Abstract
Modern cryptography provides for new ways of
solving old problems. This paper details how Keyed-Hash Message Authentication Codes (HMACs) or Authenticated Encryption with Associated Data (AEAD) can be employed as an
alternative to a traditional server-side temporal session store.
This cryptography-based approach reduces the server-side need
for state. When applied to database-based user-management
systems it removes all database alteration statements needed for
confirmed user sign-up and greatly removes database alteration
statements for typical “forgot password” use-cases. As there is
no temporary data stored within the server database system,
there is no possibility of creating orphaned or abandoned data
records. However, this new approach is not generic and can only
be applied if implemented use-cases fulfill requirements. This
requirements and implications are also detailed within this paper.
Index Terms—Internet, Network security, Web services
solving old problems. This paper details how Keyed-Hash Message Authentication Codes (HMACs) or Authenticated Encryption with Associated Data (AEAD) can be employed as an
alternative to a traditional server-side temporal session store.
This cryptography-based approach reduces the server-side need
for state. When applied to database-based user-management
systems it removes all database alteration statements needed for
confirmed user sign-up and greatly removes database alteration
statements for typical “forgot password” use-cases. As there is
no temporary data stored within the server database system,
there is no possibility of creating orphaned or abandoned data
records. However, this new approach is not generic and can only
be applied if implemented use-cases fulfill requirements. This
requirements and implications are also detailed within this paper.
Index Terms—Internet, Network security, Web services
| Original language | English |
|---|---|
| Title of host publication | The First International Conference on Advances in Cyber-Technologies and Cyber-Systems CYBER2016 |
| Pages | 50-53 |
| Volume | 1 |
| Publication status | Published - 2016 |
| Event | The First International Conference on Advances in Cyber-Technologies and Cyber-Systems 2016: CYBER 2016 - Venice, Venice, Italy Duration: 9 Oct 2016 → 13 Oct 2016 |
Conference
| Conference | The First International Conference on Advances in Cyber-Technologies and Cyber-Systems 2016 |
|---|---|
| Country/Territory | Italy |
| City | Venice |
| Period | 9/10/16 → 13/10/16 |
Research Field
- Cyber Security
Keywords
- Internet
- Network security
- Web services