Professor tossing 'active cookies' at security threats
- — 20 February, 2006 08:32
An Indiana University scientist is behind a new company exploiting cookie technology to protect Web users from identity theft and other online threats.
Markus Jacobsson, associate professor of informatics and associate director of the Indiana University Center for Applied Cybersecurity Research, is promoting the new security technique through a startup called RavenWhite that he founded with Ari Juels, manager and principal research scientist at RSA Laboratories.
Their "active cookie" technique is designed to protect end users with PCs, laptops or mobile devices in a way that traditional cookies cannot (cookies are information stored on an end-user device that identify that system during initial and repeat visits to a Web site).
"While cookies were merely designed to identify users, active cookies are designed to authenticate users," according to the company Web site.
Jakobsson says active cookies protect against such domain spoofing threats as pharming, where end users are scammed by being directed to a bogus Web site. The active cookies are designed to protect against newer threats, such as a technique for hijacking Wi-Fi connections and redirecting end users to suspect sites without them ever knowing.
The company says its basic technology will not protect an end user who shifts from computer to computer or reconfigures his or her browser. But the company is working on server-side technology to try to combat that shortcoming, such as by providing administrators with more challenging questions with which to authenticate end users.
For a deeper explanation of active cookies, read the whitepapers at RavenWhite's site at http://www.ravenwhite.com/whitepapers.html.