Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks

Hossain, Md. Shohrab; Paul, Arnob; Islam, Md. Hasanul; Atiquzzaman, Mohammed

doi:10.5296/npa.v10i1.12478

Cited by 16 publications

(9 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The data for the targeted hardware address and targeted protocol address is received from the ARP request message and utilised in the reply message. The destination device"s ARP cache will be modified, given that it will shortly need to access the sender machine [19]. A unicast is used, rather than a broadcast, to send an ARP reply message to the target device.…”

Section: Background 31 Address Resolution Protocolmentioning

confidence: 99%

Provably curb man-in-the-middle attack-based ARP spoofing in a local network

Nasser

Hussain

2022

Bulletin EEI

View full text Add to dashboard Cite

Even today, internet users’ data security remains a significant concern. One problem is ARP poisoning, otherwise referred to as ARP spoofing. Such attacks are intended to exploit the identified ARP protocol vulnerability. Despite no straightforward remedy for ARP spoofing being apparent, certain actions may be taken to maintain one’s safety. The most basic and common defence against a poisoning attack is manually adding MAC and IP addresses to the static ARP cache table. However, this solution is ineffective for large networks where static entries require considerable time and effort to maintain, whether by human input or via special tools and settings for the static entries of network devices. Accordingly, this paper aimed to monitor network packet information and detect the behaviour of ARP poison attacks on operating systems, for instance Windows and Linux. The discovery and defence policy systematically and periodically check the MAC addresses in the ARP table, enabling alerts to be issued if a duplicate entry is detected. This enables the poison-IP address to be blocked before a reply is sent. Finally, the results showed that the superiority was successfully achieved in the detection, prevention and reporting mechanisms in the real-world environment.

show abstract

Section: Background 31 Address Resolution Protocolmentioning

confidence: 99%

Provably curb man-in-the-middle attack-based ARP spoofing in a local network

Nasser

Hussain

2022

Bulletin EEI

View full text Add to dashboard Cite

show abstract

“…The TCP/IP comprises of several communication protocols that are designed to operate over the internet and other private networks [1], hence facilitating the key operations and services across these networks [2]- [4]. It also ensures end to end connectivity by establishing and maintaining communications between the communication entities [5]- [7].…”

Section: Introductionmentioning

confidence: 99%

Performance, privacy, and security issues of TCP/IP at the application layer: A comprehensive survey

Timothy Murkomen

2024

GSC Adv. Res. Rev.

View full text Add to dashboard Cite

TCP/IP is the backbone of modern network communication, connecting devices across the world. TCP/IP at its core is a suite of protocols that enables the transmission of data between computers, facilitating the foundation of the interconnected global network. At the Application Layer of TCP/IP is where the interaction between software applications and the network occurs. The user-centric protocols such as HTTP, SMTP, FTP, POP3, IMAP and DNS facilitate various tasks at this layer such as web browsing, email communication, and file transfer. This comprehensive survey conducted an exploration of the performance, security and privacy issues at the application layer of the TCP/IP. It initiated by providing a background of TCP/IP model, it’s architecture and the core characteristics, with major focus on the application layer. This paper aimed to discuss the state-of-the-art of performance, privacy and security concerns in TCP/IP application layer. It also proposed future research areas to equip researchers, practitioners, policy makers and the decision makers with tangible knowledge, offering guidance in navigating the performance, privacy and security concerns in TCP/IP Application Layer. It aimed to discuss the current performance, privacy and security research gaps at the Application Layer of the TCP/IP Model. The findings of this research sheds light on the performance, privacy and security issues while suggesting the countermeasures to strengthen and optimize the overall performance, security and privacy of TCP/IP model at the application layer. The paper finally suggests future directions and research areas at the TCP/IP application layer.

show abstract

“…According to Sealpath (2020), user data on transit is vulnerable to attacks because of weak encryption techniques used both on data and wireless networks used for data transmission. Data on transit is at risk from various attacks such as mobile malware, packet sniffing attacks (Bhattacharya & Reddy, 2022), Man-in-the-Middle (MITM) attacks [5], Domain Name System (DNS) poisoning [6], Secure Sockets Layer (SSL) strip session hijacking [7], eavesdropping attack [8], Denial of Service (DoS) attacks, and social engineering attacks [9]. Such risks have contributed to a segment of the population being reluctant to adopt such technology due to the fear of these vulnerabilities including the online fraud [10].…”

Section: Introductionmentioning

confidence: 99%

An Enhanced Data Transmission in Mobile Banking Using LSB-AES Algorithm

Orucho,

Awuor,

Makiya

et al. 2023

AJRCoS

View full text Add to dashboard Cite

The advent of mobile banking applications has transformed the way customers’ access banking services from brick-and-mortar to remote banking. The ubiquitous nature of this innovation has encouraged its adoption. This is because of improved banking services and accessibility to the services on a 24/7 basis using the internet. However, mobile banking applications are susceptible to numerous security threats and vulnerabilities that adversaries take advantage of to siphon money from bank customers. The aim of this study is to design and evaluate least significant bit and advanced encryption standard cryptography (LSB-AES) hybrid algorithm to protect data on transmission in mobile banking. This study employs data science research design, and performance evaluations demonstrated through simulations using MATLAB. Findings of this study can be applied to banks offering mobile banking across the world. This study utilized six color images from University of Southern California’s Signal and Image Processing Institute (USC-SIPI) dataset which were stored in Tagged Image File Format (TIFF). Contemporary steganographic systems utilize a minimum of 2 to 10 images for test simulations. Visual quality analysis of cover images and stego images was done using the following evaluation metrics: Mean Squared Error (MSE), Peak Signal-to-Noise Ratio (PSNR), and histogram analysis. Security of the proposed algorithm was done using entropy analysis. MSE values of cover and stego images should be closer to zero and indicate that cover image is of good quality for embedding data. On the other hand, PSNR values should be more than 40 decibel (dB) which indicates good imperceptibility. Histogram analysis should demonstrate no visible distortions between the cover and stego image for it to be free from statistical attacks. Entropy analysis should yield values close to 8 for the algorithm to be robust. Results from the proposed LSB-AES hybrid algorithm evaluation metrics reveals that Mean Squared Error (MSE) values ranges from 0.0001297 to 0.0005646 while Peak Signal-to-Noise Ratio (PSNR) values ranges from 80.65 to 87.71 and entropy values ranges from 6.295 to 7.762. Histogram analysis reveals that the cover and stego images are almost similar. These results infer that the proposed algorithm has good quality images with good imperceptibility and that the proposed algorithm is reliable, robust and secure for mobile banking. Entropy and histogram analysis results show that the proposed algorithm is resistant to Man-in-the-Middle attacks. This study recommends that legislation evaluates and amends security of mobile banking policies so that the proposed LSB-AES hybrid algorithm can be adopted as a secure solution for mobile banking.

show abstract

Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks

Cited by 16 publications

References 18 publications

Provably curb man-in-the-middle attack-based ARP spoofing in a local network

Provably curb man-in-the-middle attack-based ARP spoofing in a local network

Performance, privacy, and security issues of TCP/IP at the application layer: A comprehensive survey

An Enhanced Data Transmission in Mobile Banking Using LSB-AES Algorithm

Contact Info

Product

Resources

About