Suppose a web client and web server for a popular shopping web site have performed a key exchange so that they are now sharing a secret session key. Describe a secure method for the web client to then navigate around various pages of the shopping site, optionally placing things into a shopping cart. Your solution is allowed to use one-way hash functions and pseudo-random number generators, but it
cannot use HTTPS, so it does not need to achieve confidentiality. In any case, your solution should be resistant to HTTP session hijacking even from someone who can sniff all the packets.
What will be an ideal response?
Seed the PRNG with the secret key and include in each HTTP request the next
pseudo-random number in the sequence, as well as a userID, as a part of the URL. The
server can determine that this is the specified user, because even an eavesdropper would
not be able to determine the next number in the PRNG.
You might also like to view...
Case-Based Critical Thinking QuestionsCase 1Brenda has finished constructing her new database and populating it with data, and the time has come to begin to test out queries on her new database. She has asked you for some quick tips on the finer points of database queries. What character do you tell Brenda she should use to match any number of characters?
A. $ B. # C. * D. &
The __________ is unsuitable for a connectionless type of application because it requires the overhead of a handshake before any connectionless transmission, effectively negating the chief characteristic of a connectionless transaction.
A. timestamp approach B. challenge-response approach C. simple replay approach D. one-way authentication approach
Which characteristic is true of packet switching?
A. Preferred in low volume networks B. Easily overloaded C. Preferred for voice communications D. Transmits in batches
The function header for a value-returning function begins with which of the following?
A. opening and closing parentheses B. the keyword function C. opening braces D. the returnDataType