Kavita Bhatia, Santosh K. Pandey, Vivek K. Singh, Deena Nath Gupta
{"title":"使用强会话标识符(Session ID)保护Web应用程序端口免受跨站端口攻击(XSPA)","authors":"Kavita Bhatia, Santosh K. Pandey, Vivek K. Singh, Deena Nath Gupta","doi":"10.1049/cps2.70005","DOIUrl":null,"url":null,"abstract":"<p>XSPA vulnerability can be attacked by stealing the cookie's information. In this case, it becomes utmost necessary to secure the information written in a cookie. A cookie contains a session ID that is a unique number generated by the server. This session ID must be a large random number so that no one can guess a valid session ID in real-time. Numerous research studies have been accomplished on the same but the area still persist gaps in view of emerging threats, such as phishing, pharming, and DoS. This paper proposes a new random-number generator that produces unique numbers in bulk. This helps the server to match the high demand of unique session IDs from different clients. The proposed generator is suitable for all types of web applications, because it requires the smallest area of only 134 Gate Equivalent on the application specific integrated circuit (ASIC) for its execution. Additionally, the proposed generator passed all tests of EPCglobal. Total time delay of digital circuit and power analysis results presented in the subsequent sections are also in the favour of proposed generator. With the implementation of this proposed technique cookies are expected to be more secure as evident from try-out results.</p>","PeriodicalId":36881,"journal":{"name":"IET Cyber-Physical Systems: Theory and Applications","volume":"10 1","pages":""},"PeriodicalIF":0.8000,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/cps2.70005","citationCount":"0","resultStr":"{\"title\":\"Securing Ports of Web Applications Against Cross Site Port Attack (XSPA) by Using a Strong Session Identifier (Session ID)\",\"authors\":\"Kavita Bhatia, Santosh K. Pandey, Vivek K. Singh, Deena Nath Gupta\",\"doi\":\"10.1049/cps2.70005\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>XSPA vulnerability can be attacked by stealing the cookie's information. In this case, it becomes utmost necessary to secure the information written in a cookie. A cookie contains a session ID that is a unique number generated by the server. This session ID must be a large random number so that no one can guess a valid session ID in real-time. Numerous research studies have been accomplished on the same but the area still persist gaps in view of emerging threats, such as phishing, pharming, and DoS. This paper proposes a new random-number generator that produces unique numbers in bulk. This helps the server to match the high demand of unique session IDs from different clients. The proposed generator is suitable for all types of web applications, because it requires the smallest area of only 134 Gate Equivalent on the application specific integrated circuit (ASIC) for its execution. Additionally, the proposed generator passed all tests of EPCglobal. Total time delay of digital circuit and power analysis results presented in the subsequent sections are also in the favour of proposed generator. With the implementation of this proposed technique cookies are expected to be more secure as evident from try-out results.</p>\",\"PeriodicalId\":36881,\"journal\":{\"name\":\"IET Cyber-Physical Systems: Theory and Applications\",\"volume\":\"10 1\",\"pages\":\"\"},\"PeriodicalIF\":0.8000,\"publicationDate\":\"2025-02-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1049/cps2.70005\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Cyber-Physical Systems: Theory and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1049/cps2.70005\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Cyber-Physical Systems: Theory and Applications","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/cps2.70005","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Securing Ports of Web Applications Against Cross Site Port Attack (XSPA) by Using a Strong Session Identifier (Session ID)
XSPA vulnerability can be attacked by stealing the cookie's information. In this case, it becomes utmost necessary to secure the information written in a cookie. A cookie contains a session ID that is a unique number generated by the server. This session ID must be a large random number so that no one can guess a valid session ID in real-time. Numerous research studies have been accomplished on the same but the area still persist gaps in view of emerging threats, such as phishing, pharming, and DoS. This paper proposes a new random-number generator that produces unique numbers in bulk. This helps the server to match the high demand of unique session IDs from different clients. The proposed generator is suitable for all types of web applications, because it requires the smallest area of only 134 Gate Equivalent on the application specific integrated circuit (ASIC) for its execution. Additionally, the proposed generator passed all tests of EPCglobal. Total time delay of digital circuit and power analysis results presented in the subsequent sections are also in the favour of proposed generator. With the implementation of this proposed technique cookies are expected to be more secure as evident from try-out results.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
