Fig 14 - uploaded by Agnes Hui Chan
Content may be subject to copyright.
Source publication
Summary Many web-based services use persistent cookies to store user authentication information on the disk. In these services, when a web browser connects to the server, it sends the persistent cookies to automate the authentication process so that the user does not need to type in the username or password. However, current web authentication arch...
Similar publications
We have designed, developed and implemented a hierarchical web service using Java as programming language, apache tomcat as web server, MySQL as database server to study the performance of the web service. The web service has been tested by deploying it on Mercury Load Runner to study various attributes like load and performance of the service, sca...
Hypertext Transfer Protocol (HTTP) is a standard data exchange protocol over the web. Currently, HTTP is still widely used to handle communication between client and server. However the related researches show that data exchange via HTTP is still vulnerable because the data sent is in the form of plaintext. To overcome the problem, the available so...
Many number of software dependent web services are being developed & everything is moving from offline to online world. To maintain these web services & ensure its smooth opreations we need some system mainly servers . It is necessary to check the servers systems performance to maintain its smooth functioning. The performance can be checked on numb...
With the development technology, datas which are saved in databases are rising, useful methods and kind of algorithms for making employable data and are build up for processing. For the solution of this problem data mining tools come into existence, to which clustering algorithms belong. For the clustering area this paper supposed to aid education,...
Web servers are generally situated in an efficient server center where these servers associate with the outside Web straightforwardly through spines. In the interim, the application layer Bandwidth flooding attack (ALBFA) assaults are basic dangers to the Web, especially to those business web servers. As of now, there are a few strategies intended...
Citations
... Ruopeng Ye, Agnes Chan, and Feng Zhu [16] have shown that their schemes can effectively stop replayattacks from expired cookies. Their solution consists of a simple scheme and an MK scheme. ...
... This research focuses on sensor networks, not web sites. Ruopeng Ye, Agnes Chan, and Feng Zhu [16] have shown that their schemes can effectively stop replayattacks from expired cookies. Their solution consists of a simple scheme and an MK scheme. ...
A large number of web sites, including e-commerce and famous websites such as Hotmail, Gmail, Yahoo mail, Hi5, and Face-book, are vulnerable to Session Hijacking, whereby a hacker impersonates a user. Such attacks can be launched by capturing Cookie/Session IDs within an LAN, or by using XSS (Cross Site Scripting), which allows hackers to steal cookies from across the world and then use the captured Cookie/Session ID to access the system on a victim’s identity. This problem is a result of using a Static Session ID. This research proposes a model to protect against Session hijacking by using a Non-Static Session ID instead of a Static Session ID. With this model, a victim’s session ID captured by hacker will not be able to be used for replay attacks. We will demonstrate our model’s effectiveness and ensure its high level of security by describing each step.
... Ye et al. [55] have proposed a scheme for the web servers to efficiently store session information on the server and verify the cookie state information received from client. In this scheme, the web server is also able to record the expiration state information of the cookies and thus prevent the application from cookie replay attacks. ...
... In an application where a user can have multiple parallel sessions, the simple scheme needs to be modified, Ye et al. [55] propose the second scheme for this and it is known as M/K scheme. This scheme allows a server to keep track of a maximum of m authentication cookies within k days. ...
... Access Control Entry and Cookie in M/K Scheme[55] ...
