Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Security for Web Applications Using Wiretap Library


Affiliations
1 Information Technology Department, Kamala Institute of Technology & Science, Singapur, Huzurabad, India
2 Computer Science & Engineering Department, Kamala Institute of Technology & Science, Singapur, Huzurabad, 505468, Karimnagar, Andhrapradesh, India
3 Master of Computer Applications Department, Sree Chaitanya Institute of Management & Computer Sciences, Thimmapur, Karimnagar, Andhra Pradesh, India
4 Computer Science & Engg Dept, JNTUCE, Anantapur, Andhrapradesh, India
     

   Subscribe/Renew Journal


We propose a method that provides information-theoretic security for client-server communications. An appropriate encoding scheme based on wiretap codes is used to show how a client -server architecture under active attacks can be modeled as a binary-erasure wiretap channel. The secrecy capacity of the equivalent wiretap channel is used as a metric to optimize the architecture and limit the impact of the attacks. We also provide a method to design attack-resistant client-server architectures that are resilient and secure using wiretap codes. Specifically, the objective is not only to ensure reliable communication between client and servers in the presence of disrupted nodes, but also to guarantee that a malicious attacker hacking the packet information at compromised nodes is unable to retrieve the content of the message being exchanged. In principle, standard encryption techniques could be implemented to ensure secure communication between client and servers; however, instead of using traditional cryptographic tools to encrypt information contained in the packet, the proposed approach exploits the fact that the attacker only gets parts of the packets sent by the client. we define wiretap model as a java web application security framework in order to solve web application vulnerabilities. Wiretap model extends web application’s behavior by adding security functionalities maintaining the API and the framework specification. The security functionalities include Integrity, Editable data validation, Confidentiality, Anti-CSRF token.

Keywords

Client-Server Architecture, Cross-Site Scripting, Denial of Service, Host Compromise Attacks, Distributed DoS Attack, Network Security, Parameter Tampering, Secrecy Capacity, SQL Injection, Vulnerabilities, Wiretap Channel.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 218

PDF Views: 4




  • Security for Web Applications Using Wiretap Library

Abstract Views: 218  |  PDF Views: 4

Authors

Vanitha Akinapalli
Information Technology Department, Kamala Institute of Technology & Science, Singapur, Huzurabad, India
A. Sanjeeva Raju
Computer Science & Engineering Department, Kamala Institute of Technology & Science, Singapur, Huzurabad, 505468, Karimnagar, Andhrapradesh, India
Shylaja Akinapally
Master of Computer Applications Department, Sree Chaitanya Institute of Management & Computer Sciences, Thimmapur, Karimnagar, Andhra Pradesh, India
K. Madhavi
Computer Science & Engg Dept, JNTUCE, Anantapur, Andhrapradesh, India

Abstract


We propose a method that provides information-theoretic security for client-server communications. An appropriate encoding scheme based on wiretap codes is used to show how a client -server architecture under active attacks can be modeled as a binary-erasure wiretap channel. The secrecy capacity of the equivalent wiretap channel is used as a metric to optimize the architecture and limit the impact of the attacks. We also provide a method to design attack-resistant client-server architectures that are resilient and secure using wiretap codes. Specifically, the objective is not only to ensure reliable communication between client and servers in the presence of disrupted nodes, but also to guarantee that a malicious attacker hacking the packet information at compromised nodes is unable to retrieve the content of the message being exchanged. In principle, standard encryption techniques could be implemented to ensure secure communication between client and servers; however, instead of using traditional cryptographic tools to encrypt information contained in the packet, the proposed approach exploits the fact that the attacker only gets parts of the packets sent by the client. we define wiretap model as a java web application security framework in order to solve web application vulnerabilities. Wiretap model extends web application’s behavior by adding security functionalities maintaining the API and the framework specification. The security functionalities include Integrity, Editable data validation, Confidentiality, Anti-CSRF token.

Keywords


Client-Server Architecture, Cross-Site Scripting, Denial of Service, Host Compromise Attacks, Distributed DoS Attack, Network Security, Parameter Tampering, Secrecy Capacity, SQL Injection, Vulnerabilities, Wiretap Channel.