Enhancement of Web Application Security by Using Dynamic Secure Cookie

Cookies and sessions are used to overcome the statelessness of HTTP and provide statefulness. Cookies and sessions are used for user authentication, such as login, and are used to temporarily store information that users want to store, such as shopping carts, in online shopping malls. Cookie stores the cookie value in the browser, while session stores the session value in the server, so it has the advantage of being more secure than cookie but has the disadvantage of putting a load on the server. General cookies are less secure than sessions, but are better than sessions in terms of service performance because they do not place a load on the server. A secure cookie must satisfy confidentiality, integrity, authentication, and anti-replay attack, but the previously proposed secure cookie method does not satisfy all four of these. Additionally, most secure cookies are vulnerable to security because they become fixed values unless the data to be encrypted is added or updated. In this paper, we propose DSC (Dynamic Secure Cookie) that is more secure than a session and is superior in terms of usability. Our proposed DSC satisfies all the conditions for secure cookie: confidentiality, integrity, authentication, and anti-replay attack. In addition, it is designed to prevent authentication when manipulating the cookie value, and the cookie is safely protected by continuously changing its value each time the page is changed.