IEEE Access (Jan 2019)

Key-Based Cookie-Less Session Management Framework for Application Layer Security

  • Zahoor Ahmed Alizai,
  • Hasan Tahir,
  • Malik Hamza Murtaza,
  • Shahzaib Tahir,
  • Klaus Mcdonald-Maier

DOI
https://doi.org/10.1109/ACCESS.2019.2940331
Journal volume & issue
Vol. 7
pp. 128544 – 128554

Abstract

Read online

The goal of this study is to extend the guarantees provided by the secure transmission protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and apply them to the application layer. This paper proposes a comprehensive scheme that allows the unification of multiple security mechanisms, thereby removing the burden of authentication, mutual authentication, continuous authentication, and session management from the application development life-cycle. The proposed scheme will allow creation of high-level security mechanisms such as access control and group authentication on top of the extended security provisions. This scheme effectively eliminates the need for session cookies, session tokens and any similar technique currently in use. Hence reducing the attack surface and nullifying a vast group of attack vectors.

Keywords