Improving Web Application Security by Virtual Password Authentication
Article Sidebar
Main Article Content
Abstract
Developing web application that handles valuable information requires an authentication using user identifications (IDs) to control the system access. An ID may contain a username and password. One of the security issues that often occur is that the ID can be stolen by a malicious user for abusive purposes which negatively causes damage to the ID owner. Today, there are many techniques and methods presented to prevent the theft. One of them is to use virtual password. The researcher has proposed a new strategy to enhance system security using the principle of virtual password by creating a virtual character set to randomly matches the real character set and then the output is sent to the server for system-access right verification. The researcher tested the proposed strategy by developing a PHP-language system and analyzed the system security. The finding revealed that the system was secure and was able to prevent itself from various threats i.e. sniffing, phishing, key-logger, and shoulder-surfing. Finally, system performance of the proposed strategy was evaluated and compared against the traditional system. The comparison indicated that the proposed strategy was suitable for use on small to medium systems.
Article Details
Article Accepting Policy
The editorial board of Thai-Nichi Institute of Technology is pleased to receive articles from lecturers and experts in the fields of business administration, languages, engineering and technology written in Thai or English. The academic work submitted for publication must not be published in any other publication before and must not be under consideration of other journal submissions. Therefore, those interested in participating in the dissemination of work and knowledge can submit their article to the editorial board for further submission to the screening committee to consider publishing in the journal. The articles that can be published include solely research articles. Interested persons can prepare their articles by reviewing recommendations for article authors.
Copyright infringement is solely the responsibility of the author(s) of the article. Articles that have been published must be screened and reviewed for quality from qualified experts approved by the editorial board.
The text that appears within each article published in this research journal is a personal opinion of each author, nothing related to Thai-Nichi Institute of Technology, and other faculty members in the institution in any way. Responsibilities and accuracy for the content of each article are owned by each author. If there is any mistake, each author will be responsible for his/her own article(s).
The editorial board reserves the right not to bring any content, views or comments of articles in the Journal of Thai-Nichi Institute of Technology to publish before receiving permission from the authorized author(s) in writing. The published work is the copyright of the Journal of Thai-Nichi Institute of Technology.
References
“Packet analyzer,” Wikipedia, [Online]. Available: https://en. wikipedia.org/wiki/Packet_analyzer. [Accessed: 15-Sep-2017].
“Wireshark Go Deep,” [Online]. Available: https://www. wireshark.org/. [Accessed: 15-Sep-2017].
“Man-in-the-middle attack – OWASP,” [Online]. Available: https://www.owasp.org/index.php/Man-in-the-middle_attack. [Accessed: 20-Sep-2017].
“Phishing – OWASP,” [Online]. Available: https://www. owasp.org/index.php/Phishing. [Accessed: 25-Sep-2017].
O. Zaitsev, “Skeleton keys: the purpose and applications of key loggers,” Network Security, vol. 2010, no. 10, pp. 12–17, Oct. 2010.
“Shoulder surfing (computer security),” Wikipedia. [Online]. Available: https://en.wikipedia.org/wiki/Shoulder_surfing_(computer_security). [Accessed: 15-Jun-2017].
S. Harris, CISSP All-in-One Exam Guide, 6th ed. New York: McGraw-Hill Education, 2012.
X. Gao and P. Hu, “Dynamic Password Authentication System and Method thereof,” US20070186115A1, 09-Aug-2007.
E. Rescorla, “HTTP Over TLS,” [Online]. Available: https://tools.ietf.org/html/rfc2818. [Accessed: 15-Jun-2017].
“Session Management Cheat Sheet – OWASP,” [Online]. Available: https://www.owasp.org/index.php/Session_ Management_Cheat_Sheet. [Accessed: 17-Sep-2017].
Lei M, Xaio Y, Vrbsky S V, and Li C C, “Virtual Password Using Random Linear Function for Online Service,” Computer Communications, vol. 31, no. 18, pp. 4367–4375, Dec. 2008.
“Apache JMeter - Apache JMeterTM,” [Online]. Available: https://jmeter.apache.org/. [Accessed: 14-Oct-2017].
S. Kanagaraj, S. M. Javith Ibram, K. D. Madhan, and D. Rajkumar, “Differentiated virtual passwords for protecting users from password theft,” International Journal of Engineering Research and Science & Technology, vol. 2, no. 2, pp. 94–100, May 2013.
R. Balaji and V. Roopak, “DPASS - Dynamic password authentication and security system using grid analysis,” in 3rd International Conference on Electronics Computer Technology, 2011, vol. 2, pp. 250–253.
D. Pansa, T. Chomsiri, “Dynamic Password Authentication: Designing step and security analysis,” in 7th International Conference on Computing and Convergence Technology, 2012, pp. 518–523.
S. Prabhu and V. Shah, “Authentication Using Session Based Passwords,” Procedia Computer Science, vol. 45, pp. 460–464, Jan. 2015.
N. R. Rekha, Y. V. S. Rao, K. V. S. S. R. Sarma, “Enhanced Key Life in Online Authentication Systems Using Virtual Password”, Eighth International Conference on Information Technology: New Generations (ITNG), 2011, pp. 366–369.
M. Lei, Y. Xiao, S. V. Vrbsky, C. C. Li, and L. Liu, “A Virtual Password Scheme to Protect Passwords,” in 2008 IEEE International Conference on Communications, 2008, pp. 1536–1540.
Kamthorn Sarawan and Sarayut Kornwirat, “Dynamic Password using Session Technique for Web Application,” in 7th National Conference on Information Technology, 2015, pp.259–264.