Advertisement

An Efficient RC4 Based Secure Content Sniffing for Web Browsers Supporting Text and Image Files

  • Shweta Pandey
  • Abhishek Singh Chauhan
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 28)

Abstract

The communication in today’s scenario is mostly rely on web, it will be increases day by day means the dependency of the users for communication is increases on web browsers. So thinking about security during data communication like text and image files will be legitimate. There are several research work are in progress in this direction. In this paper we present an efficient RC4 based secure content sniffing for web browsers which supporting textual files(word, pdf, text), web files(.jsp,.php.html) and image files also. In our proposed work we send the text data and image files by applying RC4 encryption algorithm. Data is then partition in several parts for reducing the file overhead and then the data will be sending with the extra bit of 0 and 1 for identifying the attack. Means our work will secure the encryption mechanism from the traditional file including wide variety of file formats. The effectiveness of our approach is shown by the results.

Keywords

Content Sniffing RC4 Encryption Web Browsers 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Cisco Systems, Cisco Visual Networking Index: Forecast and Methodology, 2011-2016. Cisco White Paper (2012)Google Scholar
  2. 2.
    Ahlgren, B., Dannewitz, C., Imbrenda, C., Kutscher, D., Ohlman, B.: A survey of in-formation-centric networking. IEEE Communications Magazine 50(7), 26–36 (2012)CrossRefGoogle Scholar
  3. 3.
    Jacobson, V., Smetters, D.K., Thornton, J.D., Plass, M.F., Briggs, N.H., Braynard, R.L.: Networking named content. In: ACM 9th Internation Conference on Emerging Networking Experiments and Technologies, CoNEXT (2009)Google Scholar
  4. 4.
    Barth, A., Caballero, J., Song, D.: Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves. In: Proceedings of IEEE Security & Privacy, pp. 360–371 (2009)Google Scholar
  5. 5.
    Gebre, M.T., Lhee, K.-S., Hong, M.: A Robust Defense Against Content sniffing XSS Attacks. In: Proceedings of 6th International Conference on Digital Content, Multimedia Technology and its Applications, pp. 315–320 (2010)Google Scholar
  6. 6.
    Multipurpose Internet Mail Extensions (MIME), http://www.ietf.org/rfc/rfc2046.txt?number=2046
  7. 7.
    Cross Site Scripting, http://www.owasp.org
  8. 8.
    Shahriar, H., Zulkernine, M., PhishTester, M.: Automatic Testing of Phishing Attacks. In: Proceedings of the SSIRI, pp. 198–207 (2010)Google Scholar
  9. 9.
    Shahriar, H., Zulkernine, M.: Client-Side Detection of Cross-Site Request Forgery Attacks. In: Proceedings of ISSRE, pp. 358–367 (2010)Google Scholar
  10. 10.
    Wassermann, G., Su, Z.: Static detection of cross-site scripting vulnerabilities. In: ICSE International Conference on Software Engineering, pp. 171–180 (2008)Google Scholar
  11. 11.
    Shahriar, H., Zulkernine, M.: MUTEC: Mutation-based Testing of Cross Site Scripting. In: Proceedings of the 5th ICSE Workshop SESS, pp. 47–53 (2009)Google Scholar
  12. 12.
    Paros - Web application security assessment, http://www.parosproxy.org/index.shtml (accessed)
  13. 13.
    Open Source Vulnerability Database, http://osvdb.org
  14. 14.
    Shahriar, H., Zulkernine, M.: Mitigation of Program Security Vulnerabilities: Ap-proaches and Challenges. ACM Computing Surveys (CSUR) 44(3) (2012)Google Scholar
  15. 15.
    Shahriar, H., Zulkernine, M.: Taxonomy and Classification of Automatic Monitoring of Program Security Vulnerability Exploitations. Journal of Systems and Software 84(2), 250–269 (2011)CrossRefGoogle Scholar
  16. 16.
    Zhang, P., Helvik, B.E.: Modeling and Analysis of P2P Content Distribution under Coordinated Attack Strategies. In: 7th IEEE International Workshop on Digital Rights Management Impact on Consumer Communications (2011)Google Scholar
  17. 17.
    Barua, A., Shahriar, H., Zulkernine, M.: Server Side Detection of Content Sniffing Attacks. In: 2011 22nd IEEE International Symposium on Software Reliability Engineering (2011)Google Scholar
  18. 18.
    Dubey, A.K., Dubey, A.K., Namdev, M., Shrivastava, S.S.: Cloud-user security based on RSA and MD5 algorithm for resource attestation and sharing in java environment. In: 2012 CSI Sixth International Conference on Software Engineering (CONSEG) (2012)Google Scholar
  19. 19.
    Dubey, A.K., Dubey, A.K., Agarwal, V., Khandagre, Y.: Knowledge discovery with a subset-superset approach for Mining Heterogeneous Data with dynamic support. In: 2012 CSI Sixth International Conference on Software Engineering (CONSEG) (2012)Google Scholar
  20. 20.
    Wardman, B., Stallings, T., Warner, G., Skjellum, A.: High-Performance Content-Based Phishing Attack Detection. In: eCrime Researchers Summit (eCrime) (2011)Google Scholar
  21. 21.
    Qurashi, U.S., Anwar, Z.: AJAX Based Attacks: Exploiting Web 2.0. In: International Conference on Emerging Technologies (2012)Google Scholar
  22. 22.
    Qadri, S.I.A., Pandey, K.: Tag Based Client Side Detection of Content Sniffing Attacks with File Encryption and File Splitter Technique. International Journal of Advanced Computer Research (IJACR) 2(3), 5 (2012)Google Scholar
  23. 23.
    Dubey, A., Gupta, R., Chandel, G.S.: An Efficient Partition Technique to reduce the Attack Detection Time with Web based Text and PDF files. International Journal of Advanced Computer Research (IJACR) 3(1), 9 (2013)Google Scholar
  24. 24.
    Thakur, B.S., Chaudhary, S.: Content Sniffing Attack Detection in Client and Server Side: A Survey. International Journal of Advanced Computer Research (IJACR) 3(2), 10 (2013)Google Scholar
  25. 25.
    Gupta, S.: Secure and Automated Communication in Client and Server Environment. International Journal of Advanced Computer Research (IJACR) 3(4), 13 (2013)Google Scholar
  26. 26.
    Choi, S., Kim, K., Kim, S., Roh, B.-H.: Threat of DoS by Interest Flooding Attack in Content-Centric Networking. In: International Conference on Information Networking (ICOIN), pp. 315–319 (2013)Google Scholar
  27. 27.
    Le, V.L., Welch, I., Gao, X., Komisarczuk, P.: Anatomy of Drive-by Download Attack. In: Proceedings of the Eleventh Australasian Information Security Conference (AISC) (2013)Google Scholar
  28. 28.
    Kumar, S., Patel, B.B.: Java Based Resource Sharing with Secure Transaction in User Cloud Environment. International Journal of Advanced Computer Research (IJACR) 2(3), 5 (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Shweta Pandey
    • 1
  • Abhishek Singh Chauhan
    • 1
  1. 1.Department of CSENIISTBhopalIndia

Personalised recommendations