Most remote authentication schemes use key exchange protocol to provide secure communication over an untrusted network. The protocol enables remote client and host to authenticate each other and communicate securely with prearranged shared secret key or server secret key. Many remote services environment such as online banking and electronic commerce are dependent on remote authentication schem...

In the constant evolution of the Web, the simple always gives way to the more complex. Static webpages with click-through dialogues are becoming more and more obsolete and in their place, asynchronous JavaScript requests, Web mash-ups and proprietary plug-ins with the ability to conduct cross-domain requests shape the modern user experience. Three recent studies showed that a significant number...

Malware or malicious code is software causing some unwanted and unauthorized activities on the system in a stealthy manner without the knowledge of the user. Malware activation makes the system vulnerable to malicious activities of the attacker. Malware makes its way to the system because of the lack of security awareness amongst users. It spreads through network vulnerabilities such as email a...

Distributed Denial of Service attacks is major threats these days over internet applications and web services. These attacks moving forward towards application layer to acquire and waste maximum CPU cycles. By requesting resources from web services in huge amount using rapid fire of requests, attacker automated programs utilizes all the capability of processing of single server application or d...

Cognitive networks are the solution for the problems existing on the current networks. Users maintain integrity of the networks and user node activity monitoring is required for provision of security. Cognitive Networks discussed in this paper not only monitor user node activity but also take preventive measures if user node transactions are malicious. The intelligence in cognitive engine is re...

Existing authentication models for e-commerce systems take into account satisfying legitimate user requirements described in security standards. Yet, the process of introducing countermeasures to block malicious user requirements is ad hoc and relies completely on the security designer expertise. This leads to expensive implementation life cycles if defects related to the design model were disc...

This study proposes a capable, scalable, and reliable edge-to-edge model for filtering malicious traffic through real-time monitoring of the impact of user behavior on quality of service (QoS) regulations. The model investigates user traffic, including that injected through distributed gateways and that destined to gateways that are experiencing actual attacks. Misbehaving traffic filtration is...

Browser-based Single Sign-On (SSO) protocols relieve the user from the burden of dealing with multiple credentials thereby improving the user experience and the security. In this paper we show that extreme care is required for specifying and implementing the prototypical browser-based SSO use case. We show that the main emerging SSO protocols, namely SAML SSO and OpenID, suffer from an authenti...

Trust represents an important issue for adopting cloud services. A trust management framework is essentially, about user rating. Hence, correctly addressing user feedback and filtering out malicious rating is a main step in providing reliable services. In order to process their feedback and calculate a reliable trust degree. Thus, new opportunities can be offered for the establishment of a trus...

We propose incorporating user actions to improve the precision of malware specifications and introduce a system to create effective application security policies based on the relationships between user interaction, GUI events, and run-time operations of both benign and malicious applications. Graphical malware such as Trojan:Win32/Fakeinit prevent us from simply allowing all user initiated acti...