| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Semenov, Alexander", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Jussila, Juha", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2018-08-02T07:54:44Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2018-08-02T07:54:44Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2018", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/59084", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "HTTP-ev\u00e4ste on ollut yleisesti k\u00e4ytetty tekniikka maailmanlaajuisissa tietoverkoissa. Useat laajamittaiset tietomurrot ovat osoittaneet, ett\u00e4 ev\u00e4steit\u00e4 voidaan murtaa useilla erilaisilla hy\u00f6kk\u00e4ystyypeill\u00e4. On v\u00e4ist\u00e4m\u00e4t\u00f6nt\u00e4 tunnistaa ev\u00e4steiden heikkouksia. ICT-alan tutkijat ovat osoittaneet lukuisia ev\u00e4steiden haavoittuvuuksia ja heikkouksia. Ev\u00e4ste-protokolla on perustunut yli kaksi vuosikymment\u00e4 sitten laadittuun luonnokseen. T\u00e4ss\u00e4 tutkimuksessa tutkittiin systemaattisen kirjallisuuskatsauksen metodein ev\u00e4steiden heikkouksia, heikkouksia hy\u00f6dynt\u00e4vi\u00e4 hy\u00f6kk\u00e4ysmetodeja ja puolustusmekanismeja hy\u00f6kk\u00e4yksien ehk\u00e4isemiseksi. Tutkimuksessa analysoitiin ev\u00e4steiden m\u00e4\u00e4rittely\u00e4, hy\u00f6kk\u00e4ysmetodeja ja puolustusmekanismeja tutkivaa kirjallisuutta. K\u00e4ytetty kirjallisuus arvioitiin tutkimusmenetelm\u00e4n metodien mukaisesti. Kirjallisuuteen perustuen tutkimus osoitti ev\u00e4steiden ja siirtoprotokollien heikkouksia ja haavoittuvuuksia, joita hy\u00f6kk\u00e4yksiss\u00e4 voidaan k\u00e4ytt\u00e4\u00e4 hyv\u00e4ksi. Tuloksissa havaittiin puutteita ev\u00e4steiden eheydess\u00e4. Ev\u00e4steiden luottamuksellisuus todettiin heikoksi. Tulokset osoittivat, ett\u00e4 ev\u00e4ste-protokolla tulisi p\u00e4ivitt\u00e4\u00e4 uudelle turvallisuustasolle. Tutkimus osoitti, ett\u00e4 nykyisess\u00e4 muodossaan ev\u00e4steet altistuvat hy\u00f6kk\u00e4yksille, joissa ev\u00e4steit\u00e4 kaapataan ja manipuloidaan. Lis\u00e4ksi tulokset osoittivat, ett\u00e4 ev\u00e4steet altistuvat XSS ja CSRF -tyyppisille hy\u00f6kk\u00e4ksille. Useita puolustusmekanismeja tulisi asettaa ev\u00e4steisiin hy\u00f6kk\u00e4ysten ehk\u00e4isemiksi.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "HTTP cookie has been a commonly used technique in the world wide web. Several widescale data breaches have shown that cookies can be compromised with multiple attack types. It was inevitable to identify the weaknesses of cookies. Researchers in the ICT field have emphasized several vulnerabilities and weak points in cookies. Cookie protocol has been based on a draft that was signed over two decades ago. By means of systematic literature review the weaknesses of cookies, the attack methods that exploit the weaknesses, and defense methods to mitigate the attacks were disclosed in this research. Literature addressing cookie specification, attack methods, and defense methods, was examined and evaluated. Based on the literature the research indicated that cookies and the transmitting protocols contain weaknesses and vulnerabilities that can be exploited by attackers. The research addressed that cookies lack confidentiality and integrity. Cookie protocol should be updated to a new level of security. In the current form, cookies are exposed to poisoning, hijacking, manipulation, cross-site scripting, cross-site request forgery, TCP/IP hijacking, and session fixation. Several defense methods should be applied to mitigate the attacks.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2018-08-02T07:54:44Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2018-08-02T07:54:44Z (GMT). No. of bitstreams: 0\n Previous issue date: 2018", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "61", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "HTTP cookie", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "vulnerability", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "cross-site scripting", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "cross-site request forgery", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "TCP/IP hijacking", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "session fixation", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "HTTP cookie weaknesses, attack methods and defense mechanisms : a systematic literature review", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201808023720", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ev\u00e4steet", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "data security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cookies (files)", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|