Server-Based Access Verification

Davide Cavagnino, Francesco Bergadano, Pasquale Andrea Nesta

Abstract

In many practical contexts, it is necessary to certify that the content of a web server log file is correct with respect to real client traffic. This certification should be carried out by an independent third party, which we will call a certification agency, that is trusted by the web server owner and by the log file user. The certification agency should use adequate technology to perform the requested certification. The used technology must ensure that the log file was not altered or, in case of modifications to the log file, it should detect individual items that were added or removed. In this paper a novel technique for web server access certification based on software is presented, and its reliability and performance is discussed. A case study and experimental data from a web site with significant traffic is also presented.

References

  1. Anupam, V., Mayer, A., Nissim, K., Pinkas, B., and Reiter, M. K., 1999. On the security of pay-per-click and other web advertising schemes. In Proc. of the 8th International World Wide Web Conference.
  2. Apache, http://www.apache.org
  3. Bergadano, F., and Cavagnino, D., 2000. Certificazione di Accessi a Server Web. In Proc. of AICA 2000, Taormina, Italy.
  4. Bergadano, F., and Galvan, F., 2001. Facile e utile "gonfiare" le statistiche web. Available at http://www.i-dome.com.
  5. Bergadano, F., Cavagnino, D., and Egidi, L., 2002. Partially sighted signatures on large documents. In Proc. of Int. Network Conference 2002, pp. 373-380.
  6. Blundo, C., De Bonis, A., Masucci, B., and Stinson, D. R., 2000. Dynamic Multi-Threshold Metering Scheme. In Proc. of Selected Areas in Cryptography 2000, D. R. Stinson and S. Tavares, eds., LNCS 2012, Springer-Verlag, pp. 130-144.
  7. Capozzi, F., 1998. Sicurezza della rete: IP spoofing ... ed il MAC ???. Available at http://www.linuxvalley.com.
  8. Certimeter, http://www.certimeter.com
  9. Franklin, M. K., and Malkhi, D., 1997. Auditable Metering with Lightweight Security. In Proceedings of the Financial Cryptography Workshop.
  10. Franklin, M. K., and Malkhi, D., 1998. Auditable Metering with Lightweight Security. WIPO WO9826571.
  11. Berners-Lee, T., Fielding, R., and Frystyk, H., 1996. Hypertext Transfer Protocol -- HTTP/1.0. Internet Engineering Task Force RFC 1945, May 1996.
  12. Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and Berners-Lee, T., 1999. Hypertext Transfer Protocol -- HTTP/1.1. Internet Engineering Task Force RFC 2616, June 1999.
  13. Masucci, B., and Stinson, D. R., 2000. Metering Schemes for General Access Structures. In Proc. of 6th European Symposium on Research in Computer Security - ESORICS 2000, Tolouse. In F. Cuppens, Y. Deswarte, D. Gollmann and M.Waidner, eds., Lecture Notes in Computer Science, no. 1895, Springer-Verlag, pp. 72-87.
  14. Masucci, B., and Stinson, D. R., 2001. Efficient Metering Schemes with Pricing. IEEE Transactions on Information Theory, Vol. 47, No. 7, November 2001, pp. 2835-2844.
  15. Naor, M., and Pinkas, B., 1998. Secure Efficient Metering. Proc. of Eurocrypt 1998, Lecture Notes in Computer Science, no. 1403, Springer-Verlag, pp. 576-590.
  16. Naor, M., and Pinkas, B., 2000. Method for secure accounting and auditing on a communications network. US Patent #6,055,508, April 25th, 2000.
  17. Reiter, M. K., Anupam, V., and Mayer, A., 1998. Detecting Hit Shaving in Click-Through Payment Schemes. In Proceedings of the Third USENIX Workshop on Electronic Commerce, pp. 155-166.
  18. Shamir, A., 1979. How to share a secret. Communications of the ACM, Vol. 22, pp. 612- 613.
Download


Paper Citation


in Harvard Style

Cavagnino D., Bergadano F. and Andrea Nesta P. (2004). Server-Based Access Verification . In Proceedings of the 1st International Workshop on Electronic Government and Commerce: Design, Modeling, Analysis and Security - Volume 1: EGCDMAS, (ICETE 2004) ISBN 972-8865-17-1, pages 91-103. DOI: 10.5220/0001402400910103


in Bibtex Style

@conference{egcdmas04,
author={Davide Cavagnino and Francesco Bergadano and Pasquale Andrea Nesta},
title={Server-Based Access Verification},
booktitle={Proceedings of the 1st International Workshop on Electronic Government and Commerce: Design, Modeling, Analysis and Security - Volume 1: EGCDMAS, (ICETE 2004)},
year={2004},
pages={91-103},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001402400910103},
isbn={972-8865-17-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Workshop on Electronic Government and Commerce: Design, Modeling, Analysis and Security - Volume 1: EGCDMAS, (ICETE 2004)
TI - Server-Based Access Verification
SN - 972-8865-17-1
AU - Cavagnino D.
AU - Bergadano F.
AU - Andrea Nesta P.
PY - 2004
SP - 91
EP - 103
DO - 10.5220/0001402400910103