Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks release_yhpz5puoebfojgh3hhgflf3m2m

by Md. Shohrab Hossain, Arnob Paul, Md. Hasanul Islam, Mohammed Atiquzzaman

Published in Network Protocols and Algorithms by Macrothink Institute, Inc..

2018   Volume 10, p83

Abstract

Web communications between the server and the client are being used extensively. However, session hijacking has become a critical problem for most of the client-server communications. Among different session hijacking attacks, SSL stripping is the most dangerous attack. There are a number of measures proposed to prevent SSL tripping-based session hijacking attacks. However, existing surveys did not summarize all the preventive measures in a comprehensive manner (without much illustration and categorization). The objective of this paper is to provide a  comprehensive survey of existing measures against SSL stripping-based session hijacking attacks and compare those measures. In this paper, we have classified all the existing preventive measures for SSL stripping-based session hijacking attacks into two main categories: client-side measures and serverside measures. We have illustrated the proposed solutions comprehensively with useful diagrams for clarification. We have also compared them based on different performance criteria. This paper will help web security researchers to have a comparative analysis of all solutions for the SSL stripping based attacks, thereby improving existing solutions to better protect the users from session hijacking attacks.
In application/xml+jats format

Archived Files and Locations

application/pdf  1.5 MB
file_glbz4b2jwbc27b6xnboe55ytz4
www.macrothink.org (web)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article-journal
Stage   published
Date   2018-04-01
Container Metadata
Not in DOAJ
Not in Keepers Registry
ISSN-L:  1943-3581
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: b3d9c623-a70a-4752-bd3c-78466960424e
API URL: JSON