CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

A Novel Approach to Prevent Session Hijacking Attack

by Darshan Tank, Ashwini Dalvi
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 181 - Number 14
Year of Publication: 2018
Authors: Darshan Tank, Ashwini Dalvi
10.5120/ijca2018917798

Darshan Tank, Ashwini Dalvi . A Novel Approach to Prevent Session Hijacking Attack. International Journal of Computer Applications. 181, 14 ( Sep 2018), 28-30. DOI=10.5120/ijca2018917798

@article{ 10.5120/ijca2018917798,
author = { Darshan Tank, Ashwini Dalvi },
title = { A Novel Approach to Prevent Session Hijacking Attack },
journal = { International Journal of Computer Applications },
issue_date = { Sep 2018 },
volume = { 181 },
number = { 14 },
month = { Sep },
year = { 2018 },
issn = { 0975-8887 },
pages = { 28-30 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume181/number14/29891-2018917798/ },
doi = { 10.5120/ijca2018917798 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:05:58.783997+05:30
%A Darshan Tank
%A Ashwini Dalvi
%T A Novel Approach to Prevent Session Hijacking Attack
%J International Journal of Computer Applications
%@ 0975-8887
%V 181
%N 14
%P 28-30
%D 2018
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Session hijacking is also called as cookie hijacking in which the attacker exploits a valid computer session sometimes also called a session key or session token to get an unauthorized access to user system or back-end server.so to prevent this type of attack we are creating a protocol that will prevent the attacker from gaining the access of encrypted cookie and back-end server. We are developing a Reverse proxy server (RPS) with a One Time Cookie (OTC) and generating a browser fingerprinting, IP address of system, session ID such that Reverse Proxy server handles a request using One Time Cookie (OTC) protocol to prevent adversary from capturing and injecting the session credentials also we are using Blowfish Algorithm for the encryption purpose. If any of this parameter alter than we can be easily identified the attacker.

References
  1. Willem Burgers, Prevent Session Hijacking by Binding the Session to the Cryptographic Network Credentials, in Institute for Computing and Information Sciences, Radboud University Nijmegen, The Netherlands. 2013.
  2. C. Visaggio, Session Management Vulnerabilities in Todays Web, in IEEE Security and Privacy,48-56, 2010Tavel, P. 2007 Modeling and Simulation Design. AK Peters Ltd.
  3. J. S. Park and R. Sandhu, Secure Cookies on the Web, in IEEE Internet Computing, 36-44, 2000.
  4. A. Juels, M. Jakobsson, and T. Jagatic, Cache cookies for browser authentication (Extended Abstract), in IEEE Symposium on Security and Privacy, 2006.
  5. S. Jha and S. Ali , Mobile Agent Based Architecture to Prevent Session Hijacking Attacks in IEEE 802.11 WLAN, 5th Inter-national Conference on Computer and Communication Technology, 2014
  6. Nick Nikiforakis, Wannes Meert, Yves Younan, Martin Johns, and Wouter Joosen, SessionShield: Lightweight protection against session hijacking, in 3rd International Symposium Engineering Secure Software and Systems (ESSoS 2011), volume 6542 of Lecture Notes in Computer Science, pages 87-100. Springer-Verlag, 2011
  7. Alabrah, Amerah, and Mostafa Bassiouni. Preventing ses-sion hijacking in collaborative applications with hybrid cache-supported one-way hash chains. In Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2014 International Conference on, pp. 27-34. IEEE, 2014.
  8. Yassein, Muneer Bani, Shadi Aljawarneh, Ethar Qawasmeh, Wail Mardini, and Yaser Khamayseh. Comprehensive study of symmetric key and asymmetric key encryption algorithms. In Engineering and Technology (ICET), 2017 International Conference on, pp. 1-7. IEEE, 2017.
  9. http://cs.indstate.edu/ schinta/blowfish.pdf.
  10. https://www.greycampus.com/opencampus/ethicalhacking/session-hijacking-and-its-types.
Index Terms

Computer Science
Information Sciences

Keywords

Session Hijacking One Time Cookie Reverse proxy server Browser fingerprinting session ID IP address Blowfish Algorithm HTTP

Powered by PhDFocusTM