Past Event Recall Test for Mitigating Session Hijacking and Cross-Site Request Forgery

O. Salami, Abdulrazaq Muhammad Bashir, E. A. Adedokun, Yahaya Basira
{"title":"Past Event Recall Test for Mitigating Session Hijacking and Cross-Site Request Forgery","authors":"O. Salami, Abdulrazaq Muhammad Bashir, E. A. Adedokun, Yahaya Basira","doi":"10.1109/ict4da53266.2021.9672244","DOIUrl":null,"url":null,"abstract":"Authentication of user on a computer or network enable privacy protection and directing information to appropriate audience. Present authentication mechanisms only authenticate user once at the beginning of a communication session. The new wave of attacks that are used to steal information has made one-time authentication of users inadequate because the authenticated session can now be hijacked. Thus, it has become necessary for the communicating parties in a computer transaction session to reconfirm the other party on the other end periodically. Researchers have proposed different solutions to prevent or detect malicious taking over of a computer session. The solutions either work for particular types of attacks or only suitable for specific applications used to develop it. Others would fail in the face of spoofing attacks. This research proposed PERT for mitigating session hijacking and Cross-Site Request Forgery attacks. PERT ensure that a node is communicating only with a known system that it had previously successfully transacted with. The prototype was tested in NS-3 testbed. The tests were carried out to observe the proposed solution's performance against spoofing attacks and identity theft attacks. PERT performed satisfactorily better than two other solutions used to benchmark it as presented in the results section. It recorded 35% longer average execution time than the faster benchmark but 20.06% shorter average execution time than the slower benchmark. It prevented 97% and 95% of requests from an identity thief and a spoofing attacker respectively. The benchmark solutions recorded lower prevention efficiency.","PeriodicalId":371663,"journal":{"name":"2021 International Conference on Information and Communication Technology for Development for Africa (ICT4DA)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-11-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Information and Communication Technology for Development for Africa (ICT4DA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ict4da53266.2021.9672244","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Authentication of user on a computer or network enable privacy protection and directing information to appropriate audience. Present authentication mechanisms only authenticate user once at the beginning of a communication session. The new wave of attacks that are used to steal information has made one-time authentication of users inadequate because the authenticated session can now be hijacked. Thus, it has become necessary for the communicating parties in a computer transaction session to reconfirm the other party on the other end periodically. Researchers have proposed different solutions to prevent or detect malicious taking over of a computer session. The solutions either work for particular types of attacks or only suitable for specific applications used to develop it. Others would fail in the face of spoofing attacks. This research proposed PERT for mitigating session hijacking and Cross-Site Request Forgery attacks. PERT ensure that a node is communicating only with a known system that it had previously successfully transacted with. The prototype was tested in NS-3 testbed. The tests were carried out to observe the proposed solution's performance against spoofing attacks and identity theft attacks. PERT performed satisfactorily better than two other solutions used to benchmark it as presented in the results section. It recorded 35% longer average execution time than the faster benchmark but 20.06% shorter average execution time than the slower benchmark. It prevented 97% and 95% of requests from an identity thief and a spoofing attacker respectively. The benchmark solutions recorded lower prevention efficiency.
减轻会话劫持和跨站点请求伪造的过去事件回忆测试
对计算机或网络上的用户进行身份验证可以保护隐私并将信息定向到适当的受众。目前的身份验证机制只在通信会话开始时对用户进行一次身份验证。用于窃取信息的新一波攻击使得用户的一次性身份验证不足,因为经过身份验证的会话现在可以被劫持。因此,在计算机事务会话中通信的各方有必要定期对另一端的另一方进行再确认。研究人员提出了不同的解决方案来防止或检测恶意接管计算机会话。这些解决方案要么适用于特定类型的攻击,要么只适用于用于开发攻击的特定应用程序。另一些则会在欺骗攻击面前失败。本研究提出PERT来减轻会话劫持和跨站请求伪造攻击。PERT确保节点只与以前成功处理过事务的已知系统通信。样机在NS-3试验台进行了测试。进行了测试,以观察所提出的解决方案对欺骗攻击和身份盗窃攻击的性能。如结果部分所示,PERT的性能比用于对其进行基准测试的另外两种解决方案要好得多。它记录的平均执行时间比较快的基准长35%,但比较慢的基准短20.06%。它分别阻止了97%和95%的身份窃贼和欺骗攻击者的请求。基准解决方案的预防效率较低。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信