Ji-soo Kim, Jong-sub Moon, Journal of Internet Computing and Services, Vol. 17, No. 3, pp. 55-66, Jun. 2016
10.7472/jksii.2016.17.3.55, Full Text:
Keywords: Local Storage, integrity, Confidentiality, Encrypt, Hash

Abstract

A local storage of HTML5 is a Web Storage, which is stored permanently on a local computer in the form of files. The contents of the storage can be easily accessed and modified because it is stored as plaintext. Moreover, because the internet browser classifies the local storages of each domain using file names, the malicious attacker can abuse victim's local storage files by changing file names. In the paper, we propose a scheme to maintain the integrity and the confidentiality of the local storage's source domain and source device. The key idea is that the client encrypts the data stored in the local storage with cipher key, which is managed by the web server. On the step of requesting the cipher key, the web server authenticates whether the client is legal source of local storage or not. Finally, we showed that our method can detect an abnormal access to the local storage through experiments according to the proposed method.

Statistics
Cite this article