Research Repository

Key-Based Cookie-Less Session Management Framework for Application Layer Security

Alizai, Zahoor Ahmed and Tahir, Hasan and Murtaza, Malik Hamza and Tahir, Shahzaib and Mcdonald-Maier, Klaus (2019) 'Key-Based Cookie-Less Session Management Framework for Application Layer Security.' IEEE Access, 7. 128544 - 128554. ISSN 2169-3536

[img]
Preview
Text
08832147.pdf - Published Version
Available under License Creative Commons Attribution.

Download (4MB) | Preview

Abstract

The goal of this study is to extend the guarantees provided by the secure transmission protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and apply them to the application layer. This paper proposes a comprehensive scheme that allows the unification of multiple security mechanisms, thereby removing the burden of authentication, mutual authentication, continuous authentication, and session management from the application development life-cycle. The proposed scheme will allow creation of high-level security mechanisms such as access control and group authentication on top of the extended security provisions. This scheme effectively eliminates the need for session cookies, session tokens and any similar technique currently in use. Hence reducing the attack surface and nullifying a vast group of attack vectors.

Item Type: Article
Divisions: Faculty of Science and Health > Computer Science and Electronic Engineering, School of
Depositing User: Elements
Date Deposited: 26 Mar 2020 13:09
Last Modified: 26 Mar 2020 13:09
URI: http://repository.essex.ac.uk/id/eprint/27166

Actions (login required)

View Item View Item