Research Repository

Key-Based Cookie-Less Session Management Framework for Application Layer Security

Alizai, Zahoor Ahmed and Tahir, Hasan and Murtaza, Malik Hamza and Tahir, Shahzaib and Mcdonald-Maier, Klaus (2019) 'Key-Based Cookie-Less Session Management Framework for Application Layer Security.' IEEE Access, 7. pp. 128544-128554. ISSN 2169-3536

08832147.pdf - Published Version
Available under License Creative Commons Attribution.

Download (4MB) | Preview


The goal of this study is to extend the guarantees provided by the secure transmission protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and apply them to the application layer. This paper proposes a comprehensive scheme that allows the unification of multiple security mechanisms, thereby removing the burden of authentication, mutual authentication, continuous authentication, and session management from the application development life-cycle. The proposed scheme will allow creation of high-level security mechanisms such as access control and group authentication on top of the extended security provisions. This scheme effectively eliminates the need for session cookies, session tokens and any similar technique currently in use. Hence reducing the attack surface and nullifying a vast group of attack vectors.

Item Type: Article
Uncontrolled Keywords: Authentication; multi-factor authentication; password-less authentication; application layer security; session management; cookies; tokens
Divisions: Faculty of Science and Health
Faculty of Science and Health > Computer Science and Electronic Engineering, School of
SWORD Depositor: Elements
Depositing User: Elements
Date Deposited: 26 Mar 2020 13:09
Last Modified: 15 Jan 2022 01:30

Actions (login required)

View Item View Item