Designing a Novel Two-Tier Authentication Algorithm for Web Service Architecture
Keywords:
Web, Hacking, Authentication, Security, OneTier, Two-Tier, Internet, QoS, Pattern Recognition,Abstract
Web pages are secured by one-tier security constraints based on username and password. This one-tier security module is the only way to protect the web pages from hackers. However, the one-tier security constraints on web service architecture have several flaws. It can be hacked from outside without notifying the authorised user. Further, hackers can easily obtain the username and password, which is entered on the web pages to login for further actions. When the system is connected to the internet, the system can be hacked to get the username and password that can be done by monitoring user’s keystroke from a remote location. Considering the credentials of one-tier security constraints are being hacked, this paper analyses these flaws and modelled two-tier security constraints to secure the web service. In the proposed architecture pattern, recognition mechanism is used to authenticate the user. The pattern recognition architecture displays at dynamic locations for each refresh of the web page, which prevents the proposed twotier architecture from being hacked as well as guessing attack.References
Joe, M. Milton, and B. Ramakrishnan. "WVANET: Modelling a novel
web based communication architecture for vehicular network." Wireless personal communications 85.4 (2015): 1987-2001.
Joe, M. Milton, B. Ramakrishnan, R.S. Shaji “Prevention of Losing User Account by Enhancing Security Module: A Facebook Case”, Journal of Emerging Technologies in Web Intelligence, Vol. 5, No. 3, August 2013, Page No: 247-256.
Mohamed Shehab a, Anna Squicciarini b, Gail-Joon Ahn c, Irini Kokkinou “Access control for online social networks third party applications” Elsevier- Computers & Security 31 (2012) 897 911.
George Lawton, Technology News, Published by the IEEE computer society, October 2007, Page No: 13-16.
Joe, M. Milton, B. Ramakrishnan, “Enhancing Security Module to Prevent Data Hacking in Online Social Networks”, Journal of Emerging Technologies in Web Intelligence, Vol. 6, No. 2, May 2014, Page No: 184-191.
Joe, M. Milton, B. Ramakrishnan, “A Survey of Various Security Issues in Online Social Networks”, International Journal of Computer Networks and Applications, Volume 1, Issue 1, November – December (2014), Page No: 11 – 14.
YIN Hao, FU Qiang, LIN Chuang, LIN Chuang, DING Rong, LIN Yishu, LI Yanxi, FAN Yanfei, “Mobile Police Information System Based on Web Services “ TSINGHUA SCIENCE AND
TECHNOLOGY - Volume 11, Number 1, February 2006, ISSN 1007-0214 01/21 pp1-7.
Chen, Wen-Shiung, Lili Hsieh, and Ying-Neng Hsieh. "Design and Implementation for SIP-based Push-to-Talk Services over 802.11 Networks." International Journal of Computer Networks and Applications (IJCNA), 2.6 (2015),PP: 261-266.
Altunbey, Feyza, and Bilal Alatas. "Overlapping community detection in social networks using parliamentary optimization
algorithm." International Journal of Computer Networks and Applications 2.1 (2015): 12-19.
Watkins Demien. Mobile web services technical roadmap.
http://www.microsoft.com/serviceprov iders/mobilewebser
vices/mws_tech_roadmap.asp. 2003, 11.
Jonathan R. Mayer and John C. Mitchell, “Third-Party Web Tracking: Policy and Technology” 2012 IEEE Symposium on Security and Privacy, DOI 10.1109/SP.2012.47, Page No: 413- 427.
World Wide Web Consortium. Content Security Policy. [Online]. Available: http://w3.org/TR/CSP/
J. Grossman, R. Hansen, P. D. Petkov, A. Rager, and S. Fogie, XSS Attacks: Cross-Site Scripting Exploits and Defense. Burlington, MA: Syngress, 2007.
Chen, P., Desmet, L., Huygens, C., & Joosen, W. (2016, April). Longitudinal Study of the Use of Client-side Security Mechanisms on the European Web. In Proceedings of the 25th International Conference Companion on World Wide Web (pp. 457-462).
A. Barth, C. Jackson, and J. C. Mitchell, “Robust defenses for cross-site request forgery,” in Proceedings of the 2008 ACM Conference on Computer and Communications Security, October 2008.
W. Zeller and E. W. Felten, “Cross-site request forgeries: Exploitation and prevention,” Princeton University, Tech. Rep., September 2008.
P. Venkateswari, T. Purusothaman “A Secure Simple Authenticated Key Exchange Algorithm based Authentication for Social Network” Journal of Computer Science 7 (8): 1152-1156, 2011.
Joe, M. Milton, and B. Ramakrishnan. "Novel authentication procedures for preventing unauthorized access in social networks." Peer-to-Peer Networking and Applications (2016): 1-11
M. Joe, and B. Ramakrishnan, “Review of Vehicular Ad hoc Network Communication Models including WVANET (Web VANET) Model and WVANET Future Research Directions,” Wireless Networks, Springer, vol. 22, no. 7, pp. 2369-2386, 2015.
Hsiang, H.C. and W.K. Shih, 2009a. Efficient remote mutual
authentication and key agreement with perfect forward secrecy. Inform. Technol. J., 8:366-371. DOI: 10.3923/ITJ.2009.366.371.
Aboud, S.J., 2010. Efficient password-typed key agreement scheme. Int. J. Comput. Sci., 7: 26-31.
http://www.doaj.org/doaj?func=abstract&id=495633
Berkeley, A.R.U.C., 2008. Personal knowledge questions for fallback authentication: security questions in the era of Face book. Proceedings of the 4th Symposium on Usable Privacy and Security, (SOUPS'08), ACM, New York, pp: 13-23. DOI: 10.1145/1408664.1408667.
https://hakin9.org/defeating-on-screen-or-virtual-keyboard-protection/
Meier J D, Mackman A, Dunner M, Vasireddy S. Web services security S. http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnnetsec/html/SecNetch10.asp.2002.
Powell Matt. Web services security (WS-security).
http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnglobspec/html/ws-security.asp. 2002.
Nishanth, R. Bhagavath, B. Ramakrishnan, and M. Selvi. "Improved signcryption algorithm for information security in
networks." International Journal of Computer Networks and
Applications (IJCNA) 2.3 (2015): 151-157.
Wang, Y., Wen, S., Xiang, Y., & Zhou, W. (2014). Modeling the propagation of worms in networks: A survey. IEEE Communications Surveys & Tutorials, 16(2), 942-960.
S. Staniford, V. Paxson, N. Weaver et al., “How to own the internet in your spare time.” in USENIX Security Symp., 2002, pp. 149–167.
Downloads
Published
How to Cite
Issue
Section
License
TRANSFER OF COPYRIGHT AGREEMENT
The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):
- All proprietary right other than copyright, such as patent rights
- The right to make further copies of all or part of the published article for my use in classroom teaching
- The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
- The right to make copies of the published work for internal distribution within the institution that employs me
I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.
