Prevention of session hijacking using token and session id reset approach

Nandan, Aridaman Singh; Meenakshi, Meenakshi

doi:10.1007/s41870-020-00486-w

Cited by 3 publications

(3 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The improved algorithm is also easy to implement and can be easily integrated into existing systems. Unlike the solutions proposed in [9,10], the developed algorithms signifi-cantly improve the protection of the session from MITM attacks (man in the middle). This is achieved due to the lack of sufficient data in the messages to form a message on behalf of the user.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Developing the algorithm and software for access token protection using request signing with temporary secret

Bukovetskyi

Різак

2022

EEJET

View full text Add to dashboard Cite

This paper proposes a method for protecting the access tokens in client-server data exchange without saving the state based on the formation of the signature of the request using a temporary secret. The devised method allows one not to transfer access tokens with each request, which would make it possible for the attacker to authenticate as a valid user when compromising the connection, for example, when using a «person in the middle» attack. Two variants of the method have been proposed and substantiated – simplified and improved, the scope of which depends on the needs for protection and technical capabilities of their implementation. The robustness of both variants is ensured by the practical inability to select the initial input data of the hash function used to form the signature. The improved version also makes it possible to protect access tokens at the stage of receiving them and provides protection against the attack of the recurrence of the request. Initial user authentication protection is achieved by using the Diffie-Hellman protocol to exchange a secret and access token. Using query IDs and time labels prevents the query from being reused. Advanced security for access tokens is important because having an attacker’s access token gives the attacker full control over the user account. The use of SSL/TLS may not produce the desired level of protection for such important data. It was established that the use of the proposed method does not add significant time costs. The SHA-256 hash function example shows that the relationship between message size and extra time to send and receive a message is linear. When using the proposed method in the browser, the absolute value of additional time spent for messages from 100 bytes to 2,048 KB ranges from 0.4 ms to 142 ms. Given this, the proposed method could be used without significant impact on the experience of use.

show abstract

Section: Discussionmentioning

confidence: 99%

“…The proposed methods of counteraction are the use of protocols such as HTTPS, constant reauthorization of the user, encryption of access tokens at the application level. Paper [10] describes session hijacking protection based on linking the access to the client's IP address and web browser data.…”

Section: Literature Review and Problem Statementmentioning

confidence: 99%

Developing the algorithm and software for access token protection using request signing with temporary secret

Bukovetskyi

Різак

2022

EEJET

View full text Add to dashboard Cite

show abstract

“…Singh, 2020 134 Token and Session ID Reset strategies were created and put into use to avoid session hijacking brought on by cookie duplication. The suggested approach makes use of session-id, tokens, IP, and browser fingerprinting to authenticate the user on the web server.…”

Section: Transport Layer Attacksmentioning

confidence: 99%

Wireless sensor network security: A recent review based on state-of-the-art works

Faris

Mahmud

Salleh

et al. 2023

International Journal of Engineering Business Management

View full text Add to dashboard Cite

Wireless sensor networks (WSNs) are a major part of the telecommunications sector. WSN is applied in many aspects, including surveillance battlefields, patient medical monitoring, building automation, traffic control, environmental monitoring, and building intrusion monitoring. The WSN is made up of a vast number of sensor nodes, which are interconnected through a network. However, despite the growing usage of applications that rely on WSNs, they continue to suffer from restrictions, such as security issues and limited characteristics due to low memory and calculation power. Security issues lead to a lack of communication between sensors, wasting more energy. The need for efficient solutions has increased, especially with the rise of the Internet of Things, which relies on the effectiveness of WSNs. This review focuses on security issues by reviewing and addressing diverse types of WSN assaults that happened on each layer of the WSN that were published in security issues in the previous 3 years. As a consequence, this paper gives a taxonomy of security threats for each layer and different algorithmic solutions that numerous researchers who seek to counter this attack have explored. This study also presents a framework for constructing an intrusion detection system in the WSN by emphasising the drawbacks of each approach suggested by researchers to defend against specific forms of assault. In order to diminish the impact of this attack, this summary shows which attacks the majority of researchers have dealt with as well as which ones they have not yet addressed in their academic work.

show abstract

Cloud music resources-oriented secure data storage and defense using edge computing

Cao

2022

Int J Syst Assur Eng Manag

View full text Add to dashboard Cite

Prevention of session hijacking using token and session id reset approach

Cited by 3 publications

References 6 publications

Developing the algorithm and software for access token protection using request signing with temporary secret

Developing the algorithm and software for access token protection using request signing with temporary secret

Wireless sensor network security: A recent review based on state-of-the-art works

Cloud music resources-oriented secure data storage and defense using edge computing

Contact Info

Product

Resources

About