Browse > Article
http://dx.doi.org/10.7472/jksii.2012.13.4.83

Study on implementation of Secure HTML5 Local Storage  

Myeong, Hee-Won (고려대학교 정보보호대학원)
Paik, Jung-Ha (고려대학교 정보보호대학원)
Lee, Dong-Hoon (고려대학교 정보보호대학원)
Publication Information
Journal of Internet Computing and Services / v.13, no.4, 2012 , pp. 83-93 More about this Journal
Abstract
HTML5 has developed not to have browser dependancy considering interoperability as same as maintaining compatability with lower versions of HTML. HTML5, the newest web standardization is on going of being structured. Along with the smart phone boom, HTML5 is spotlighted because it can be applied to cross platforms in mobile web environments. Specially the local Storage that has been listed in new features in HTML5 supports offline function for web application that enables web application to be run even when the mobile is not connected to 3G or wifi. With Local storage, development of server-independent web application can be possible. However Local storage stores plaintext data in it without applying any security measure and this makes the plaintext data dangerous to security threats that are already exist in other client side storages like Cookie. In the paper we propose secure Local storage methods to offer a safe way to store and retrieve data in Local storage guaranteeing its performance. Suggested functions in this paper follow localStorage standard API and use a module that provide cryptographic function. We also prove the efficiency of suggested secure Local storage based on its performance evaluation with implementation.
Keywords
HTML5; Client-side Storage; Web Storage; Local Storage; PBKDF2; Salt;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 W3C Working Draft 'A vocabulary and associated APIs for HTML and XHTML.', May 2011.
2 W3C Working Draft 'HTTP Specifications and Drafts.', Mar 2002.
3 Adobe Flash Player, 'Flash Professional CS6 / Tech specs.'
4 W3C Working Draft 'Web Storage Editor's Draft', April 2002.
5 SANS Institute InfoSec Reading Room, 'The RIsks of Client-Side Data Storage', 2011.
6 OWASP(The Open Web Application Security Project), 'Cross-site Scripting(XSS)', Aug 2011.
7 Jong-Phil Yang, Kyung-Hyune Rhee 'The Design and Implementation of Improved Secure Cookies Based on Certificate', INDOCRYPT 2002, LNCS 2551, pp.314-325, 2002.
8 Heng Wu, Weiting Chen, Zhongjie Ren 'Secure Cookies with a MAC Address Encrypted Key Ring'', IEEE Computer Science, Vol 2, pp.62-65, 2010.
9 Alvin T.S Chan 'Mobile Cookies Management on a Smart Card', Communication of the ACM, Vol 48. No.11, page 38-43, 2005.   DOI   ScienceOn
10 Rattinpong Putthacharoen, Pratheep Bunyatnoparat, 'Protecting Cookies from Cross Site Script Attacks Using Dynamic Cooies Rewriting Technique', ICACT 2011, pp.1090-1094, 2011.
11 심원태, 최요한, 서희석, 노봉남, '쿠키파일의 보안성 향상을 위한 저장 방식', 한국시뮬레이션학회 논문지, Vol 20, No 1, pp.29-37, 2011.   과학기술학회마을   DOI
12 NetworkWorld, 'HTML5 raises new security issues', [Online]. Available : http://www.networkworld.com/news/2010/082010-html5-raises-new-security.html
13 SEC Discover, 'Abusing HTML 5 Structured Clientside Storage', July 2008
14 Compass Security, 'HTML5 web security', Dec 2011
15 W3C, 'Web Storage Candidate Recommendation' , Dec 2011
16 NIST Special Publication 800-132, 'Recommendation for Password-Based Key Derivation Part 1 : Storage Applications', Dec 2010
17 Stanford Javascript Crypto Library, [Online]. Available : http://crypto.stanford.edu/sjcl/