An efficient web authentication mechanism preventing man-in-the-middle attacks in industry 4.0 supply chain

The fourth industrial revolution (Industry 4.0) is transforming the next generation of the supply chain by making it more agile and efficient compared with the traditional supply chain. However, data communication across the partners in the Industry 4.0 supply chain can be the target of a wide spectrum of attackers exploiting security breaches in the internal/external environment of the partners due to its heterogeneous and dynamic nature as well as the fact that the non-professional users in security issues usually operate their information systems. Attackers can compromise the data communication between legitimate parties in the Industry 4.0 Supply Chain, and thus, jeopardizing the delivery of services across the partners as well as the continuity of the service provision. Consequently, secure data communications across the partners in the Industry 4.0 Supply Chain are of utmost importance. Toward this direction, TLS protocol, which is the de facto standard for secure Internet communications, is employed to ensure secure communication between a user's web browser and a remote web server located in the premises of the same or another partner. However, over the last few years, there have been several serious attacks on TLS, including man-in-the-middle attacks in web applications using TLS to secure HTTP communication. Therefore, in this paper, we propose an efficient TLS-based authentication mechanism, which is resistant against MITM in web applications

Man in the Browser Attacks

In the present world, everyone uses the Internet and to access the internet they would need to use a browser. Unfortunately, the benefits of the Web are also available to hackers to exploit its weaknesses. Man-in-the-Browser (MITB) attacks are utilized through Trojan malware that infects an Internet browser. This attack is dangerous because of its ability to hide from anti-virus software and steal information from a user from the browser. MITB is able to see information within the browser since no encryption occurs in a browser. This is a serious threat to financial institutions and many other secret institutions as well. No one is safe from a MITB once it is installed because it easily bypasses the security mechanisms we all rely on. This paper explains what MITB attacks are, and how dangerous are those, and how it can be identified and how can we prevent it by discussing various preventive techniques and its effectiveness. This paper will also help to create awareness to the people about this attac

DESENVOLVIMENTO SEGURO DE APLICAÇÕES WEB

The scalability, portability, and easy access provided by the Web platform have popularized their use in the development of various applications. However, the increasing number of security incidents raises concerns about their security. One of these incidents resulted from a lack of consideration of safety during the development stages; it is common not to have techniques to mitigate and prevent security holes in the development life cycle of a software. Information security and the development of systems are integrated with the development cycle of software in this work. Thus, this study aims to demonstrate a methodology Applied to Web Application Security Development (MADS-WEB) through software security practices throughout the software lifecycle.La escalabilidad, portabilidad y fácil acceso proporcionados por la plataforma web han popularizado su uso en el desarrollo de diversas aplicaciones. Sin embargo, el creciente número de incidentes de seguridad plantea preocupaciones sobre su seguridad. Algunos de estos incidentes se derivan de la falta de consideración de seguridad durante las etapas de desarrollo, ya que es común que las técnicas no se utilicen para mitigar y prevenir fallos de seguridad en el ciclo de vida del desarrollo de software. La seguridad de la información y el desarrollo del sistema son áreas que se integran en este trabajo en el ciclo de desarrollo de software. Así, el presente trabajo tiene como objetivo demostrar una Metodología Aplicada al Desarrollo Seguro de Aplicaciones Web (MADS-WEB), mediante el uso de prácticas de seguridad de software a lo largo del ciclo de vida del software.A escalabilidade, portabilidade e fácil acesso providos pela plataforma Web têm popularizado seu uso no desenvolvimento de diversas aplicações. Porém, o crescente número de incidentes de segurança levanta preocupações quanto à sua seguridade. Uma parte destes incidentes decorre da falta de consideração de segurança durante as etapas de desenvolvimento, pois é comum que não sejam utilizadas técnicas para mitigação e prevenção de falhas de segurança no ciclo de vida de desenvolvimento de um software. A segurança da informação e o desenvolvimento de sistemas são áreas que neste trabalho estão integradas no ciclo de desenvolvimento de um software. Dessa forma, o presente trabalho tem como objetivo demonstrar uma Metodologia Aplicada ao Desenvolvimento Seguro de Aplicações Web (MADS-WEB), por meio da utilização de práticas de segurança de software ao longo do ciclo de vida do software

Dynamic hashing technique for bandwidth reduction in image transmission

Hash functions are widely used in secure communication systems by generating the message digests for detection of unauthorized changes in the files. Encrypted hashed message or digital signature is used in many applications like authentication to ensure data integrity. It is almost impossible to ensure authentic messages when sending over large bandwidth in highly accessible network especially on insecure channels. Two issues that required to be addressed are the large size of hashed message and high bandwidth. A collaborative approach between encoded hash message and steganography provides a highly secure hidden data. The aim of the research is to propose a new method for producing a dynamic and smaller encoded hash message with reduced bandwidth. The encoded hash message is embedded into an image as a stego-image to avoid additional file and consequently the bandwidth is reduced. The receiver extracts the encoded hash and dynamic hashed message from the received file at the same time. If decoding encrypted hash by public key and hashed message from the original file matches the received file, it is considered as authentic. In enhancing the robustness of the hashed message, we compressed or encoded it or performed both operations before embedding the hashed data into the image. The proposed algorithm had achieved the lowest dynamic size (1 KB) with no fix length of the original file compared to MD5, SHA-1 and SHA-2 hash algorithms. The robustness of hashed message was tested against the substitution, replacement and collision attacks to check whether or not there is any detection of the same message in the output. The results show that the probability of the existence of the same hashed message in the output is closed to 0% compared to the MD5 and SHA algorithms. Amongst the benefits of this proposed algorithm is computational efficiency, and for messages with the sizes less than 1600 bytes, the hashed file reduced the original file up to 8.51%