1. Securely outsourcing cookies to the cloud via private information retrieval
- Author
-
Ozgur Oksuz, Chaoqun Yue, Kyoungwon Suh, Levon Nazaryan, Aggelos Kiayias, Bing Wang, and Ruofan Jin
- Subjects
business.industry ,Computer science ,020206 networking & telecommunications ,Cloud computing ,02 engineering and technology ,Computer security ,computer.software_genre ,Upload ,Information sensitivity ,Session hijacking ,Server ,0202 electrical engineering, electronic engineering, information engineering ,Web application ,020201 artificial intelligence & image processing ,Web navigation ,Session (computer science) ,business ,computer ,Computer network - Abstract
Many smartphone applications are web based and rely on cookies to maintain the status of a web session. Cookies, however, may lead to security threats since they may contain sensitive information. In addition, an attacker having access to a cookie can easily impersonate the legitimate user. In this paper, we propose and implement a system that securely outsources browser cookies to the cloud and ensures user privacy using Private Information Retrieval. Experimental evaluation using traces collected from operational cellular and WiFi networks demonstrates that our system achieves satisfactory performance for most real-life web browsing scenarios: the average latency is within 1.0 to 1.2 seconds (well within users' tolerance) even when retrieving tens of cookies over an LTE or WiFi network, and the amount of generated traffic is significantly lower than that when downloading the entire cookie database.
- Published
- 2016