Web-Proxy-Based Authentication and Authorization Mechanism Against Client-Based HTTP Attacks

Web-Proxy-Based Authentication and Authorization Mechanism Against Client-Based HTTP Attacks

Mrunali Bukkawar, Mohd. Shafi Pathan
Copyright: © 2017 |Pages: 13
DOI: 10.4018/IJSE.2017010105
(Individual Articles)
No Current Special Offers


There has been a huge development in how to read a data from sensor device such as infrared (IR) device, temperature device, etc. Sensor data collection has wide issues of information security. Information security is also the current topic of discussion due to its use in application in various fields. There are number of users having different user roles with smart devices. These personnel use devices for various purposes like access the information from various devices such as wireless sensors so that a secure and efficient mutual authentication and authorization scheme is used in the smart grid network to prevent various insider and outsider attacks on information or data. Therefore, proposed work design novel approach to overcome that attack, malicious user and device by authentication and authorization. The technique of authenticate authenticates each user role dynamically using a signature based access control and verifies the identity of user together with the device. Access control mechanism not only prevents unauthorized access but also prevent misuse of data. Existing system generates shared key for each session but it generates huge overhead and not suitable for the real-world applications so in proposed system we used public key cryptography to reduce the overhead.
Article Preview


There are number of techniques used to prevent from various attacks such as web proxy attack, insider attack, outsider attack, etc. First, insider attack includes access to resource such as data and computer systems, and services inside the organization networks as they are having valid credentials. Second, the actions of insiders initiate at a trusted network, subject to thorough security checks in the same way as external actions are. For instance, there is often no internal firewall within the organization network. Third, insiders are often highly trained computer experts, who have knowledge about the internal configuration of the network. For access control, authentication and authorization of users, they use various local passwords. Several passwords allow different user to access the device for various purposes. Researchers are interested with developing security techniques in several applications (Tchepnda et al.,2009; Bouchemal et al., 2013; Jain & Asawa, 2015; Solanki et al., 2016; Sawlikar et al., 2016; Dey, & Santhi, 2016; Pandey, &Rawat, 2016; Dey, 2017; Chakraborty et al., 2017; Shelke, & Prasad, 2017).

Proposed system works to ensure different user role along with smart device taken into account for authorization and authentication to have access to the system. In the distributed environment for application or data access control is more challenging task, as security management by a single central authority might not be possible or could be more resource overhead. To define problem correctly, author use a specific user role, i.e., user, auditor, scientist, etc. Proposed scheme motivates for a mutual authentication between the user and the application server, and a dynamic authorization for each user role by computing the attribute based hash code likewise digital signature. Every user-role is assigned dynamically based on attribute-based access control using different access policy with (mode of access, department, location, access behavior, device for using system) attributes provided by each user and attributes retrieved by system diagnosing.

Defeats different outsider attacks as well as insider attacks, including man in middle attacks, replay attacks, integrity breaking, attacks by customer, known key attacks, and repudiation attacks. It also prevents insider attacks where (i) a user accesses the device with the token information of his/her friend or family member without notifying them, and (ii) a rogue device is installed by a legitimate user in the network.

The user and device authorization is maintained so that each user can perform only those actions those are allowed under the access permissions granted to that particular user. Our scheme provides a two-factor authentication. First the authentication is performed by verifying the identity of each user as well as the device in a batch with the signature verification of each device at the server. Then, a one-time password (OTP) is sent to the user’s mobile phone in order to verify and authenticate the actual user who is accessing the device. A shared secret key is generated between the user and the device for secure and efficient communication using the bilinear pairing technique.

Main goal of our proposed work is to defining user role and attribute for the smart device which can be used to access the application resource. Better system performances by ensuring user identity to use application for data communication. Access behavior authentication based on user policy. User authorization towards the application device.

Objective is to design novel architecture for user and device authentication at application layer. Multilevel user authentication for application use. Smart device encryption for information security by ensuring device. User profiling and monitoring to restrict user access for system performance and security. Proxy server authentication to reduce authentication overhead at server. Problem statement is to proxy based user action authentication and authorization for system resource accessing along with device integrity authentication. To prevent from many well-known outsider attacks as well as insider attacks. To create digital signature for device authentication.

Complete Article List

Search this Journal:
Volume 11: 2 Issues (2020)
Volume 10: 2 Issues (2019)
Volume 9: 2 Issues (2018)
Volume 8: 2 Issues (2017)
Volume 7: 2 Issues (2016)
Volume 6: 2 Issues (2015)
Volume 5: 2 Issues (2014)
Volume 4: 2 Issues (2013)
Volume 3: 2 Issues (2012)
Volume 2: 2 Issues (2011)
Volume 1: 2 Issues (2010)
View Complete Journal Contents Listing