A Novel Approach to Prevent Session Hijacking Attack

Darshan Tank; Ashwini Dalvi

Call for Paper

June Edition

IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper

Know more

The week's pick

Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin

Random Articles

Efficient Algorithm for Mining Frequent Subgraphs (Static and Dynamic) based on gSpan

February

2013

Handwritten Gurmukhi Numeral Recognition using Different Feature Sets

August

2011

Spectral Entropy Estimation of HRV Data of Thyroid and Healthy subjects

September

2011

Finger Vein Verification System based on Three Methodologies of Feature Extraction

Aug

2017

Reseach Article

A Novel Approach to Prevent Session Hijacking Attack

by Darshan Tank, Ashwini Dalvi

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 181 - Number 14

Year of Publication: 2018

Authors: Darshan Tank, Ashwini Dalvi

10.5120/ijca2018917798

Darshan Tank, Ashwini Dalvi . A Novel Approach to Prevent Session Hijacking Attack. International Journal of Computer Applications. 181, 14 ( Sep 2018), 28-30. DOI=10.5120/ijca2018917798

@article{ 10.5120/ijca2018917798,

author = { Darshan Tank, Ashwini Dalvi },

title = { A Novel Approach to Prevent Session Hijacking Attack },

journal = { International Journal of Computer Applications },

issue_date = { Sep 2018 },

volume = { 181 },

number = { 14 },

month = { Sep },

year = { 2018 },

issn = { 0975-8887 },

pages = { 28-30 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume181/number14/29891-2018917798/ },

doi = { 10.5120/ijca2018917798 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-07T01:05:58.783997+05:30

%A Darshan Tank

%A Ashwini Dalvi

%T A Novel Approach to Prevent Session Hijacking Attack

%J International Journal of Computer Applications

%@ 0975-8887

%V 181

%N 14

%P 28-30

%D 2018

%I Foundation of Computer Science (FCS), NY, USA

Abstract

Session hijacking is also called as cookie hijacking in which the attacker exploits a valid computer session sometimes also called a session key or session token to get an unauthorized access to user system or back-end server.so to prevent this type of attack we are creating a protocol that will prevent the attacker from gaining the access of encrypted cookie and back-end server. We are developing a Reverse proxy server (RPS) with a One Time Cookie (OTC) and generating a browser fingerprinting, IP address of system, session ID such that Reverse Proxy server handles a request using One Time Cookie (OTC) protocol to prevent adversary from capturing and injecting the session credentials also we are using Blowfish Algorithm for the encryption purpose. If any of this parameter alter than we can be easily identified the attacker.

References

Willem Burgers, Prevent Session Hijacking by Binding the Session to the Cryptographic Network Credentials, in Institute for Computing and Information Sciences, Radboud University Nijmegen, The Netherlands. 2013.
C. Visaggio, Session Management Vulnerabilities in Todays Web, in IEEE Security and Privacy,48-56, 2010Tavel, P. 2007 Modeling and Simulation Design. AK Peters Ltd.
J. S. Park and R. Sandhu, Secure Cookies on the Web, in IEEE Internet Computing, 36-44, 2000.
A. Juels, M. Jakobsson, and T. Jagatic, Cache cookies for browser authentication (Extended Abstract), in IEEE Symposium on Security and Privacy, 2006.
S. Jha and S. Ali , Mobile Agent Based Architecture to Prevent Session Hijacking Attacks in IEEE 802.11 WLAN, 5th Inter-national Conference on Computer and Communication Technology, 2014
Nick Nikiforakis, Wannes Meert, Yves Younan, Martin Johns, and Wouter Joosen, SessionShield: Lightweight protection against session hijacking, in 3rd International Symposium Engineering Secure Software and Systems (ESSoS 2011), volume 6542 of Lecture Notes in Computer Science, pages 87-100. Springer-Verlag, 2011
Alabrah, Amerah, and Mostafa Bassiouni. Preventing ses-sion hijacking in collaborative applications with hybrid cache-supported one-way hash chains. In Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2014 International Conference on, pp. 27-34. IEEE, 2014.
Yassein, Muneer Bani, Shadi Aljawarneh, Ethar Qawasmeh, Wail Mardini, and Yaser Khamayseh. Comprehensive study of symmetric key and asymmetric key encryption algorithms. In Engineering and Technology (ICET), 2017 International Conference on, pp. 1-7. IEEE, 2017.
http://cs.indstate.edu/ schinta/blowfish.pdf.
https://www.greycampus.com/opencampus/ethicalhacking/session-hijacking-and-its-types.

Index Terms

Computer Science

Information Sciences

Keywords

Session Hijacking One Time Cookie Reverse proxy server Browser fingerprinting session ID IP address Blowfish Algorithm HTTP