General method for HTTP messages authentication based on hash functions in web applications

D. N. Kolegov

Geodesic

Parcourir par

General method for HTTP messages authentication based on hash functions in web applications

D. N. Kolegov

Prikladnaya Diskretnaya Matematika. Supplement, no. 7 (2014), pp. 85-89.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

HTTP messages authentication method for web applications is offered. The method can protect web application against attack based on authentication and authorization weaknesses. It is showed how HTTP authentication can be expressed in the terms of the attribute based access control model (ABAC). Implementation of the ABAC access control decision mechanism can use an authentication cryptographic protocol.

Keywords: ABAC, cryptographic protocols, message authentication
Mots-clés : web applications.

@article{PDMA_2014_7_a37,
     author = {D. N. Kolegov},
     title = {General method for {HTTP} messages authentication based on hash functions in web applications},
     journal = {Prikladnaya Diskretnaya Matematika. Supplement},
     pages = {85--89},
     publisher = {mathdoc},
     number = {7},
     year = {2014},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDMA_2014_7_a37/}
}

TY  - JOUR
AU  - D. N. Kolegov
TI  - General method for HTTP messages authentication based on hash functions in web applications
JO  - Prikladnaya Diskretnaya Matematika. Supplement
PY  - 2014
SP  - 85
EP  - 89
IS  - 7
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDMA_2014_7_a37/
LA  - ru
ID  - PDMA_2014_7_a37
ER  -

%0 Journal Article
%A D. N. Kolegov
%T General method for HTTP messages authentication based on hash functions in web applications
%J Prikladnaya Diskretnaya Matematika. Supplement
%D 2014
%P 85-89
%N 7
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDMA_2014_7_a37/
%G ru
%F PDMA_2014_7_a37

D. N. Kolegov. General method for HTTP messages authentication based on hash functions in web applications. Prikladnaya Diskretnaya Matematika. Supplement, no. 7 (2014), pp. 85-89. http://geodesic.mathdoc.fr/item/PDMA_2014_7_a37/

Bibliographie
Cité par

[1] Cheremushkin A. V., Kriptograficheskie protokoly. Osnovnye svoistva i uyazvimosti, Ucheb. posobie dlya stud. uchrezhdenii vyssh. prof. obrazovaniya, Izdatelskii tsentr “Akademiya”, M., 2009, 272 pp.

[2] Reducing web application attack surface, http://blog.spiderlabs.com/2012/07/reducing-web-apps-attack-surface.html

[3] Signing and Authenticating REST Requests, http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html

[4] Facebook developers reference, https://developers.facebook.com/docs/reference/php/facebook-getSignedRequest

[5] Barth A., Jackson C., Mitchell J., “Robust defences for cross-site request forgery”, Proc. 15th ACM Conf. on Computer and Communications Security, ACM Press, 2008, 75–87

[6] ModSecurity Advanced Topic of the Week: HMAC Token Protection, http://blog.spiderlabs.com/2014/01/modsecurity-advanced-topic-of-the-week-hmac-token-protection.html

[7] Understanding ASP.NET View State, http://msdn.microsoft.com/library/ms972976.aspx

[8] NIST 800-162. Guide to Attribute Based Access Control (ABAC) Definition and Considerations, http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf