Lecture: SSDS - Secure Session Data Storage

Protecting HTTP Session-Data from prying eyes


SSDS is a novel security concept to protect HTTP session-data on the web/application server. It employs encryption to secure the session-data against unauthorized access. The HTTP Session-ID is used as the encryption key for the stored session-data, so that the session-data can only be accessed while HTTP requests are processed (due to the fact that the Session-ID is unknown to the webserver except during the HTTP request). The cryptographic concepts of SSDS are explained. The reference implementation of SSDS for PHP is presented.


Day: 2012-08-26
Start time: 17:45
Duration: 01:00
Room: HS3
Track: Security
Language: english



Click here to let us know how you liked this event.