Skip to main content.

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Wi-Fi Hardware Sponsor

Banquet Sponsor

Conference Bag and T-Shirts Sponsor

Conference Flash Disk Sponsor

Conference Welcome Reception Sponsor

Conference VIP Dinner Sponsor

Organizers

Beihang University

Host of the Conference Series

International World Wide Web Conferences Steering Committee

In Cooperation With

ACM SIGWEB
ACM SIGecom

China Computer Federation

International Federation for Information Processing

World Wide Web Consortium

Sponsors are Listed In Alphabetic Order

Refereed Papers

Track: Security II: Web Client Security

Paper Title:
SessionLock: Securing Web Sessions against Eavesdropping

Authors:

Ben Adida(Harvard University)

Abstract:
Typical web sessions can be hijacked easily by a network eavesdropper in attacks that have come to be designated "sidejacking." The rise of ubiquitous wireless networks, often unprotected at the transport layer, has significantly aggravated this problem. While SSL can protect against eavesdropping, its usability disadvantages often make it unsuitable when the data is not considered highly confidential. Most web-based email services, for example, use SSL only on their login page and are thus vulnerable to sidejacking. We propose SessionLock, a simple approach to securing web sessions against eavesdropping without extending the use of SSL. SessionLock is easily implemented by web developers using only JavaScript and simple server-side logic. Its performance impact is negligible, and all major web browsers are supported. Interestingly, it is particularly easy to implement on single-page AJAX web applications, e.g. Gmail or Yahoo mail, with approximately 200 lines of JavaScript and 60 lines of server-side verification code.

PDF version

Inquiries can be sent to: Email contact: program-chairs at www2008.org

**Sponsors are Listed In Alphabetic Order**

Refereed Papers

Sponsors are Listed In Alphabetic Order