Three Tier Verification Technique to foil session sidejacking attempts

Vinay Kumar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Session sidejacking is the term used to describe the theft of cookies used to authenticate the user to a web server. Session sidejacking attack is a form of session hijacking where the hacker uses packet sniffers to listen to the traffic between the client and server to steal the session cookie. Most of the websites use Hypertext Transfer Protocol Secure (HTTPS) only for Login purpose in order to protect the user name and password. However they revert back to Hypertext Transfer Protocol (HTTP) after this and all the cookies which are used to authenticate the user are sent to the server over an unsecure HTTP connection. Any hacker listening to this network using a packet sniffer can copy the cookies and use them to impersonate the victim and carry out activities on his behalf. Though the hacker won't know the password of the victim but he can still act on victim's behalf. A three tier session verification technique which is impervious to Session sidejacking is being proposed here. This technique allows the use of HTTP protocol and still protects the users from session sidejacking, however it assumes that the server uses a secure HTTPS connection for login purposes to avoid transmission of password in the clear. This technique uses a feature of Hyper Text Markup Language Version 5 (HTML5) called "local storage" to overcome the vulnerabilities of cookies and it foils any attempt to sidejack a session. This technique can be implemented using server side logic and client-side JavaScript.

Original languageEnglish
Title of host publication2011 2nd Asian Himalayas International Conference on Internet, AH-ICI 2011
DOIs
Publication statusPublished - 01-12-2011
Externally publishedYes
Event2011 2nd Asian Himalayas International Conference on Internet, AH-ICI 2011 - Kathmundu, Nepal
Duration: 04-11-201106-11-2011

Conference

Conference2011 2nd Asian Himalayas International Conference on Internet, AH-ICI 2011
CountryNepal
CityKathmundu
Period04-11-1106-11-11

Fingerprint

HTTP
Metal foil
Servers
Markup languages
Websites
Network protocols

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications

Cite this

Kumar, V. (2011). Three Tier Verification Technique to foil session sidejacking attempts. In 2011 2nd Asian Himalayas International Conference on Internet, AH-ICI 2011 [6113928] https://doi.org/10.1109/AHICI.2011.6113928
Kumar, Vinay. / Three Tier Verification Technique to foil session sidejacking attempts. 2011 2nd Asian Himalayas International Conference on Internet, AH-ICI 2011. 2011.
@inproceedings{1e15f0cd286c4e489e9d283af0d58348,
title = "Three Tier Verification Technique to foil session sidejacking attempts",
abstract = "Session sidejacking is the term used to describe the theft of cookies used to authenticate the user to a web server. Session sidejacking attack is a form of session hijacking where the hacker uses packet sniffers to listen to the traffic between the client and server to steal the session cookie. Most of the websites use Hypertext Transfer Protocol Secure (HTTPS) only for Login purpose in order to protect the user name and password. However they revert back to Hypertext Transfer Protocol (HTTP) after this and all the cookies which are used to authenticate the user are sent to the server over an unsecure HTTP connection. Any hacker listening to this network using a packet sniffer can copy the cookies and use them to impersonate the victim and carry out activities on his behalf. Though the hacker won't know the password of the victim but he can still act on victim's behalf. A three tier session verification technique which is impervious to Session sidejacking is being proposed here. This technique allows the use of HTTP protocol and still protects the users from session sidejacking, however it assumes that the server uses a secure HTTPS connection for login purposes to avoid transmission of password in the clear. This technique uses a feature of Hyper Text Markup Language Version 5 (HTML5) called {"}local storage{"} to overcome the vulnerabilities of cookies and it foils any attempt to sidejack a session. This technique can be implemented using server side logic and client-side JavaScript.",
author = "Vinay Kumar",
year = "2011",
month = "12",
day = "1",
doi = "10.1109/AHICI.2011.6113928",
language = "English",
isbn = "9781457710872",
booktitle = "2011 2nd Asian Himalayas International Conference on Internet, AH-ICI 2011",

}

Kumar, V 2011, Three Tier Verification Technique to foil session sidejacking attempts. in 2011 2nd Asian Himalayas International Conference on Internet, AH-ICI 2011., 6113928, 2011 2nd Asian Himalayas International Conference on Internet, AH-ICI 2011, Kathmundu, Nepal, 04-11-11. https://doi.org/10.1109/AHICI.2011.6113928

Three Tier Verification Technique to foil session sidejacking attempts. / Kumar, Vinay.

2011 2nd Asian Himalayas International Conference on Internet, AH-ICI 2011. 2011. 6113928.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Three Tier Verification Technique to foil session sidejacking attempts

AU - Kumar, Vinay

PY - 2011/12/1

Y1 - 2011/12/1

N2 - Session sidejacking is the term used to describe the theft of cookies used to authenticate the user to a web server. Session sidejacking attack is a form of session hijacking where the hacker uses packet sniffers to listen to the traffic between the client and server to steal the session cookie. Most of the websites use Hypertext Transfer Protocol Secure (HTTPS) only for Login purpose in order to protect the user name and password. However they revert back to Hypertext Transfer Protocol (HTTP) after this and all the cookies which are used to authenticate the user are sent to the server over an unsecure HTTP connection. Any hacker listening to this network using a packet sniffer can copy the cookies and use them to impersonate the victim and carry out activities on his behalf. Though the hacker won't know the password of the victim but he can still act on victim's behalf. A three tier session verification technique which is impervious to Session sidejacking is being proposed here. This technique allows the use of HTTP protocol and still protects the users from session sidejacking, however it assumes that the server uses a secure HTTPS connection for login purposes to avoid transmission of password in the clear. This technique uses a feature of Hyper Text Markup Language Version 5 (HTML5) called "local storage" to overcome the vulnerabilities of cookies and it foils any attempt to sidejack a session. This technique can be implemented using server side logic and client-side JavaScript.

AB - Session sidejacking is the term used to describe the theft of cookies used to authenticate the user to a web server. Session sidejacking attack is a form of session hijacking where the hacker uses packet sniffers to listen to the traffic between the client and server to steal the session cookie. Most of the websites use Hypertext Transfer Protocol Secure (HTTPS) only for Login purpose in order to protect the user name and password. However they revert back to Hypertext Transfer Protocol (HTTP) after this and all the cookies which are used to authenticate the user are sent to the server over an unsecure HTTP connection. Any hacker listening to this network using a packet sniffer can copy the cookies and use them to impersonate the victim and carry out activities on his behalf. Though the hacker won't know the password of the victim but he can still act on victim's behalf. A three tier session verification technique which is impervious to Session sidejacking is being proposed here. This technique allows the use of HTTP protocol and still protects the users from session sidejacking, however it assumes that the server uses a secure HTTPS connection for login purposes to avoid transmission of password in the clear. This technique uses a feature of Hyper Text Markup Language Version 5 (HTML5) called "local storage" to overcome the vulnerabilities of cookies and it foils any attempt to sidejack a session. This technique can be implemented using server side logic and client-side JavaScript.

UR - http://www.scopus.com/inward/record.url?scp=84856404492&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84856404492&partnerID=8YFLogxK

U2 - 10.1109/AHICI.2011.6113928

DO - 10.1109/AHICI.2011.6113928

M3 - Conference contribution

AN - SCOPUS:84856404492

SN - 9781457710872

BT - 2011 2nd Asian Himalayas International Conference on Internet, AH-ICI 2011

ER -

Kumar V. Three Tier Verification Technique to foil session sidejacking attempts. In 2011 2nd Asian Himalayas International Conference on Internet, AH-ICI 2011. 2011. 6113928 https://doi.org/10.1109/AHICI.2011.6113928