Additional Authentication Technique: An Efficient Approach to Prevent Cross-Site Request Forgery Attack

Bharti Nagpal*, Naresh Chauhan**, Nanhay Singh***
* Assistant Professor, Department of Computer Engineering, Ambedkar Institute of Advanced Communication Technology & Research (AIACT&R), Delhi, India.
*** Associate Professor, Department of Computer Engineering, Ambedkar Institute of Advanced Communication Technology & Research (AIACT&R), Delhi, India.
Periodicity:March - May'2016
DOI : https://doi.org/10.26634/jit.5.2.5999

Abstract

Cross Site Request Forgery (CSRF) attack is a one-click attack, which is very common and widely known. The CSRF attack involves exploitation of session cookies when the victim is in the active session of their account on a website. The CSRF attack allows the attacker to perform unauthorized activities, which is unknown to the user. An attack is a forged HTTP request which exploits the current session of user in the browser. The attack makes the browser act on the forged HTTP without the knowledge of the user so the most important prevention is browser-based solution. The browser-based solution cannot always work because browser allows third party websites to perform a request to trusted websites. The CSRF attack exploits the trust that a website has in the user's browser. In this paper, the authors have proposed an additional authentication technique to prevent the CSRF attack.

Keywords

CSRF Attack, Vulnerability, CSRF Types, Prevention.

How to Cite this Article?

Nagpal. B, Chauhan. N and Singh. N (2016). Additional Authentication Technique: An Efficient Approach to Prevent Cross-Site Request Forgery Attack. i-manager’s Journal on Information Technology, 5(2), 14-18. https://doi.org/10.26634/jit.5.2.5999

References

[1]. The Open Web Application Security Project (OWASP), (2010). TOP 10 2010–Main. Retrieved from https:// www.owasp.org/index.php/Top_10_2010- Main on 13 Jan 2012.
[2]. J. Grossman, (2006). CSRF, The Sleeping Giant. Retrieved from http://jeremiahgrossman.blogspot. com/2006/09/csrf-sleeping -giant.html
[3]. G. Lawton, (2007). “Web 2.0 creates security challenges”. Computer, Vol. 40, No.10, pp.13-16.
[4]. Z. Mao, N. Li and I. Molloy, (2009). “Defeating cross site request forgery attacks with browser enforced authenticity protection”. Financial Cryptography and Data Security, pp. 238-255.
[5]. D. Gollmann, (2010). “Computer security”, Wiley Interdisciplinary Reviews:Computational Statistics, Vol. 2, No. 5, pp. 544-554.
[6]. X. Lin, P. Zavarsky, R. Ruhl and D. Lindskog, (2009). “Threat modeling for CSRF attacks”. In: CSE'09 Proceedings of IEEE International Conference on Computational Science and Engineering, Vol. 3, pp. 486- 491, Vancover, BC.
[7]. Ruby on Rails. Retrieved from http://www.rubyonrails. org
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.