 162-168, Mar.  2014


PDF
  Abstract

Cross-Site Request Forgery is one of the attack techniques occurring in today"s Web Applications. It allows an unauthorized attacker to send authorized requests to Web Server through end-users" browsers. These requests are approved by the Web Server as normal requests therefore unexpected results arise. The problem is that the Web Server verifies an end-user using his Cookie information. In this paper, we propose an enhanced CSRF defense scheme which uses Page Identifier and user password"s hash value in addition to the Cookie value which is used to verify the normal requests. Our solution is simple to implement and solves the problem of the token disclosure when only a random token is used for normal request verification.

  Statistics
Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.


  Cite this article

[IEEE Style]

J. Park, I. Y. Jung, S. Kim, "Enhanced CSRF Defense Using a Secret Value Between Server and User," The Journal of Korean Institute of Communications and Information Sciences, vol. 39, no. 3, pp. 162-168, 2014. DOI: .

[ACM Style]

Jin-hyeon Park, Im Y. Jung, and Sun-ja Kim. 2014. Enhanced CSRF Defense Using a Secret Value Between Server and User. The Journal of Korean Institute of Communications and Information Sciences, 39, 3, (2014), 162-168. DOI: .

[KICS Style]

Jin-hyeon Park, Im Y. Jung, Sun-ja Kim, "Enhanced CSRF Defense Using a Secret Value Between Server and User," The Journal of Korean Institute of Communications and Information Sciences, vol. 39, no. 3, pp. 162-168, 3. 2014.

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)






pISSN : 1226 - 4717
eISSN : 2287 - 3880