Kavita Bhatia, Santosh K. Pandey, Vivek K. Singh, Deena Nath Gupta
{"title":"Securing Ports of Web Applications Against Cross Site Port Attack (XSPA) by Using a Strong Session Identifier (Session ID)","authors":"Kavita Bhatia, Santosh K. Pandey, Vivek K. Singh, Deena Nath Gupta","doi":"10.1049/cps2.70005","DOIUrl":null,"url":null,"abstract":"<p>XSPA vulnerability can be attacked by stealing the cookie's information. In this case, it becomes utmost necessary to secure the information written in a cookie. A cookie contains a session ID that is a unique number generated by the server. This session ID must be a large random number so that no one can guess a valid session ID in real-time. Numerous research studies have been accomplished on the same but the area still persist gaps in view of emerging threats, such as phishing, pharming, and DoS. This paper proposes a new random-number generator that produces unique numbers in bulk. This helps the server to match the high demand of unique session IDs from different clients. The proposed generator is suitable for all types of web applications, because it requires the smallest area of only 134 Gate Equivalent on the application specific integrated circuit (ASIC) for its execution. Additionally, the proposed generator passed all tests of EPCglobal. Total time delay of digital circuit and power analysis results presented in the subsequent sections are also in the favour of proposed generator. With the implementation of this proposed technique cookies are expected to be more secure as evident from try-out results.</p>","PeriodicalId":36881,"journal":{"name":"IET Cyber-Physical Systems: Theory and Applications","volume":"10 1","pages":""},"PeriodicalIF":1.7000,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/cps2.70005","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Cyber-Physical Systems: Theory and Applications","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/cps2.70005","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
XSPA vulnerability can be attacked by stealing the cookie's information. In this case, it becomes utmost necessary to secure the information written in a cookie. A cookie contains a session ID that is a unique number generated by the server. This session ID must be a large random number so that no one can guess a valid session ID in real-time. Numerous research studies have been accomplished on the same but the area still persist gaps in view of emerging threats, such as phishing, pharming, and DoS. This paper proposes a new random-number generator that produces unique numbers in bulk. This helps the server to match the high demand of unique session IDs from different clients. The proposed generator is suitable for all types of web applications, because it requires the smallest area of only 134 Gate Equivalent on the application specific integrated circuit (ASIC) for its execution. Additionally, the proposed generator passed all tests of EPCglobal. Total time delay of digital circuit and power analysis results presented in the subsequent sections are also in the favour of proposed generator. With the implementation of this proposed technique cookies are expected to be more secure as evident from try-out results.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
