Alizai, Zahoor Ahmed and Tahir, Hasan and Murtaza, Malik Hamza and Tahir, Shahzaib and Mcdonald-Maier, Klaus (2019) Key-Based Cookie-Less Session Management Framework for Application Layer Security. IEEE Access, 7. pp. 128544-128554. DOI https://doi.org/10.1109/access.2019.2940331
Alizai, Zahoor Ahmed and Tahir, Hasan and Murtaza, Malik Hamza and Tahir, Shahzaib and Mcdonald-Maier, Klaus (2019) Key-Based Cookie-Less Session Management Framework for Application Layer Security. IEEE Access, 7. pp. 128544-128554. DOI https://doi.org/10.1109/access.2019.2940331
Alizai, Zahoor Ahmed and Tahir, Hasan and Murtaza, Malik Hamza and Tahir, Shahzaib and Mcdonald-Maier, Klaus (2019) Key-Based Cookie-Less Session Management Framework for Application Layer Security. IEEE Access, 7. pp. 128544-128554. DOI https://doi.org/10.1109/access.2019.2940331
Abstract
The goal of this study is to extend the guarantees provided by the secure transmission protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and apply them to the application layer. This paper proposes a comprehensive scheme that allows the unification of multiple security mechanisms, thereby removing the burden of authentication, mutual authentication, continuous authentication, and session management from the application development life-cycle. The proposed scheme will allow creation of high-level security mechanisms such as access control and group authentication on top of the extended security provisions. This scheme effectively eliminates the need for session cookies, session tokens and any similar technique currently in use. Hence reducing the attack surface and nullifying a vast group of attack vectors.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Authentication; multi-factor authentication; password-less authentication; application layer security; session management; cookies; tokens |
Divisions: | Faculty of Science and Health Faculty of Science and Health > Computer Science and Electronic Engineering, School of |
SWORD Depositor: | Unnamed user with email elements@essex.ac.uk |
Depositing User: | Unnamed user with email elements@essex.ac.uk |
Date Deposited: | 26 Mar 2020 13:09 |
Last Modified: | 30 Oct 2024 20:46 |
URI: | http://repository.essex.ac.uk/id/eprint/27166 |
Available files
Filename: 08832147.pdf
Licence: Creative Commons: Attribution 3.0