Session Hijacking and Prevention Technique

  • Authors

    • Anuj Kumar Baitha
    • Prof. Smitha Vinod
    2018-03-11
    https://doi.org/10.14419/ijet.v7i2.6.10566
  • SSLStrip, Session Hijacking, MIMA, vulnerability.

  • Session Hijacking is an attack which is basically used to gain the unauthorized access between an authorized session connections. This is usually done to attack the social network website and banking websites in order to gain the access over the valid session as well as over the website too. These attacks are one of the commonly experienced cyber threats in today’s network. Most of the websites and networks are vulnerable from this kind of attack.  For providing the protection I have given the multiple ways to protecting from this session hijacking attack. I have especially focused on one of the major attacks in this session hijacking attack SSL Strip attack which play very vital role in this kind of attack. Sometimes this session hijacking attack is also known as the Man in the Middle attack (MIMA).In this paper, I have covered many security mechanisms to stay away and protect you and the network. This session hijacking attack is very dangers for the security perspective. Even it can steal all users’ most sensitive data. This can create a big loss for the users financially. From all these types of attack, I have proposed many mechanisms to help the users to stay away from the attack. The main objective of this paper is to give detail information of session hijacking and countermeasure from session hijacking attacks.

  • References

    1. [1]. Kamal, Parves. "State of the Art Survey on Session Hijacking." Global Journal of Computer Science and Technology 16.1 (2016).

      [2]. Alabrah, Amerah, and Mostafa Bassiouni. "Preventing session hijacking in collaborative applications with hybrid cache-supported one-way hash chains." Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2014 International Conference on. IEEE, 2014.

      [3]. Jain, Vineeta, Divya Rishi Sahu, and Deepak Singh Tomar. "Session Hijacking: Threat Analysis and Countermeasures." Int. Conf. on Futuristic Trends in Computational Analysis and Knowledge Management. 2015.

      [4]. Burgers, Willem, Roel Verdult, and Marko Van Eekelen. "Prevent session hijacking by binding the session to the cryptographic network credentials." Nordic Conference on Secure IT Systems. Springer, Berlin, Heidelberg, 2013.

      [5]. Jha, Saurabh, and Shabir Ali. "Mobile agent based architecture to prevent session hijacking attacks in IEEE 802.11 WLAN." Computer and Communication Technology (ICCCT), 2014 International Conference on. IEEE, 2014.

      [6]. Sivakorn, Suphannee, IasonasPolakis, and Angelos D. Keromytis. "The cracked cookie jar: HTTP cookie hijacking and the exposure of private information." Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 2016.

      [7]. Burgers, Willem, Roel Verdult, and Marko Van Eekelen. "Prevent session hijacking by binding the session to the cryptographic network credentials." Nordic Conference on Secure IT Systems. Springer, Berlin, Heidelberg, 2013.

      [8]. Letsoalo, Enos, and Sunday Ojo. "Survey of Media Access Control address spoofing attacks detection and prevention techniques in wireless networks." IST-Africa Week Conference, 2016. IEEE, 2016.

      [9]. CEHv8. Ethical Hacking and Counter Measures.“Session Hijacking Module 11†[Online]. Available:https://www.wiziq.com/tutorial/714466-CEHv8-Mod ule-11-SessionHijacking. [Accessed: 10-Oct-2014].

      [10]. http://searchsoftwarequality.techtarget.com/definition/session-ID

  • Downloads

  • How to Cite

    Kumar Baitha, A., & Smitha Vinod, P. (2018). Session Hijacking and Prevention Technique. International Journal of Engineering & Technology, 7(2.6), 193-198. https://doi.org/10.14419/ijet.v7i2.6.10566