Indiana prof tossing his 'active cookies' at security threats

An Indiana University scientist is behind a new company exploiting cookie technology to protect Web users from identity theft and other online threats.

Markus Jacobsson, associate professor of informatics and associate director of the Indiana University Center for Applied Cybersecurity Research, is promoting the new security technique through a start-up called RavenWhite that he founded with Ari Juels, manager and principal research scientist at RSA Laboratories.

Their "active cookie" technique is designed to protect end users with PCs, laptops or mobile devices in a way that traditional cookies cannot (cookies are information stored on an end-user device that identify that system during initial and repeat visits to a Web site).

"While cookies were merely designed to identify users, active cookies are designed to authenticate users," according to the company Web site.

Jakobsson says active cookies protect against such domain spoofing threats as pharming, where end users are scammed by being directed to a bogus Web site. The active cookies are designed to protect against newer threats, such as a technique for hijacking Wi-Fi connections and redirecting end users to suspect sites without them ever knowing.

The company says its basic technology will not protect an end user who shifts from computer to computer or reconfigures his or her browser. But the company is working on server-side technology to try to combat that shortcoming, such as by providing administrators with more challenging questions with which to authenticate end users.

For a deeper explanation of active cookies, read the whitepapers at RavenWhite's site.

Learn more about this topic

ID theft, the sequel01/30/06Fear of identity theft bad for business, survey finds11/23/05 
From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies