A Secure Framework for IoT Smart Home by Resolving Session Hijacking

Humaira, Fozilatoon; Islam, Sanju; Luva, Sanjida Akter; Rahman, Bayazid

doi:10.34257/gjcstgvol20is2pg9

Cited by 7 publications

(10 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are many types of MITM attacks that attackers can use to exploit insecure applications and user data. Some of the most common types of MITM attacks include rogue access point attacks [109], address resolution protocol (ARP) spoofing [110], domain name system (DNS) spoofing [111], session hijacking [112], and SSL/TLS interception [113].…”

Section: Man-in-the-middle Attack (Mitm) [108]mentioning

confidence: 99%

A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review

Tariq

Ahmed

Bashir

et al. 2023

Sensors

114

View full text Add to dashboard Cite

The emergence of the Internet of Things (IoT) technology has brought about tremendous possibilities, but at the same time, it has opened up new vulnerabilities and attack vectors that could compromise the confidentiality, integrity, and availability of connected systems. Developing a secure IoT ecosystem is a daunting challenge that requires a systematic and holistic approach to identify and mitigate potential security threats. Cybersecurity research considerations play a critical role in this regard, as they provide the foundation for designing and implementing security measures that can address emerging risks. To achieve a secure IoT ecosystem, scientists and engineers must first define rigorous security specifications that serve as the foundation for developing secure devices, chipsets, and networks. Developing such specifications requires an interdisciplinary approach that involves multiple stakeholders, including cybersecurity experts, network architects, system designers, and domain experts. The primary challenge in IoT security is ensuring the system can defend against both known and unknown attacks. To date, the IoT research community has identified several key security concerns related to the architecture of IoT systems. These concerns include issues related to connectivity, communication, and management protocols. This research paper provides an all-inclusive and lucid review of the current state of anomalies and security concepts related to the IoT. We classify and analyze prevalent security distresses regarding IoT’s layered architecture, including connectivity, communication, and management protocols. We establish the foundation of IoT security by examining the current attacks, threats, and cutting-edge solutions. Furthermore, we set security goals that will serve as the benchmark for assessing whether a solution satisfies the specific IoT use cases.

show abstract

Section: Man-in-the-middle Attack (Mitm) [108]mentioning

confidence: 99%

A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review

Tariq

Ahmed

Bashir

et al. 2023

Sensors

114

View full text Add to dashboard Cite

show abstract

“…Session Hijacking: Session hijacking [151] occurs when an attacker steals an HTTP session by intercepting and capturing packets using a packet sniffer [152]- [156]. Successful hijacking grants the attacker full access to the session, redirecting communication from the client to the web server to the attacker.…”

Section: Security Concerns In Web Applications and Browsersmentioning

confidence: 99%

Performance, privacy, and security issues of TCP/IP at the application layer: A comprehensive survey

Timothy Murkomen

2024

GSC Adv. Res. Rev.

View full text Add to dashboard Cite

TCP/IP is the backbone of modern network communication, connecting devices across the world. TCP/IP at its core is a suite of protocols that enables the transmission of data between computers, facilitating the foundation of the interconnected global network. At the Application Layer of TCP/IP is where the interaction between software applications and the network occurs. The user-centric protocols such as HTTP, SMTP, FTP, POP3, IMAP and DNS facilitate various tasks at this layer such as web browsing, email communication, and file transfer. This comprehensive survey conducted an exploration of the performance, security and privacy issues at the application layer of the TCP/IP. It initiated by providing a background of TCP/IP model, it’s architecture and the core characteristics, with major focus on the application layer. This paper aimed to discuss the state-of-the-art of performance, privacy and security concerns in TCP/IP application layer. It also proposed future research areas to equip researchers, practitioners, policy makers and the decision makers with tangible knowledge, offering guidance in navigating the performance, privacy and security concerns in TCP/IP Application Layer. It aimed to discuss the current performance, privacy and security research gaps at the Application Layer of the TCP/IP Model. The findings of this research sheds light on the performance, privacy and security issues while suggesting the countermeasures to strengthen and optimize the overall performance, security and privacy of TCP/IP model at the application layer. The paper finally suggests future directions and research areas at the TCP/IP application layer.

show abstract

“…Spooling is another method to gain access to the data by malicious users at input and output devices, from where data is originated and delivered [9]. Furthermore, Session Hijacking (SH) seizes the whole web session and gathers all the data [10]. Lastly, Man-In-The-Middle (MITM) is a kind of attack in which the attacker overhears the network without permission [11].…”

Section: Introductionmentioning

confidence: 99%

“…Among these web attacks, Man-in-the-middle assaults, phishing, and session hijacking are the most prevalent kinds of online attacks. Man-In-The-Middle (MITM) [11] and session hijacking [10] is a type of invasion that includes an attacker who tries to breach the privacy of the user. The Web-based application depends upon Hypertext Transfer Protocol Secure (HTTPS) to ensure privacy and security during user communication [12].…”

Section: Introductionmentioning

confidence: 99%

Unveiling Vulnerabilities of Web Attacks Considering Man in the Middle Attack and Session Hijacking

Muzammil,

Bilal,

Ajmal

et al. 2024

IEEE Access

View full text Add to dashboard Cite

The current era extensively utilizes the Internet, which uses data. Due to the apparent openaccess Internet service, this data is highly vulnerable to attacks. Data privacy is affected by Web-based attacks. This Systematic Literature Review (SLR) focuses on two Web-based attacks: Man-In-The-Middle and session hijacking. It reviews about 30 studies from the years 2016-2023 that have been selected utilizing a proper study selection procedure. This SLR comprises three research questions. The first describes the overall trends in Man-In-The-Middle attacks and session hijacking studies. It shows that 7 articles were published in 2018, and the trend is decreasing to 4 articles by 2021. Moreover, 73% articles are published in conference venues, and India is the top contributor in this domain. Lastly, this question elaborated that IEEE is the top contributor as a publisher. The second addresses the sorts of attacks used by Man-In-The-Middle attacks and session hijacking on Transmission Control Protocol / Internet Protocol (TCP/IP). This demonstrates that Man-In-The-Middle attacks invade all layers and session hijacking attacks on only two, that is, the application and network layer. The third research question discusses the solutions provided by different studies to deal with Man-In-The-Middle attacks and session hijacking. In conclusion, this analysis highlights the need for stronger cybersecurity measures against Man-in-the-Middle and session hijacking assaults in the Internet era by revealing evolving trends, contributors, and solutions in data privacy. INDEX TERMS Privacy; Man-In-The-Middle attack; session hijacking; Hypertext Transfer Protocol (HTTP) hijacking

show abstract

A Secure Framework for IoT Smart Home by Resolving Session Hijacking

Cited by 7 publications

References 2 publications

A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review

A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review

Performance, privacy, and security issues of TCP/IP at the application layer: A comprehensive survey

Unveiling Vulnerabilities of Web Attacks Considering Man in the Middle Attack and Session Hijacking

Contact Info

Product

Resources

About