Designing a Novel Two-Tier Authentication Algorithm for Web Service Architecture


  • M. Milton Joe Department of Computer Science, St. Jerome’s College, Nagercoil, Tamilnadu, India
  • B. Ramakrishnan Department of Computer Science and Research Centre, S.T. Hindu College, Nagercoil, Tamilnadu, India
  • Resul Das Department of Software Engineering, Firat University, 23119, Elazig, Turkey


Web, Hacking, Authentication, Security, OneTier, Two-Tier, Internet, QoS, Pattern Recognition,


Web pages are secured by one-tier security constraints based on username and password. This one-tier security module is the only way to protect the web pages from hackers. However, the one-tier security constraints on web service architecture have several flaws. It can be hacked from outside without notifying the authorised user. Further, hackers can easily obtain the username and password, which is entered on the web pages to login for further actions. When the system is connected to the internet, the system can be hacked to get the username and password that can be done by monitoring user’s keystroke from a remote location. Considering the credentials of one-tier security constraints are being hacked, this paper analyses these flaws and modelled two-tier security constraints to secure the web service. In the proposed architecture pattern, recognition mechanism is used to authenticate the user. The pattern recognition architecture displays at dynamic locations for each refresh of the web page, which prevents the proposed twotier architecture from being hacked as well as guessing attack.


Joe, M. Milton, and B. Ramakrishnan. "WVANET: Modelling a novel

web based communication architecture for vehicular network." Wireless personal communications 85.4 (2015): 1987-2001.

Joe, M. Milton, B. Ramakrishnan, R.S. Shaji “Prevention of Losing User Account by Enhancing Security Module: A Facebook Case”, Journal of Emerging Technologies in Web Intelligence, Vol. 5, No. 3, August 2013, Page No: 247-256.

Mohamed Shehab a, Anna Squicciarini b, Gail-Joon Ahn c, Irini Kokkinou “Access control for online social networks third party applications” Elsevier- Computers & Security 31 (2012) 897 911.

George Lawton, Technology News, Published by the IEEE computer society, October 2007, Page No: 13-16.

Joe, M. Milton, B. Ramakrishnan, “Enhancing Security Module to Prevent Data Hacking in Online Social Networks”, Journal of Emerging Technologies in Web Intelligence, Vol. 6, No. 2, May 2014, Page No: 184-191.

Joe, M. Milton, B. Ramakrishnan, “A Survey of Various Security Issues in Online Social Networks”, International Journal of Computer Networks and Applications, Volume 1, Issue 1, November – December (2014), Page No: 11 – 14.

YIN Hao, FU Qiang, LIN Chuang, LIN Chuang, DING Rong, LIN Yishu, LI Yanxi, FAN Yanfei, “Mobile Police Information System Based on Web Services “ TSINGHUA SCIENCE AND

TECHNOLOGY - Volume 11, Number 1, February 2006, ISSN 1007-0214 01/21 pp1-7.

Chen, Wen-Shiung, Lili Hsieh, and Ying-Neng Hsieh. "Design and Implementation for SIP-based Push-to-Talk Services over 802.11 Networks." International Journal of Computer Networks and Applications (IJCNA), 2.6 (2015),PP: 261-266.

Altunbey, Feyza, and Bilal Alatas. "Overlapping community detection in social networks using parliamentary optimization

algorithm." International Journal of Computer Networks and Applications 2.1 (2015): 12-19.

Watkins Demien. Mobile web services technical roadmap. iders/mobilewebser

vices/mws_tech_roadmap.asp. 2003, 11.

Jonathan R. Mayer and John C. Mitchell, “Third-Party Web Tracking: Policy and Technology” 2012 IEEE Symposium on Security and Privacy, DOI 10.1109/SP.2012.47, Page No: 413- 427.

World Wide Web Consortium. Content Security Policy. [Online]. Available:

J. Grossman, R. Hansen, P. D. Petkov, A. Rager, and S. Fogie, XSS Attacks: Cross-Site Scripting Exploits and Defense. Burlington, MA: Syngress, 2007.

Chen, P., Desmet, L., Huygens, C., & Joosen, W. (2016, April). Longitudinal Study of the Use of Client-side Security Mechanisms on the European Web. In Proceedings of the 25th International Conference Companion on World Wide Web (pp. 457-462).

A. Barth, C. Jackson, and J. C. Mitchell, “Robust defenses for cross-site request forgery,” in Proceedings of the 2008 ACM Conference on Computer and Communications Security, October 2008.

W. Zeller and E. W. Felten, “Cross-site request forgeries: Exploitation and prevention,” Princeton University, Tech. Rep., September 2008.

P. Venkateswari, T. Purusothaman “A Secure Simple Authenticated Key Exchange Algorithm based Authentication for Social Network” Journal of Computer Science 7 (8): 1152-1156, 2011.

Joe, M. Milton, and B. Ramakrishnan. "Novel authentication procedures for preventing unauthorized access in social networks." Peer-to-Peer Networking and Applications (2016): 1-11

M. Joe, and B. Ramakrishnan, “Review of Vehicular Ad hoc Network Communication Models including WVANET (Web VANET) Model and WVANET Future Research Directions,” Wireless Networks, Springer, vol. 22, no. 7, pp. 2369-2386, 2015.

Hsiang, H.C. and W.K. Shih, 2009a. Efficient remote mutual

authentication and key agreement with perfect forward secrecy. Inform. Technol. J., 8:366-371. DOI: 10.3923/ITJ.2009.366.371.

Aboud, S.J., 2010. Efficient password-typed key agreement scheme. Int. J. Comput. Sci., 7: 26-31.

Berkeley, A.R.U.C., 2008. Personal knowledge questions for fallback authentication: security questions in the era of Face book. Proceedings of the 4th Symposium on Usable Privacy and Security, (SOUPS'08), ACM, New York, pp: 13-23. DOI: 10.1145/1408664.1408667.

Meier J D, Mackman A, Dunner M, Vasireddy S. Web services security S.

Powell Matt. Web services security (WS-security). 2002.

Nishanth, R. Bhagavath, B. Ramakrishnan, and M. Selvi. "Improved signcryption algorithm for information security in

networks." International Journal of Computer Networks and

Applications (IJCNA) 2.3 (2015): 151-157.

Wang, Y., Wen, S., Xiang, Y., & Zhou, W. (2014). Modeling the propagation of worms in networks: A survey. IEEE Communications Surveys & Tutorials, 16(2), 942-960.

S. Staniford, V. Paxson, N. Weaver et al., “How to own the internet in your spare time.” in USENIX Security Symp., 2002, pp. 149–167.




How to Cite

Joe, M. M., Ramakrishnan, B., & Das, R. (2016). Designing a Novel Two-Tier Authentication Algorithm for Web Service Architecture. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 8(9), 67–75. Retrieved from