Suppose a web client and web server for a popular shopping web site have performed a key exchange so that they are now sharing a secret session key. Describe a secure method for the web client to then navigate around various pages of the shopping site, optionally placing things into a shopping cart. Your solution is allowed to use one-way hash functions and pseudo-random number generators, but it
cannot use HTTPS, so it does not need to achieve confidentiality. In any case, your solution should be resistant to HTTP session hijacking even from someone who can sniff all the packets.
What will be an ideal response?
Seed the PRNG with the secret key and include in each HTTP request the next
pseudo-random number in the sequence, as well as a userID, as a part of the URL. The
server can determine that this is the specified user, because even an eavesdropper would
not be able to determine the next number in the PRNG.
You might also like to view...
The ________ is an extremely important crime database utilized by law enforcement nationwide to apprehend fugitives, recover stolen goods, identify terrorists, and locate missing persons. During a routine traffic stop, police can access it to identify any warrants against the driver or see if the car has been reported stolen
Fill in the blank(s) with the appropriate word(s).
Data mining practices have also been criticized for ________, as there appears to be a tendency to use mined data for things other than that which it was intended
Fill in the blank(s) with the appropriate word(s).