Anticipated Security Model for Session Transfer and Services Using OTP
DOI:
https://doi.org//10.32628/CSEIT195198Keywords:
Combinationarial Optimization Identification, Public Key Infrastructure, Partial Forward SecrecyAbstract
Internet security is a branch of computer sciences often involving browser security, network security, applications and operating systems to keep the internet as a secure channel to exchange information by reducing the risk and attacks. There are a number of studies that have been conducted in this field resulting in the development of various security models to achieve internet security. However, periodic security reports and previous studies prove that the most secure systems are not immune from risk and much effort is needed to improve internet security. This paper proposed a simple security model to improve internet applications security and services protections, specified access control, cryptographic, cookies and session managements, defense programing practices, care for security from early stage on development life cycle, use hardware authentication techniques in access control, then propose cryptographic approach by mix MD5 with Based64, consider session and cookies types and ways to keep it secure. Additionally, these practices discussed the most important web security vulnerability and access control weakness and how to overcome such weaknesses, proposed an approach to measure, analyze and evaluate security project according to software quality standard ISO 25010 by using Liker scale, finally ended by case study. The effort of this paper represents a set of techniques and tips that should be applied within each web application development process to maintain its security.
References
- Michel Abdalla, Pierre-Alain Fouque, and David Pointcheval, "Password-Based Authenticated Key Exchange in the Three-Party Setting", IEEE Proceedings on InformationSecurity, Volume 153, number 1, March 2006 , pp. 27-39.
- Whitefield Diffie, Martin E. Hellman, "New directions in cryptography", IEEE Transactions on Information Theory, pp. 644-654,1976.
- Behrouz A. Forouzan, Cryptography and network security, Tata McGraw-Hill, 2007.
- Hyun-SeokKim ,Jin-Young Choi, "Enhanced passwordbased simple three-party key exchange protocol", Elsevier, Computers and Electrical Engineering, 35, pp.107–114,2009.
- Yuanhui Lin, MengboHou, Qiuliang Xu, "Strongly password based three party authenticated key exchange protocol", Ninth International conference on Computational Intelligence and security, IEEE, pp. 555- 558,2013.
- Rongxing Lu, Zhenfu Cao, "Simple three-party key exchange protocol", Elsevier, computers & security 26, pp. 94-97,2007.
- Chao Lv , MaodeMab, Hui Li, JianfengMaa, Yaoyu Zhang, "An novel three-party authenticated key exchange protocol using one-time key", Elsevier, Journal of Network and Computer Applications (36), pp. 498–503,2013.
- Alfred Menezes, BerkantUstaoglu, "On reusing ephemeral keys in Diffie Hellman key agreement protocol",International Journal of Applied Cryptography,ACM,pp. 154-158, 2010.
Downloads
Published
Issue
Section
License
Copyright (c) IJSRCSEIT
This work is licensed under a Creative Commons Attribution 4.0 International License.