A novel client-based approach for signing and checking web forms by using XML against DoS attacks
Authors: 
Kaziim Sarikaya, Duygu Sarikaya, Tamer N. Jarada, Shang Gao, Tansel Özyer, Reda AlhajjAuthors Info & Claims
Kaziim Sarikaya, Duygu Sarikaya, Tamer N. Jarada, Shang Gao, Tansel Özyer, Reda AlhajjAuthors Info & ClaimsPages 202 - 209
Abstract
In parallel to rapid growth of internet technologies, security becomes more critical in various real life applications such as e-finance, e-health, and e-government. These applications strictly require data authentication mechanisms. To address this essential issue, we grasp the idea of client based authenticity for interactive web technologies. We proposed a novel client based web form signing and checking with XML data structure method. Our method specifically uses XML structure for the involvement of data exchange between web applications. Our method curbs the DoS (Denial of Service) attacks for protection of the server. In order to illustrate our ideas, we adapted our digital signature mechanism on health related forms with two commonly used web browsers.
References
[1]
Stephen de Vries, 03-03-04 "A Corsaire White Paper: Application Level DoS Attacks", v0.4.doc, V1.0 Released, 1 April 2004 (research.corsaire.com/whitepapers/040405-application-level-dos-attacks.pdf)
[2]
Ari Juels and John Brainard, "Client Puzzles: A Cryptographic Defense Against Connection Depletion". Proceedings of 5th Network and Distributed Systems Security Symposium, 1999.
[3]
Drew Dean and Adam Stubblefield, "Using Client Puzzles to Protect TLS". Proceedings of the 10th USENIX Security Symposium, 2001.
[4]
Brent Waters, Ari Juels, J. Alex Halderman, Edward W. Felten, "New client puzzle outsourcing techniques for DoS resistance". Proceedings of ACM Conference on Computer and Communications Security, 2004.
[5]
Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification, (can be downloadable from http://www.ietf.org/rfc/rfc3851.txt)
[6]
Davis don, Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML Source, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, pp. 65--78, 2002.
[7]
OpenSSL Library, Available at http://www.openssl.org.
[8]
Kemal Bicakci and Bruno Crispo and Andrew S. Tanenbaum, "Reverse SSL: Improved Server Performance and DoS Resistance for SSL Handshakes", Cryptology ePrint Archive, Report 2006/212.
[9]
http://www.w3.org/XML/
[10]
Mikko Honkala and Petri Vuorimaa, "Secure Web Forms with Client-Side Signatures", Proceedings of the Fifth International Conference on Web Engineering (ICWE2005), Sydney, Australia, pp. 340--347, July 2005.
[11]
Michael J. Ganley, "Digital Signatures", Information Security Technical Report, Vol. 2, No. 4 (1998) 12--22.
[12]
OpenSSL: Open source toolkit for ssl and tls (can be downloadable from: http://www.openssl.org/)
[13]
http://www.nova.edu/smc/forms/Medicare_Secondary_Payer_Form.pdf
[14]
http://www.imaginghss.org/forms/MRI\%20PatientRegistrationForm.pdf
[15]
http://www.emoryhealthcare.org/departments/ortho/pdf/BRADBURYNPF.PDF
[16]
http://www.imaginghss.org/pdfs/Daily\%20Pain\%20Log\%20\%20FINAL.pdf
[17]
Andreas Ekelhart, Stefan Fenz, Gernot Goluch, Markus Steinkellner, and Edgar Weippl. "XML security - A comparative literature review." Journal of Systems and Software 81:1715--1724, October 2008.
[18]
Mart?n Abadi and Bogdan Warinschi. "Security analysis of cryptographically controlled access to XML documents." Journal of the ACM, 55:1--29, 2008.
[19]
Gwan-Hwan Hwang and Tao-Ku Chang. "An operational model and language support for securing XML documents," Computers & Security, 23:498--529, 2004.
[20]
Bhavani Thuraisingham. "Security standards for the semantic web," Computer Standards & Interfaces, 27:257--268, 2005.
[21]
Elisa Bertino, Silvana Castano, Elena Ferrari and Marco Mesiti. "Protection and administration of XML data sources," Data & Knowledge Engineering, 43:237--260, 2002.
[22]
E. Kleiner and A. W. Roscoe. "On the Relationship Between Web Services Security and Traditional Protocols," Electronic Notes in Theoretical Computer Science, 155:583--603, 2006.
[23]
Barbara Carminati, Elena Ferrari, Patrick C. K. Hung. "Security Conscious Web Service Composition," Proceedings of International Conference on Web Services. ICWS '06., pp. 489--496, 2006.
[24]
Makoto Murata, Akihiko Tozawa, Michiharu Kudo, and Satoshi Hada. "XML access control using static analysis." ACM Transaction on Information Systems Security, 9:292--324, 2006.
[25]
Félix G. M?rmol and Gregorio M. Pérez. "Security threats scenarios in trust and reputation models for distributed systems." Computers & Security, 28:545--556, October 2009.
Index Terms
- A novel client-based approach for signing and checking web forms by using XML against DoS attacks
Index terms have been assigned to the content through auto-classification.
Recommendations
A Client Puzzle Based Defense Mechanism to Resist DoS Attacks in WLAN
IFITA '10: Proceedings of the 2010 International Forum on Information Technology and Applications - Volume 03Wireless networking technologies based on the IEEE802.11 series of standards fail to authenticate management frames and network card addresses and suffer from serious vulnerabilities that may lead to denial of service attacks, this paper proposes a ...
XML undeniable signatures
CIMCA '05: Proceedings of the International Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce Vol-1 (CIMCA-IAWTIC'06) - Volume 01Extensible Markup Language (XML) has become an important universal language for the Internet-based business world. An XML document can be generated from various resources with varying security requirements. In order to ensure the integrity of the ...
Expressiveness Considerations of XML Signatures
COMPSACW '11: Proceedings of the 2011 IEEE 35th Annual Computer Software and Applications Conference WorkshopsXML Signatures are used to protect XML-based Web Service communication against a broad range of attacks related to man-in-the-middle scenarios. However, due to the complexity of the Web Services specification landscape, the task of applying XML ...
Comments
Information & Contributors
Information
Published In
November 2010
895 pages
ISBN:9781450304214
DOI:10.1145/1967486
- General Chair:
- Eric Pardede,
- Program Chairs:
- David Taniar,
- Eric Pardede
Copyright © 2010 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- IIWAS: International Organization for Information Integration
- Web-b: Web-b
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 November 2010
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
iiWAS '10
Sponsor:
- IIWAS
- Web-b
iiWAS '10: 12th International Conference on Information Integration and Web-based Applications & Services
November 8 - 10, 2010
Paris, France
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 141Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 01 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in