TinySID
Introduction
Software
Download
 

Page is under construction...


Introduction

"As session IDs are often used to identify a user that has logged into a website, they can be used by an attacker to hijack the session and obtain potential privileges. A session ID is usually a randomly generated string to decrease the probability of obtaining a valid one by means of a brute-force search. Many servers perform additional verification of the client, in case the attacker has obtained the session ID. Locking a session ID to the client's IP address is a simple and effective measure as long as the attacker cannot connect to the server from the same address, but can conversely cause problems for a client if the client has multiple routes to the server (e.g. redundant internet connections) and the client’s IP address undergoes Network Address Translation."

(Source: Wikipedia)

Software

TinySID based on the software from TinyONE with the additional functionality of the Session ID. This is now available with and without TLS support. For the TLS support, Mbed TLS was used. The Session ID is not a new invention but the attempt to implement such functionality on small systems, which has been available for a long time in Windows and Linux applications. Small systems here do not mean embedded Linux systems, but rather even smaller systems with a simple operating system and limited resources. It is currently more of a Proof-of-Concept than a fully developed project.

Due to the basis of the TinyONE server, the following components are used.

Different websites are required for the version with and without TLS. There are also differences in the implementation of the Session ID itself. For this reason, two different ZIP files are available in the download section, each containing the sources and the corresponding websites.

One more note regarding cyber security. In this example, some of the default passwords are permanently saved. This must not be implemented in a final application. It is only used here as an example of the actual Session ID functionality.

Download

tinysid-ea1062-20200822 without TLS (10.1 MB, GitHub)

tinysid-ecc-ea1062-20200822 with TLS (10.1 MB, GitHub)


Page is under construction...