Discover Your Island University

Graduate Projects


Project ID: 297
Author: Randy R. DeLeon
Project Title: Securing Sensitive Information in Cookies
Semester: Spring 2007
Committe Chair: Dr. Dulal Kar
Committee Member 1: Dr. Marion Garcia
Committee Member 2: Dr. Ahmed Mahdy
Project Description: Security has become a main focal point in the computer forensics and scientific field. Both at the organization level and at the home level, security in regards to private information being stored in the cookie files that Internet browsers use has not been focused upon as much as it should be. The file “cookies.txt” found locally on a user’s system can be accessed by any program, even though its main use is for Internet browsers. Herein lies the problem with securing the concept and contents of cookies: there is none. Cookies should be handled with safety and security because such strings of information can hold a vast amount of sensitive knowledge for malicious Websites to take use of, alongside working with malicious programs. In the end, it is shown that such mishaps can occur with a medium sense of difficulty involved. A knowledgeable computer programmer can take the first steps at becoming an identity thief, or much less commit common credit card fraud as a result of a cookie’s lack of security. Here, a malicious Webpage is built that does three main objectives: create a basic cookie to keep a sense of personalization available, provide a link to download a malicious program, and allow the line of information for the Websites cookie to be manipulated by the malicious program. Overall, this provides the basic truth that cookie files are susceptible to espionage and identity theft, even if the concept of cookies seems innocent. Even with the risk that cookie security is little to non-existent, there are simple methods that defend against such mishaps via alert messaging. A simple file content check is run every time an Internet browser starts and shuts down via an MD5 checksum comparison. This helps the user become aware of any changes done to the cookie file. Cookie security and handling issues need to be reexamined, since the ease of manipulation for such a file results in direct access of stolen information via a malicious program that captures key strokes. Using Mozilla Firefox as a target Web-browser, the lack of security with cookies is shown. Yet, an alert sequence or notification for users is a simple barrier that prevents such information to be stolen in the long run. The malicious Webpage, working alongside a malicious program, can capture anything targeted by a hacker; however, simple methods also help notify a computer user of suspicious activity to aid in protecting information.
Project URL:   297.pdf