External Link
https://www.sciencedirect.com/science/article/pii/S1877705812020978
BibTeX
@article{DALAI20121495, title = {A Novel Approach for Message Authentication to Prevent Parameter Tampering Attack in Web Applications}, journal = {Procedia Engineering}, volume = {38}, pages = {1495-1500}, year = {2012}, note = {INTERNATIONAL CONFERENCE ON MODELLING OPTIMIZATION AND COMPUTING}, issn = {1877-7058}, doi = {https://doi.org/10.1016/j.proeng.2012.06.184}, url = {https://www.sciencedirect.com/science/article/pii/S1877705812020978}, author = {Asish Kumar Dalai and Saroj Kumar Panigrahy and Sanjay Kumar Jena}, keywords = {Web Security, Parameter Tampering Attack, Message Authentication, Hash Function, Stream cipher}, abstract = {Business over the internet has increased rapidly. The area of internet marketing, online banking, online reservation and various online services are gaining popularity among users and also the service providers. The advancement in internet technologies is providing rich interface and user-friendly services. At the same time it attracts the attackers to try their hands to exploit the vulnerabilities that present in the application. The Web Parameter Tampering attack is such a vulnerability which can be easily exploited by using some tools like Tamper Data, Webscarab, Paros Proxy and Burp Suite etc. Web parameter tampering attack is based on the modification of parameters exchanged between client and server in order to manipulate application data, such as, order details like price, quantity of products, user credentials and permissions etc., i.e., sent to the application through a POST request. Usually, this information is stored in cookies, hidden form fields and or URL Query Strings, and is used to increase application functionality and control. Many security protocols are there like SSL, TLS for providing security services like integrity and authentication. But they don’t provide any counter measure for preventing parameter tampering attacks. Hence a noble approach has been proposed to prevent the parameter tampering attack in web applications. The focus of the work is to implement a fast and secured hash algorithm MACJER-320 to generate the hash for these parameters to ensure their authentication. The performance evaluation has been done by practically implementing the hash algorithm showing improved performance.} }