General method for HTTP Messages authentication based on hash functions in Web applications
HTTP messages authentication method for web applications is offered. The method can protect web application against attack based on authentication and authorization weaknesses. It is showed how HTTP authentication can be expressed in the terms of the attribute based access control model (ABAC). Implementation of the ABAC access control decision mechanism can use an authentication cryptographic protocol.
Download file
Counter downloads: 289
Keywords
криптографические протоколы, аутентификация сообщений, веб-приложения, ABAC, cryptographic protocols, message authentication, web applicationsAuthors
| Name | Organization | |
| Kolegov D. N. | d.n.kolegov@gmail.com |
References
Черемушкин А. В. Криптографические протоколы. Основные свойства и уязвимости: учеб. пособие для студ. учреждений высш. проф. образования. М.: Издательский центр «Академия», 2009. 272 с.
Reducing web application attack surface. http://blog.spiderlabs.com/2012/07/ reducing-web-apps-attack-surface.html
Signing and Authenticating REST Requests. http://docs.aws.amazon.com/AmazonS3/ latest/dev/RESTAuthentication.html
Facebook developers reference. https://developers.facebook.com/docs/reference/php/ facebook-getSignedRequest
Barth A., Jackson C., and Mitchell J. Robust defences for cross-site request forgery // Proc. 15th ACM Conf. on Computer and Communications Security. ACM Press, 2008. P. 75-87.
ModSecurity Advanced Topic of the Week: HMAC Token Protection. http://blog. spiderlabs.com/2014/01/modsecurity-advanced-topic-of-the-week-hmac-token-pro-tection.html
Understanding ASP.NET View State. http://msdn.microsoft.com/library/ms972976.aspx
NIST 800-162. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp. 800-162.pdf
