The proliferation of social and collaborative media has been accompanied by an increased level of cyber attacks on social networking and collaboration sites. One serious type of attack is session hijacking attacks which enable the attacker to impersonate the victim and take over his/her networking session(s). In this paper, we present a security authentication protocol for mitigating the risk of hijacking social networking and collaboration sites. The protocol is based on the recognition that users of social and collaborative media connect to their websites using a variety of platforms and connection speeds. To appeal to both mobile devices such as smart phones or tablets using Wi-Fi connections and high-end workstations such as PC's using high-speed connections, a novel Self-Configuring Repeatable Hash Chains (SCRHC) protocol was developed to prevent the hijacking of session cookies. The protocol supports three different levels of caching, giving the user the ability to forfeit storage space for increased performance and reduced workload. Performance evaluation tests are presented to show the effectiveness and flexibility of the SCRHC protocol.
With the recent explosion in wireless hotspots, more and more users find themselves browsing the internet in an insecure manner. This is due to the typical lack of security in the Wi-Fi Access Points at popular hotspots such as coffee shops and airports. A common vulnerability in this scenario is when a user's cookie information is transmitted in plain-text, exposing potential session information. This would typically include the session id, which, if stolen, could lead to session hijacking, also known as sidejacking. In this paper, we present a novel way of authenticating the client to the server using what we call a Rolling Code, much like the rolling code technology used to prevent perpetrators from recording a code and replaying it to open a garage door. By using this technique, the client is able to prove to the server with each request that they are the legitimate client and no other person could have hijacked the session. Our protocol also offers optional payload integrity and confidentiality via a multilevel security model. Our Rolling Code protocol is efficient and is particularly suitable for mobile devices used in wireless networks. We implemented a benchmark of the Rolling Code authentication and used it to evaluate the performance of the scheme for different hardware platforms. Our tests have shown that the Rolling Code protocol is more computationally efficient than the hash chains approach used in a recent cookie security protocol to prevent session sidejacking.
Selection in 3D virtual environments can vary wildly depending on the context of the selection. Various scene attributes such as object velocity and scene density will likely impact the user's ability to accurately select an object. While there are many existing 3D selection techniques that have been well studied, they all tend to be tailored to work best in a particular set of conditions, and may not perform well when these conditions are not met. As a result, designers must compromise by taking a holistic approach to choosing a primary technique; one which works well overall, but is possibly lacking in at least one scenario.We present a software framework that allows a flexible method of leveraging several selection techniques, each performing well under certain conditions. From these, the best one is utilized at any given moment to provide the user with an optimal selection experience across more scenarios and conditions. We performed a user study comparing our framework to two common 3D selection techniques, Bendcast and Expand. We evaluated the techniques across three levels of scene density and three levels of object velocity, collecting accuracy and timing data across a large sample of participants. From our results, we were able to conclude that our auto-selection technique approach is promising but there are several characteristics of the auto-selection process that can introduce drawbacks which need to be addressed and minimized.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.