A Novel Approach to Prevent Session Hijacking Attack

Session hijacking is also called as cookie hijacking in which the attacker exploits a valid computer session sometimes also called a session key or session token to get an unauthorized access to user system or back-end server.so to prevent this type of attack we are creating a protocol that will prevent the attacker from gaining the access of encrypted cookie and back-end server. We are developing a Reverse proxy server (RPS) with a One Time Cookie (OTC) and generating a browser fingerprinting, IP address of system, session ID such that Reverse Proxy server handles a request using One Time Cookie (OTC) protocol to prevent adversary from capturing and injecting the session credentials also we are using Blowfish Algorithm for the encryption purpose. If any of this parameter alter than we can be easily identified the attacker.

[1]  Mostafa A. Bassiouni,et al.  Preventing session hijacking in collaborative applications with hybrid cache-supported one-way hash chains , 2014, 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[2]  Marko C. J. D. van Eekelen,et al.  Prevent Session Hijacking by Binding the Session to the Cryptographic Network Credentials , 2013, NordSec.

[3]  Wouter Joosen,et al.  SessionShield: Lightweight Protection against Session Hijacking , 2011, ESSoS.

[4]  Shadi Aljawarneh,et al.  Comprehensive study of symmetric key and asymmetric key encryption algorithms , 2017, 2017 International Conference on Engineering and Technology (ICET).

[5]  Corrado Aaron Visaggio Session management vulnerabilities in today's web , 2010, IEEE Security & Privacy.

[6]  Ravi S. Sandhu,et al.  Secure Cookies on the Web , 2000, IEEE Internet Comput..