Assessing Secure OpenID-Based EAAA Protocol to Prevent MITM and Phishing Attacks in Web Apps

Bilal, Muhammad; Showngwe, Sandile C.; Bashir, Abid; Ghadi, Yazeed Yasin

doi:10.32604/cmc.2023.037071

Cited by 1 publication

(4 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…References MITM [22], [25], [26], [27], [28], [29], [31], [32], [33], [34], [35], [37], [41], [42], [43], [44], [45] Session Hijacking [23], [24], [26], [30], [31], [34], [35], [36], [37], [38], [39], [40], [46], [47], [48], [49], [50], [51] hijacking occurs during the HTTP session when the user gets its ID, whereas in-network layer interception occurs during TCP and User Datagram Protocol (UDP) sessions [48]. Fig.…”

Section: Attack Domainmentioning

confidence: 99%

“…3) A way to hijack the network is the brute force method in which the hit-and-trial process overtakes login data, encryption keys, and other private information [50]. 4) Lastly, misdirecting interest works by diverting users' interest to other websites, thus gaining, and attaining their private information [51]. Table 11 summarizes all the session hijacking attacks that occur on the application and network layer of the TCP/IP…”

Section: Attack Domainmentioning

confidence: 99%

“…Attack Type Attack on TCP/IP Layer [23] HTTP Hijacking Application [36], [38], [39], [49] Application-Level Hijacking Application [50] Brute Force Attack Application [51] Misdirecting Interest Application [24], [26], [31], [34], [35], [46] IP Spoofing Network [30] ARP Spoofing Network [31] IP Spoofing Network [37] Phishing Network [40] TCP Hijacking Network [47] Packet Sniffer Network [48] UDP Hijacking Network model.…”

Section: Referencesmentioning

confidence: 99%

“…[50] It uses a private key to secure the network communication. [51] It uses packet-level features and a trained classifier of machine learning for the detection and prevention of attacks.…”

Section: Referencesmentioning

confidence: 99%

See 3 more Smart Citations

Unveiling Vulnerabilities of Web Attacks Considering Man in the Middle Attack and Session Hijacking

Muzammil,

Bilal,

Ajmal

et al. 2024

IEEE Access

Self Cite

View full text Add to dashboard Cite

The current era extensively utilizes the Internet, which uses data. Due to the apparent openaccess Internet service, this data is highly vulnerable to attacks. Data privacy is affected by Web-based attacks. This Systematic Literature Review (SLR) focuses on two Web-based attacks: Man-In-The-Middle and session hijacking. It reviews about 30 studies from the years 2016-2023 that have been selected utilizing a proper study selection procedure. This SLR comprises three research questions. The first describes the overall trends in Man-In-The-Middle attacks and session hijacking studies. It shows that 7 articles were published in 2018, and the trend is decreasing to 4 articles by 2021. Moreover, 73% articles are published in conference venues, and India is the top contributor in this domain. Lastly, this question elaborated that IEEE is the top contributor as a publisher. The second addresses the sorts of attacks used by Man-In-The-Middle attacks and session hijacking on Transmission Control Protocol / Internet Protocol (TCP/IP). This demonstrates that Man-In-The-Middle attacks invade all layers and session hijacking attacks on only two, that is, the application and network layer. The third research question discusses the solutions provided by different studies to deal with Man-In-The-Middle attacks and session hijacking. In conclusion, this analysis highlights the need for stronger cybersecurity measures against Man-in-the-Middle and session hijacking assaults in the Internet era by revealing evolving trends, contributors, and solutions in data privacy. INDEX TERMS Privacy; Man-In-The-Middle attack; session hijacking; Hypertext Transfer Protocol (HTTP) hijacking

show abstract