Browsing by Author "Shashidhara"

Filter results by typing the first few letters
Now showing 1 - 7 of 7
  • No Thumbnail Available
    Item
    A secure and lightweight authentication scheme for roaming service in global mobile networks
    (Elsevier Ltd, 2018) Madhusudhan, R.; Shashidhara
    Global Mobile Network provides global roaming service to the users moving from one network to another. It is essential to authenticate and protect the privacy of roaming users. Recently, Marimuthu and Saravanan proposed a secure authentication scheme for roaming service in mobile networks. This scheme can protect user anonymity, untraceability, and is believed to have many abilities to resist a range of attacks in global mobile networks. In this paper, we analyse the security strength of their scheme and show that the authentication protocol is in fact insecure against insider attack, stolen-verifier attack, impersonation attack, denial-of-service attack, synchronization problem, lack of user anonymity and operational inefficiencies. Hence, we propose a secure and lightweight authentication scheme for Global Mobile Networks. In addition, the proposed scheme requires few message exchanges between the entities such as MU (Mobile User), FA (Foreign Agent) and HA (Home Agent). The scheme ensures both communication and computation efficiency as compared to the well-known authentication schemes. The performance analysis shows that the proposed authentication scheme is well suited for resource limited wireless and mobile environments. © 2017 Elsevier Ltd
  • No Thumbnail Available
    Item
    An efficient and secure authentication scheme with user anonymity for roaming service in global mobile networks
    (Association for Computing Machinery acmhelp@acm.org, 2016) Madhusudhan, R.; Shashidhara
    In global mobile network, it is essential to authenticate mobile users and provide secure communication between a user, foreign agent and the home agent using session key. Designing a secure and efficient authentication protocol for roaming users in mobile network is a challenging. The authors wen et al. analyzed Jiang et al. authentication scheme recently and proved that the scheme cannot resist with replay attack and stolen-verifier attack. Later, they come up with a smart card based authentication scheme for roaming service. The Wen et al.'s scheme protects anonymity of the user and is believed to have many abilities to resist a various kind of cryptographic attacks. However, through careful analysis, we find that Wen et al.'s scheme is vulnerable to bit flipping attack, impersonation (forgery attacks), insider attack, denial-of-service attack, unfair key agreement and cannot provide user's anonymity. To remedy these weaknesses and to achieve low communication and computation costs, we proposed an efficient secure authentication scheme for roaming users in global mobile networks. The performance analysis shows that the proposed authentication protocol is simple and secure. © 2016 ACM.
  • No Thumbnail Available
    Item
    Cross Channel Scripting (XCS) Attacks in Web Applications: Detection and Mitigation Approaches
    (2019) Madhusudhan, R.; Shashidhara
    XCS (Cross Channel Scripting) is a dangerous web application vulnerability, in which injection of the malicious code and attack execution is performed through network protocols. This vulnerability is the variant and sophistication concept of XSS (Cross-Site Scripting). We disclose a range of XCS attacks on embedded servers, which make use of electronic devices such as photo frames, cameras, wireless routers and wireless access points. All these devices have web interfaces, which permits an admin to perform various tasks on the device that is connecting from a web browser to the web server. An attack execution is carried by inserting malevolent code in the device, which is executed in the context of a legitimate user when he/she opens the page containing injected malicious code. This malevolent code can be inserted in the device through non web channels like SNMP (Simple Network Management Protocol), FTP (File Transfer Protocol) or NFS (Network File System). Unfortunately, the injected malicious code can fully compromise the security of devices, which are embedded in web servers. In this paper, a comprehensive analysis of the XCS exploitation and mitigation techniques have been presented. � 2018 IEEE.
  • No Thumbnail Available
    Item
    Cross Channel Scripting (XCS) Attacks in Web Applications: Detection and Mitigation Approaches
    (Institute of Electrical and Electronics Engineers Inc., 2019) Madhusudhan, R.; Shashidhara
    XCS (Cross Channel Scripting) is a dangerous web application vulnerability, in which injection of the malicious code and attack execution is performed through network protocols. This vulnerability is the variant and sophistication concept of XSS (Cross-Site Scripting). We disclose a range of XCS attacks on embedded servers, which make use of electronic devices such as photo frames, cameras, wireless routers and wireless access points. All these devices have web interfaces, which permits an admin to perform various tasks on the device that is connecting from a web browser to the web server. An attack execution is carried by inserting malevolent code in the device, which is executed in the context of a legitimate user when he/she opens the page containing injected malicious code. This malevolent code can be inserted in the device through non web channels like SNMP (Simple Network Management Protocol), FTP (File Transfer Protocol) or NFS (Network File System). Unfortunately, the injected malicious code can fully compromise the security of devices, which are embedded in web servers. In this paper, a comprehensive analysis of the XCS exploitation and mitigation techniques have been presented. © 2018 IEEE.
  • No Thumbnail Available
    Item
    An efficient and secure authentication scheme with user anonymity for roaming service in global mobile networks
    (2016) Madhusudhan, R.; Shashidhara
    In global mobile network, it is essential to authenticate mobile users and provide secure communication between a user, foreign agent and the home agent using session key. Designing a secure and efficient authentication protocol for roaming users in mobile network is a challenging. The authors wen et al. analyzed Jiang et al. authentication scheme recently and proved that the scheme cannot resist with replay attack and stolen-verifier attack. Later, they come up with a smart card based authentication scheme for roaming service. The Wen et al.'s scheme protects anonymity of the user and is believed to have many abilities to resist a various kind of cryptographic attacks. However, through careful analysis, we find that Wen et al.'s scheme is vulnerable to bit flipping attack, impersonation (forgery attacks), insider attack, denial-of-service attack, unfair key agreement and cannot provide user's anonymity. To remedy these weaknesses and to achieve low communication and computation costs, we proposed an efficient secure authentication scheme for roaming users in global mobile networks. The performance analysis shows that the proposed authentication protocol is simple and secure. � 2016 ACM.
  • No Thumbnail Available
    Item
    Mitigation of cross-site scripting attacks in mobile cloud environments
    (2019) Madhusudhan, R.; Shashidhara
    Cross-Site Scripting (XSS) is one of the dangerous and topmost web attacks as stated by recent surveys. XSS vulnerability arises, when an application deployed in a cloud, accept information from uncertain origin without an input validation, allowing the execution of dynamic content. XSS vulnerabilities may cause serious security violations in web and mobile cloud-based applications. In general, Cross-Site Scripting bugs are very easy to accomplish, but hard to discover and mitigate, because of the flexibility of encoding schemes like HTML encoding, which offers the adversary numerous chances to bypass the filters that should block dangerous content from being inserted into relied websites. In order to mitigate XSS vulnerability of a web application in the mobile cloud, a novel approach is presented, which successfully identifies the JavaScript-driven XSS attacks. In addition, we focus on, initiating a client-side Cross-Site Scripting attack discovery and mitigation technique known as Secure XSS layer based on the placement of sanitizers in the inserted malicious code. � Springer Nature Singapore Pte Ltd. 2019.
  • No Thumbnail Available
    Item
    Mitigation of cross-site scripting attacks in mobile cloud environments
    (Springer Verlag service@springer.de, 2019) Madhusudhan, R.; Shashidhara
    Cross-Site Scripting (XSS) is one of the dangerous and topmost web attacks as stated by recent surveys. XSS vulnerability arises, when an application deployed in a cloud, accept information from uncertain origin without an input validation, allowing the execution of dynamic content. XSS vulnerabilities may cause serious security violations in web and mobile cloud-based applications. In general, Cross-Site Scripting bugs are very easy to accomplish, but hard to discover and mitigate, because of the flexibility of encoding schemes like HTML encoding, which offers the adversary numerous chances to bypass the filters that should block dangerous content from being inserted into relied websites. In order to mitigate XSS vulnerability of a web application in the mobile cloud, a novel approach is presented, which successfully identifies the JavaScript-driven XSS attacks. In addition, we focus on, initiating a client-side Cross-Site Scripting attack discovery and mitigation technique known as Secure XSS layer based on the placement of sanitizers in the inserted malicious code. © Springer Nature Singapore Pte Ltd. 2019.