SlideShare a Scribd company logo

Running head SESSION HIJACKING & CLOUD COMPUTING .docx

Download as DOCX, PDF
C
charisellington63520

The document discusses the concept of cloud computing and highlights the security issue of session hijacking, which involves unauthorized access to web sessions. It reviews various vulnerabilities and risks associated with cloud services, emphasizing the need for organizations to adopt preventative measures such as encryption, firewalls, and digital authentication. Additionally, the paper presents a foundation for further research aimed at enhancing cloud security against session hijacking attacks.

Education
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Running head: SESSION HIJACKING & CLOUD COMPUTING 1 SESSION HIJACKING & CLOUD COMPUTING 20 Preventing Session Hijacking in Cloud Computing Sasha Melanie Personal Research Paper 20th October 2015 Abstract The idea of Cloud processing is turning out to be a well-known concept every passing day particularly in the field of computing and information technology. It refers to both applications that are conveyed as administrations over the Internet and also as resources (software and hardware) in the data centres. With this kind of advancement, the cloud computing technology raises many security concerns. There are several vulnerabilities that come along with cloud computing that may be exploited by attackers through security threats such as session hijacking. This paper gives an overview of the cloud as well as session
hijacking highlighting the key vulnerability areas that every organization need to put into consideration before any implementation of cloud computing. The paper gives the basis for further research that would help curb the challenge of session hijacking in cloud computing. TABLE OF CONTENTS Abstract 2 CHAPTER ONE 5 1.0 INTRODUCTION 5 1.1 Motivation for the study 6 1.2 Premises of the study 7 1.3 Problem Statement 7 1.4 Technical objectives of the study 7 CHAPTER TWO 9 2.0 RELATED WORK 9 2.1 Issues with Cloud Computing 9 2.2 ANALYSIS OF SESSION HIJACKING 9 2.2.1 Cookies: 10 2.2.2 TCP session capturing 10 2.3 PREVENTING SESSION HIJACKING 11 2.3.2 Information encryption programming 11 2.3.3 Virus Detection Applications 12 2.3.4 Digitized Signature 12 2.3.5 Computerized Authentication 13 2.3.6 Firewalls 14 2.3.7 Surf Anonymously 14 CHAPTER THREE 16
3.0 RESEARCH METHODOLOGY AND DESIGN 16 3.1 Introduction 16 3.2 Research Design 16 3.3 Data Collection Instruments 16 3.4 Methods of data Analysis and expected results 17 3.5 Time tables17 3.6 Conclusion 18 REFERENCES 19 CHAPTER ONE1.0 INTRODUCTION Enthusiasm towards Cloud processing arrangements is fast developing. Therefore, they have as of now been embraced in diverse situations, for example, person to person communication, business applications, and substance conveyance systems. Distributed computing is the start of a system based figuring over the web that is thought to be the component of two new registering models, the Client-Cloud processing, and the Terminal-Cloud figuring that would make entire eras of users and business (Mell & Grance, 2011). It is additionally the start of another Internet-based administration economy, for example, the Internet-driven, Web-based, on interest, Cloud applications and figuring economy. Bursztein et al., gives a more organized definition, who characterize a Cloud as a " parallel and disseminated framework comprising of an accumulation of interconnected and virtualized PCs that are progressively provisioned and exhibited as one or more bound together registering assets in light of administration level assertion". One of the key components describing Cloud
figuring is the capacity of conveying both base and programming as administrations. There are several security threats that come along with cloud computing such as session hijacking. The term Session hijacking stand for the misuse of quickly running session. Now and then it frequently alludes as a session key, it is utilized to pick up the unapproved increase to a framework or adventure administrations in the PC. At the point when an enchantment treat that is utilized to verify the client to the server is stolen and utilized for the unapproved handbag is alluded as session seizing. By and large it applies to the web designers, as HTTP cookies are utilized to keep up the session on a website can be effectively stolen by an aggressor or the assailant can use by obtaining entrance to the PC where he can locate the shared cookies (Dacosta et al., 2012).1.1 Motivation for the study Distributed computing has based on industry improvements leveraging so as to the date from the 1980s outsourced framework administrations, facilitated applications and programming as an administration (Mell & Grance, 2011). In all parts, the systems utilized are not unique. In total, it is something altogether different. The distinctions give both advantages and issues to the association coordinating with the cloud. The expansion of versatility and pay-as-you-go to this accumulation of advances makes distributed computing convincing to Chief Information Officers (CIO’s) in organizations of all sizes. Cloud combination presents interesting difficulties to occurrence handlers and additionally to those in charge of getting ready and arranging the agreement for cloud administrations. The difficulties are further entangled when there is a predominant observation that the cloud coordination is "inside the security Edge, or the association has been expressed in composed that an assertion required the supplier to be protected, this must be adequate (ComPUtING, 2011). This kind of intuition may be innocent at the same time, shockingly, it is not uncommon. The cloud supplier may have a
lot of implicit securities or they may not. Whether they do or not, episode taking care of Incident Handling (IH) groups will in the long run face occurrences identified with the joining, requiring getting ready for taking care of occurrences in this new environment (Dinh et al., 2013). The effects of cloud mix warrant a watchful examination by an association before execution. A presentation of a troublesome innovation, for example, distributed computing can make both definition and documentation of administrations, approaches, and techniques hazy in a given domain. Therefore, there is the need for any organization to understand clearly cloud computing and everything it entails to have a secure implementation that is free from attacks. 1.2 Premises of the study This study gives an overview of cloud computing and discuss what security on Cloud computing means. It also discusses what session hijacking is and the ways in which it can be mitigated and eliminated. Furthermore, the study makes it easy for the reader to understand what the benefits and vulnerabilities of moving toward Cloud computing are. It is additionally surely known that comprehensive danger and security control is not prescribed by all Cloud figuring usage. The level of control ought to dependably rely on upon former assessment. Be that as it may, there are still part of open examination territories on enhancing Cloud processing security, some of those are; Forensics and confirmation gathering components, asset segregation instruments and interoperability between cloud suppliers.1.3 Problem Statement Distributed computing is the rising innovation that empower clients to get to their assets on-interest premise. These assets can be got to through the web. It is accentuation on the pay per use idea. Numerous organizations have begun moving towards cloud advancement and give administrations to the vast volume of clients. It offers clients with moment accessibility, adaptability and sharing of assets. In any case, there are bunches of obstacles and obstructions in the reception of cloud are security and protection issues. At the point when the
ventures or people store their information on to the cloud, it must be shielded from unapproved clients/programmers getting to their information. It represents a noteworthy security challenge regarding the information since the capacity area of information is not known not. So keeping the information sheltered and securing the information protection is one of the key testing exploration meets expectations in distributed computing 1.4 Technical objectives of the study The research objectives of the study are: i. To evaluate the concept of cloud computing the security issues associated with it. ii. To find out what session hijacking in cloud computing means iii. To evaluate how session hijacking attack happens iv. To examine detection and the prevention techniques of session hijacking attack CHAPTER TWO2.0 RELATED WORK2.1 Issues with Cloud Computing Currently, cloud computing presents a genuine worry with information being concentrated outside the control of organizations. Touchy information will now be under the control of an outsider, and as indicated by a few specialists this is a consistent issue and some vibe that this is most likely going
to be the end of secret records administration (Zissis & Lekkas, 2012). With regards to the divulgence arrangements, a few individuals don't know where to take a stand and intentionally or unconsciously impart key data and to information out on the outside space that worry turns out to be considerably more basic. With everything open through the web, business will be reliant on the system and the administration supplier's base. Business will stop if the system/web is down. As showed by Zissis & Lekkas, right now in the IT world when there is the need to investigate an issue, one point of preference to support us is that the application logs and the database are inside of the premises of the undertaking. With the movement of the cloud, this perspective will be lost and in this way uncommon bolster or contract tying needs will arrive between the administration supplier and the business for e-disclosure. With business delicate inward information being kept up by the merchant the reliance on the seller's one of a kind Application Program Interface (API) and exclusive interfaces could make a conceivable lock-in with the merchant. On the off chance that under some situation the business is disappointed with the merchant, moving to another seller implies information should be reformatted and changed over which can be tedious and costly (Feng et al., 2011).2.2 ANALYSIS OF SESSION HIJACKING The most widely used method of following a client login state is using cookies. The procedure is very basic, go to a page and enter the login id and secret key. In the event that the data gave the right, the following reaction is like a treat that interestingly distinguishes a specific client. So as to check the login qualifications, cookies checked for every page of the site, and it confirms your creativity by being in place until you sign out (Bharti et al., 2013).2.2.1 Cookies: At the point when the client runs a machine, the machine stores a little content record that is called as cookies. Cookies are plain content; they don't contain any executable codes. A site page or disjoin teaches a specific program to store the data and
sent it back at whatever point there is a solicitation taking into account certain tenets. Lion's share of locales recognizes the clients by these treats. A client login state is finished by utilizing cookies. The procedure is very straightforward, go to a page and enter the login id and secret word. In the event that the data gave the right, the following reaction is like a cookie that exceptionally recognizes a specific client. With a particular final objective to find out the login capabilities, cookies are checked for every page of the site, and it confirms your creativity by being in place until you sign out (Bursztein et al., 2012).2.2.2 TCP session capturing In the TCP session capturing, the assailant assumes control over the TCP session between the two PCs. As the vast majority of the verification is done at the beginning of the session, this permits the programmer to increase over the machines. One of the regular techniques utilized is source-steered of IP parcels. It is by and large centre in the centre sort of assault, where a programmer a point B catches the discussion between the A and C by urging the bundles to go through the assailant’s computer (Oti & Hayfron, 2014). Despite the fact that the source directing is killed, the aggressor can utilize a technique called visually impaired capturing, where the assailant tries to figure the reaction between the two machines. On the off chance that he is fruitful, then the programmer sends an order yet he can never see the reaction yet however a typical summon is similar to the secret word, which permits to access from some other spot in the system Subashini & Kavitha, (2011). One of the reasons for such an assault is to bring about the disavowal of administration assault toward one side point with the goal that it won't react. This assault can drive the machine to crash, or it can constrain the system association for overwhelming bundle misfortune.2.3 PREVENTING SESSION HIJACKING2.3.2 Information encryption programming The Internet as said before keeps running on intermediary servers and through host servers. The intermediary servers serve
as the centre for application benefits that permit an assortment of conventions, for example, Telnet, SMTP, FTP, and HTTP and so forth to exchange data (Oti & Hayfron, 2014). Host servers then again utilize these administrations, however, are not associated specifically with different servers. In case, there is any intermediary server application, the customer associated with the intermediary server that starts the association with the outer server. Sometimes relying upon the sort of intermediary server utilized, the inner customers can perform redirection without the client being mindful of it. The intermediary server then starts the association through determined organization. This keeps the clients from being assaulted by outside servers as intermediary servers require validation before access is conceded. The entrance control list convention must be overhauled before the client or framework is permitted to have entry to the system. More advanced intermediary servers called Application Layer Gateways, or ALGs can further improve security by designing and blocking subsections of conventions. For instance, an ALG for FTP can permit "get" order and forbid "put" summon so that the clients can't put any records on the remote server. This kind of shifting of charges is successful when contrasted with the host servers that just has the ability of the completely permit server to communicate with different servers/clients or thoroughly deny the administration (Bharti et al., 2013).2.3.3 Virus Detection Applications Now and again one peruses of vindictive bugs and infections like Melissa and Love Bug that keep running in email script and focus on the clients by entering their frameworks and wreck programs and so forth. A reason bugs and infections effortlessly get to clients' framework is because of the way that these objective Microsoft items, for example, Internet Explorer and Outlook Express The most well-known interface among buyer IE is helpless against assaults as well as being focused by culprits. The viewpoint, for instance, is a powerless instrument as it naturally opens email as read when a client taps on another email. Thus, the infection is activated notwithstanding when the
client endeavors to erase the spontaneous email by tapping on it (Broad, 2013). Broad additionally asserts that "The shots of a PC infection getting to your framework may be under 1% or more prominent than 10% relying upon where you surf, who sends you email connections, and so forth., yet in the end an infection will draw near to you- - if not really pulverize information and consequently deny you of hours of diligent work." For this reason, there is more explanation behind taking prudent measures for infection assaults. To detect and mitigate threats, Broad prescribes clients to introduce an in number programming that is hostile enough to prevent infections. Moreover, the client additionally has the decision of utilizing Netscape as an interface and Eudora for email perusing. These items, however, may not bolster the greater part of the administrations that Microsoft brings to the table yet they keep infections from assaulting the entire framework. Eudora, for instance, is a sheltered email program and can be utilized to control spontaneous messages also.2.3.4 Digitized Signature The critical part of the computerized correspondence is that the Internet does not offer secure transmission. Online email sessions particularly are being hacked, and messages read o a general premise. Programmers can sniff open sessions and get passwords in content structure; they may hack into corporate records through checking apparatuses for producing passwords secured email accounts and so on. To neutralize these occasions of security rupture, advanced marks have been made through Public Key Infrastructure or PKI (Wedman et al., 2013). The PKI is essentially an advanced information transmission device for secure Internet communication. The PKI depends on encryption involving keys to ensure the computerized data. The trustworthiness and classification of the computerized data are guaranteed as it is just available for the planned collector. The sender has an open key that can use to encode a message; the message is then sent to the collector. The collector as a private key that he can use to unscramble the data. The PKI is affirmed,
issued and oversaw by neighbourhood accreditation power. Like this just the sender, recipient, and the confirmation power can have admittance to the data being sent. Today there are different sorts of PKI and oversaw by a large group of confirmation houses. As per Wedman (2013), in spite of the positive side of PKI, the innovation is not without pitfalls of its own. One is that the PKI accreditation is not a proof that data won't be gotten to by outside clients. Rather it only ensures that the organization that issues the PKI will secure the keys issued to the clients. A large group of PKI organizations, for example, RSA Security, Entrust, and Verisign have ended up and declare themselves as advanced affirmation powers though this has not been recognized by the administration or any official substance (Broad, 2013). Therefore, there are some enterprises that don't completely hold onto PKI as they realize that the freeware form of the apparatuses are accessible to everybody, and it is hard to prevent assailants from formulating approaches to go into the accreditation center point and get to keys information.2.3.5 Computerized Authentication Computerized authentications are a standout amongst the most utilized security strategies. They are given by outside accreditation power that checks the candidate's character and creates authentication for lawful exchanges. The authentications guarantee that the electronic message, for example, charge card data and other individual points of interest are not altered amid transmission on the Internet. The computerized marks depend on encryption calculation for scrambling and unscrambling of the same. The two most normal security conventions in computerized accreditation are SSL (secure attachments layer) by Netscape and SET (secure electronic exchange) by Visa International. These have been created to guarantee that charge card clients' security when they are exchanging on the web. The SET uses computerized declarations to recognize the purchaser, server and shipper bank. In such manner the SET representative's open key cryptography to secure the messages (Valacich & Schneider, 2014)2.3.6 Firewalls
Firewalls essentially work on multilevel security by first raising a boundary between the system that is the private system and the Internet. The firewall then screens the activity with particular attributes and permit it to go through entryways to the client machine. At the point when an advanced movement does not agree to the firewall criteria, then the data can't go through the passages in this manner avoiding unapproved activity, for example, infections and bugs from going into the PC. The most imperative piece of building a firewall is setting criteria for parcels to have an entry or denied at the portals. Contingent upon the way of the activity system managers can set up the sorts firewalls (Broad, 2013)2.3.7 Surf Anonymously As indicated by Wedman et al., (2013) clients can maintain a strategic distance from assailants by surfing secretly. Surfers tend to client either IE or Netscape for their skimming reason. These programs not just are most regularly utilized they are additionally powerless against online aggressors. For instance, they may give out data that are put away as Cookies or get to be held up in the machine's store. Individual data, for example, passwords, information shared, mailing records or Mastercard data, and so on stays open to the aggressors the length of the client is online and not logged out of the site. Correspondingly, sites dispatch mystery projects to publicize or keep an eye on client exercises called Fries that get to be stopped into the program. These are intended to peruse keystrokes and logged for publicizing utilization.
CHAPTER THREE3.0 RESEARCH METHODOLOGY AND DESIGN3.1 Introduction This part depicts the examination technique that was utilized in doing the study; it also contains the target population, and the sampling design, test of reliability and validity, data collection procedures and data analysis.3.2 Research Design According to Takhar & Ghorbani, (2015), a research design is a master plan/framework or blueprint specifying the strategies and techniques for gathering and investigating the required data. The study will receive illustrative exploration outline. This kind of exploration configuration reports things the way they are and endeavours to depict such things as could reasonably be expected conduct, mentalities, qualities, and attributes. This exploration design will also be suitable because it will be concerned with describing the characteristics of particular individual or group of individuals. The study will be aimed at describing the state of affairs as it is and, therefore, consider the descriptive research design to be the most appropriate for this study. As asserted by Takhar & Ghorbani, (2015), a descriptive study tries to discover answers to who, what, when, where, and sometimes how questions.3.3 Data Collection Instruments The research will focus on data sources such as institution library, online educational libraries, peer-reviewed articles books and journals also available online. The justification for the use of online sources is that they are economical to use in terms of time and money. They also permit a greater depth of response.3.4 Methods of data Analysis and expected results Data collected from all the sources will be edited and coded for analysis. It will be analyzed quantitatively and qualitatively. Quantitative information will be investigated through the utilization of elucidating measurements .charts, tables, and
percentages for data representation. The qualitative information will be dissected through substance investigation. It is normal that the data collected from the different sources will be analyzed and interpreted making it easily understood by the reader. The outcomes of this analysis are expected to teach the reader on cloud computing and session hijacking as well as the best ways of ensuring security in cloud computing.3.5 Time tables DESCRIPTION START DATE DURATION (days) END DATE Research topics of interest 01-Dec-14 90 01-Mar-15 Develop research questions and aims 04-Mar-15 8 11-Mar Reading on literature review 13-Mar-15 22 03-Apr-15 Write up proposal 05-Apr-15 29 03-May-15 Submit research proposal 05-May-15 22 26-May-15 Continue lit review and data collection 15-Jun-15 36 20-Jul-15
Analyse collected data from lit review 27-Jul-15 8 03-Aug-15 Write up lit review, methodology, and analysis 10-Aug-15 18 27-Aug-15 Write up conclusion, introduction and discussion 31-Aug-15 8 07-Jul-15 Send sample pages to supervisor 14-Sep-15 11 24-Sep-15 Write up the reflection and action plan paper 28-Sep-15 8 05-Oct-15 Proof read of dissertation and binding 12-Oct-15 8 19-Oct-15 Hand in dissertation 20-Oct-15 1 20-Oct-15 3.6 Conclusion Distributed computing can be seen as a subset of framework processing as they have the same advances and keep up the key ideas of the newly disseminated figuring worldview. It can offer practicality, conveying moment IT system base to new clients in any possible division. Rather than spending significant measures of cash and time building up a fresh out of the plastic new system, clients can 'module' to a current cloud framework
and be up and running immediately. Also, Cloud figuring offers the possibility to retrieve topographical hindrances to convey processing energy to groups that beforehand did not have practical access. For instance, through satellite broadband associations, remote third world areas can as of now get entrance to first world centralized computers. Everything they need is to be outfitted with ease essential portable PC equipment. This innovation offers colossal open doors and is prone to change profoundly the way individuals utilize the Internet in the coming years. By adding to a general reception system, or essentially simply perceiving the significance of the more extensive variables specified above, clients and associations can lessen the potential dangers, for example, session capturing and guarantee they get the most extreme conceivable advantage from their adventure into the cloud. The study above has unmistakably explained the powerlessness issue of session capturing and the routes in which people and association can work day and night to execute productive yet secure appropriated processing advances. Nonetheless, it ought to be noticed that distributed computing is a constantly advancing idea, and more research should be done on methods for improving the security prerequisites for its foundation and additional methods for conquering the security risk of session capturing REFERENCES Bursztein, E., Soman, C., Boneh, D., & Mitchell, J. C. (2012, April). Sessionjuggler: secure web login from an untrusted terminal using session hijacking. In Proceedings of the 21st international conference on World Wide Web (pp. 321-330). ACM. Bharti, A. K., Goyal, M., & Chaudhary, M. (2013). A Review on Detection of Session Hijacking and Ip Spoofing. International Journal of Advanced Research in Computer Science, 4(9). Broad, J. (2013). Risk Management Framework: A Lab-Based Approach to Securing Information Systems. Newnes.
ComPUtING, C. (2011). Cloud computing privacy concerns on our doorstep. Communications of the ACM, 54(1). Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611. Dacosta, I., Chakradeo, S., Ahamad, M., & Traynor, P. (2012). One-time cookies: Preventing session hijacking attacks with stateless authentication tokens. ACM Transactions on Internet Technology (TOIT), 12(1), 1. Feng, D. G., Zhang, M., Zhang, Y., & Xu, Z. (2011). Study on cloud computing security. Journal of software, 22(1), 71-83. http://searchmidmarketsecurity.techtarget.com/tip/Defending- against-Firesheep-How-to-prevent-a-session-hijacking-attack. Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. Oti, S. B., & Hayfron-Acquah, J. B. (2014). Practical Security Approaches against Border Gateway Protocol (BGP) Session Hijacking Attacks between Autonomous Systems. Journal of Computer and Communications, 2014. Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), 1-11. Takhar-Lail, A., & Ghorbani, A. (2015). Market Research Methodologies: Multi-Method and Qualitative. Wedman, S., Tetmeyer, A., & Saiedian, H. (2013). An analytical study of web application session management mechanisms and HTTP session hijacking attacks. Information Security Journal: A Global Perspective, 22(2), 55-67. Valacich, J., & Schneider, C. (2014). Information Systems Today: Managing in the Digital World with MyITLab. Policy Statement. Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.
Running head SESSION HIJACKING & CLOUD COMPUTING .docx

More Related Content

PPTX
Cloud security
Niharika Varshney
 
DOCX
Cloud computing risk assesment report
Ahmad El Tawil
 
DOCX
What is the future of cloud security linked in
Jonathan Spindel
 
DOCX
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
Lillian Ekwosi-Egbulem
 
PDF
Eb31854857
IJERA Editor
 
PDF
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
PPTX
Unit -3.pptx cloud Security unit -3 notes
Ramya Nellutla
 
PPTX
Cloud computing 10 cloud security advantages and challenges
Vaibhav Khanna
 
Cloud security
Niharika Varshney
 
Cloud computing risk assesment report
Ahmad El Tawil
 
What is the future of cloud security linked in
Jonathan Spindel
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
Lillian Ekwosi-Egbulem
 
Eb31854857
IJERA Editor
 
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
Unit -3.pptx cloud Security unit -3 notes
Ramya Nellutla
 
Cloud computing 10 cloud security advantages and challenges
Vaibhav Khanna
 

Similar to Running head SESSION HIJACKING & CLOUD COMPUTING .docx (20)

PDF
Cloud Computing Service Availability.pdf
chakrirocky1
 
DOCX
Discussion 1Cloud computing offers the ability to share informat
VinaOconner450
 
PDF
Investigative analysis of security issues and challenges in cloud computing a...
IAEME Publication
 
PDF
Analysis of Cloud Computing Security Concerns and Methodologies
IRJET Journal
 
PPT
Cloud computing final show
ahmad abdelhafeez
 
PPTX
security_and_privacy_in_cloud_computing (1).pptx
thumilvannan
 
PPTX
Cloud security From Infrastructure to People-ware
Tzar Umang
 
DOCX
Cloud Computing Adoption and the Impact of Information Security
Belinda Edwards
 
PPTX
A survey on the security of cloud computing
Lubna_Alhenaki
 
DOC
Cloud security
Mohamed Shalash
 
DOCX
Information Sciences 305 (2015) 357–383Contents lists availa.docx
vickeryr87
 
DOCX
Information Sciences 305 (2015) 357–383Contents lists availa.docx
annettsparrow
 
DOCX
Review of Business Information Systems – Fourth Quarter 2013 V.docx
michael591
 
PDF
A comprehensive survey on security issues in cloud computing and data privacy...
eSAT Journals
 
PDF
A comprehensive survey on security issues in cloud computing and data privacy...
eSAT Journals
 
PDF
A comprehensive survey on security issues in cloud computing and data privacy...
eSAT Publishing House
 
PPTX
Security of Cloud Computing Survey
Lubna_Alhenaki
 
PDF
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET Journal
 
PDF
Cloud Computing Security
Dhaval Dave
 
PDF
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET Journal
 
Cloud Computing Service Availability.pdf
chakrirocky1
 
Discussion 1Cloud computing offers the ability to share informat
VinaOconner450
 
Investigative analysis of security issues and challenges in cloud computing a...
IAEME Publication
 
Analysis of Cloud Computing Security Concerns and Methodologies
IRJET Journal
 
Cloud computing final show
ahmad abdelhafeez
 
security_and_privacy_in_cloud_computing (1).pptx
thumilvannan
 
Cloud security From Infrastructure to People-ware
Tzar Umang
 
Cloud Computing Adoption and the Impact of Information Security
Belinda Edwards
 
A survey on the security of cloud computing
Lubna_Alhenaki
 
Cloud security
Mohamed Shalash
 
Information Sciences 305 (2015) 357–383Contents lists availa.docx
vickeryr87
 
Information Sciences 305 (2015) 357–383Contents lists availa.docx
annettsparrow
 
Review of Business Information Systems – Fourth Quarter 2013 V.docx
michael591
 
A comprehensive survey on security issues in cloud computing and data privacy...
eSAT Journals
 
A comprehensive survey on security issues in cloud computing and data privacy...
eSAT Journals
 
A comprehensive survey on security issues in cloud computing and data privacy...
eSAT Publishing House
 
Security of Cloud Computing Survey
Lubna_Alhenaki
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET Journal
 
Cloud Computing Security
Dhaval Dave
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET Journal
 

More from charisellington63520 (20)

DOCX
in addition to these questions also answer the following;Answer .docx
charisellington63520
 
DOCX
In an environment of compliancy laws, regulations, and standards, in.docx
charisellington63520
 
DOCX
In American politics, people often compare their enemies to Hitler o.docx
charisellington63520
 
DOCX
In addition to the thread, the student is required to reply to 2 oth.docx
charisellington63520
 
DOCX
In addition to reading the Announcements, prepare for this d.docx
charisellington63520
 
DOCX
In Act 4 during the trial scene, Bassanio says the following lin.docx
charisellington63520
 
DOCX
In a Word document, please respond to the following questions.docx
charisellington63520
 
DOCX
In a Word document, create A Set of Instructions. (you will want.docx
charisellington63520
 
DOCX
In a two page response MLA format paperMaria Werner talks about .docx
charisellington63520
 
DOCX
In a paragraph (150 words minimum), please respond to the follow.docx
charisellington63520
 
DOCX
In a paragraph form, discuss the belowThe client comes to t.docx
charisellington63520
 
DOCX
In a minimum of 300 words in APA format.Through the advent o.docx
charisellington63520
 
DOCX
In a paragraph form, post your initial response after reading th.docx
charisellington63520
 
DOCX
In a minimum 250-word paragraph, discuss at least one point the auth.docx
charisellington63520
 
DOCX
In a hostage crisis, is it ethical for a government to agree to gran.docx
charisellington63520
 
DOCX
In a double-spaced 12 Font paper  How did you immediately feel a.docx
charisellington63520
 
DOCX
In a follow-up to your IoT discussion with management, you have .docx
charisellington63520
 
DOCX
In a COVID-19 situation identify the guidelines for ethical use of t.docx
charisellington63520
 
DOCX
In a 750- to 1,250-word paper, evaluate the implications of Internet.docx
charisellington63520
 
DOCX
In a 600 word count (EACH bullet point having 300 words each) di.docx
charisellington63520
 
in addition to these questions also answer the following;Answer .docx
charisellington63520
 
In an environment of compliancy laws, regulations, and standards, in.docx
charisellington63520
 
In American politics, people often compare their enemies to Hitler o.docx
charisellington63520
 
In addition to the thread, the student is required to reply to 2 oth.docx
charisellington63520
 
In addition to reading the Announcements, prepare for this d.docx
charisellington63520
 
In Act 4 during the trial scene, Bassanio says the following lin.docx
charisellington63520
 
In a Word document, please respond to the following questions.docx
charisellington63520
 
In a Word document, create A Set of Instructions. (you will want.docx
charisellington63520
 
In a two page response MLA format paperMaria Werner talks about .docx
charisellington63520
 
In a paragraph (150 words minimum), please respond to the follow.docx
charisellington63520
 
In a paragraph form, discuss the belowThe client comes to t.docx
charisellington63520
 
In a minimum of 300 words in APA format.Through the advent o.docx
charisellington63520
 
In a paragraph form, post your initial response after reading th.docx
charisellington63520
 
In a minimum 250-word paragraph, discuss at least one point the auth.docx
charisellington63520
 
In a hostage crisis, is it ethical for a government to agree to gran.docx
charisellington63520
 
In a double-spaced 12 Font paper  How did you immediately feel a.docx
charisellington63520
 
In a follow-up to your IoT discussion with management, you have .docx
charisellington63520
 
In a COVID-19 situation identify the guidelines for ethical use of t.docx
charisellington63520
 
In a 750- to 1,250-word paper, evaluate the implications of Internet.docx
charisellington63520
 
In a 600 word count (EACH bullet point having 300 words each) di.docx
charisellington63520
 

Recently uploaded (20)

PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
master seminar digital applications in india
ananyaray35
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 

Running head SESSION HIJACKING & CLOUD COMPUTING .docx

  • 1. Running head: SESSION HIJACKING & CLOUD COMPUTING 1 SESSION HIJACKING & CLOUD COMPUTING 20 Preventing Session Hijacking in Cloud Computing Sasha Melanie Personal Research Paper 20th October 2015 Abstract The idea of Cloud processing is turning out to be a well-known concept every passing day particularly in the field of computing and information technology. It refers to both applications that are conveyed as administrations over the Internet and also as resources (software and hardware) in the data centres. With this kind of advancement, the cloud computing technology raises many security concerns. There are several vulnerabilities that come along with cloud computing that may be exploited by attackers through security threats such as session hijacking. This paper gives an overview of the cloud as well as session
  • 2. hijacking highlighting the key vulnerability areas that every organization need to put into consideration before any implementation of cloud computing. The paper gives the basis for further research that would help curb the challenge of session hijacking in cloud computing. TABLE OF CONTENTS Abstract 2 CHAPTER ONE 5 1.0 INTRODUCTION 5 1.1 Motivation for the study 6 1.2 Premises of the study 7 1.3 Problem Statement 7 1.4 Technical objectives of the study 7 CHAPTER TWO 9 2.0 RELATED WORK 9 2.1 Issues with Cloud Computing 9 2.2 ANALYSIS OF SESSION HIJACKING 9 2.2.1 Cookies: 10 2.2.2 TCP session capturing 10 2.3 PREVENTING SESSION HIJACKING 11 2.3.2 Information encryption programming 11 2.3.3 Virus Detection Applications 12 2.3.4 Digitized Signature 12 2.3.5 Computerized Authentication 13 2.3.6 Firewalls 14 2.3.7 Surf Anonymously 14 CHAPTER THREE 16
  • 3. 3.0 RESEARCH METHODOLOGY AND DESIGN 16 3.1 Introduction 16 3.2 Research Design 16 3.3 Data Collection Instruments 16 3.4 Methods of data Analysis and expected results 17 3.5 Time tables17 3.6 Conclusion 18 REFERENCES 19 CHAPTER ONE1.0 INTRODUCTION Enthusiasm towards Cloud processing arrangements is fast developing. Therefore, they have as of now been embraced in diverse situations, for example, person to person communication, business applications, and substance conveyance systems. Distributed computing is the start of a system based figuring over the web that is thought to be the component of two new registering models, the Client-Cloud processing, and the Terminal-Cloud figuring that would make entire eras of users and business (Mell & Grance, 2011). It is additionally the start of another Internet-based administration economy, for example, the Internet-driven, Web-based, on interest, Cloud applications and figuring economy. Bursztein et al., gives a more organized definition, who characterize a Cloud as a " parallel and disseminated framework comprising of an accumulation of interconnected and virtualized PCs that are progressively provisioned and exhibited as one or more bound together registering assets in light of administration level assertion". One of the key components describing Cloud
  • 4. figuring is the capacity of conveying both base and programming as administrations. There are several security threats that come along with cloud computing such as session hijacking. The term Session hijacking stand for the misuse of quickly running session. Now and then it frequently alludes as a session key, it is utilized to pick up the unapproved increase to a framework or adventure administrations in the PC. At the point when an enchantment treat that is utilized to verify the client to the server is stolen and utilized for the unapproved handbag is alluded as session seizing. By and large it applies to the web designers, as HTTP cookies are utilized to keep up the session on a website can be effectively stolen by an aggressor or the assailant can use by obtaining entrance to the PC where he can locate the shared cookies (Dacosta et al., 2012).1.1 Motivation for the study Distributed computing has based on industry improvements leveraging so as to the date from the 1980s outsourced framework administrations, facilitated applications and programming as an administration (Mell & Grance, 2011). In all parts, the systems utilized are not unique. In total, it is something altogether different. The distinctions give both advantages and issues to the association coordinating with the cloud. The expansion of versatility and pay-as-you-go to this accumulation of advances makes distributed computing convincing to Chief Information Officers (CIO’s) in organizations of all sizes. Cloud combination presents interesting difficulties to occurrence handlers and additionally to those in charge of getting ready and arranging the agreement for cloud administrations. The difficulties are further entangled when there is a predominant observation that the cloud coordination is "inside the security Edge, or the association has been expressed in composed that an assertion required the supplier to be protected, this must be adequate (ComPUtING, 2011). This kind of intuition may be innocent at the same time, shockingly, it is not uncommon. The cloud supplier may have a
  • 5. lot of implicit securities or they may not. Whether they do or not, episode taking care of Incident Handling (IH) groups will in the long run face occurrences identified with the joining, requiring getting ready for taking care of occurrences in this new environment (Dinh et al., 2013). The effects of cloud mix warrant a watchful examination by an association before execution. A presentation of a troublesome innovation, for example, distributed computing can make both definition and documentation of administrations, approaches, and techniques hazy in a given domain. Therefore, there is the need for any organization to understand clearly cloud computing and everything it entails to have a secure implementation that is free from attacks. 1.2 Premises of the study This study gives an overview of cloud computing and discuss what security on Cloud computing means. It also discusses what session hijacking is and the ways in which it can be mitigated and eliminated. Furthermore, the study makes it easy for the reader to understand what the benefits and vulnerabilities of moving toward Cloud computing are. It is additionally surely known that comprehensive danger and security control is not prescribed by all Cloud figuring usage. The level of control ought to dependably rely on upon former assessment. Be that as it may, there are still part of open examination territories on enhancing Cloud processing security, some of those are; Forensics and confirmation gathering components, asset segregation instruments and interoperability between cloud suppliers.1.3 Problem Statement Distributed computing is the rising innovation that empower clients to get to their assets on-interest premise. These assets can be got to through the web. It is accentuation on the pay per use idea. Numerous organizations have begun moving towards cloud advancement and give administrations to the vast volume of clients. It offers clients with moment accessibility, adaptability and sharing of assets. In any case, there are bunches of obstacles and obstructions in the reception of cloud are security and protection issues. At the point when the
  • 6. ventures or people store their information on to the cloud, it must be shielded from unapproved clients/programmers getting to their information. It represents a noteworthy security challenge regarding the information since the capacity area of information is not known not. So keeping the information sheltered and securing the information protection is one of the key testing exploration meets expectations in distributed computing 1.4 Technical objectives of the study The research objectives of the study are: i. To evaluate the concept of cloud computing the security issues associated with it. ii. To find out what session hijacking in cloud computing means iii. To evaluate how session hijacking attack happens iv. To examine detection and the prevention techniques of session hijacking attack CHAPTER TWO2.0 RELATED WORK2.1 Issues with Cloud Computing Currently, cloud computing presents a genuine worry with information being concentrated outside the control of organizations. Touchy information will now be under the control of an outsider, and as indicated by a few specialists this is a consistent issue and some vibe that this is most likely going
  • 7. to be the end of secret records administration (Zissis & Lekkas, 2012). With regards to the divulgence arrangements, a few individuals don't know where to take a stand and intentionally or unconsciously impart key data and to information out on the outside space that worry turns out to be considerably more basic. With everything open through the web, business will be reliant on the system and the administration supplier's base. Business will stop if the system/web is down. As showed by Zissis & Lekkas, right now in the IT world when there is the need to investigate an issue, one point of preference to support us is that the application logs and the database are inside of the premises of the undertaking. With the movement of the cloud, this perspective will be lost and in this way uncommon bolster or contract tying needs will arrive between the administration supplier and the business for e-disclosure. With business delicate inward information being kept up by the merchant the reliance on the seller's one of a kind Application Program Interface (API) and exclusive interfaces could make a conceivable lock-in with the merchant. On the off chance that under some situation the business is disappointed with the merchant, moving to another seller implies information should be reformatted and changed over which can be tedious and costly (Feng et al., 2011).2.2 ANALYSIS OF SESSION HIJACKING The most widely used method of following a client login state is using cookies. The procedure is very basic, go to a page and enter the login id and secret key. In the event that the data gave the right, the following reaction is like a treat that interestingly distinguishes a specific client. So as to check the login qualifications, cookies checked for every page of the site, and it confirms your creativity by being in place until you sign out (Bharti et al., 2013).2.2.1 Cookies: At the point when the client runs a machine, the machine stores a little content record that is called as cookies. Cookies are plain content; they don't contain any executable codes. A site page or disjoin teaches a specific program to store the data and
  • 8. sent it back at whatever point there is a solicitation taking into account certain tenets. Lion's share of locales recognizes the clients by these treats. A client login state is finished by utilizing cookies. The procedure is very straightforward, go to a page and enter the login id and secret word. In the event that the data gave the right, the following reaction is like a cookie that exceptionally recognizes a specific client. With a particular final objective to find out the login capabilities, cookies are checked for every page of the site, and it confirms your creativity by being in place until you sign out (Bursztein et al., 2012).2.2.2 TCP session capturing In the TCP session capturing, the assailant assumes control over the TCP session between the two PCs. As the vast majority of the verification is done at the beginning of the session, this permits the programmer to increase over the machines. One of the regular techniques utilized is source-steered of IP parcels. It is by and large centre in the centre sort of assault, where a programmer a point B catches the discussion between the A and C by urging the bundles to go through the assailant’s computer (Oti & Hayfron, 2014). Despite the fact that the source directing is killed, the aggressor can utilize a technique called visually impaired capturing, where the assailant tries to figure the reaction between the two machines. On the off chance that he is fruitful, then the programmer sends an order yet he can never see the reaction yet however a typical summon is similar to the secret word, which permits to access from some other spot in the system Subashini & Kavitha, (2011). One of the reasons for such an assault is to bring about the disavowal of administration assault toward one side point with the goal that it won't react. This assault can drive the machine to crash, or it can constrain the system association for overwhelming bundle misfortune.2.3 PREVENTING SESSION HIJACKING2.3.2 Information encryption programming The Internet as said before keeps running on intermediary servers and through host servers. The intermediary servers serve
  • 9. as the centre for application benefits that permit an assortment of conventions, for example, Telnet, SMTP, FTP, and HTTP and so forth to exchange data (Oti & Hayfron, 2014). Host servers then again utilize these administrations, however, are not associated specifically with different servers. In case, there is any intermediary server application, the customer associated with the intermediary server that starts the association with the outer server. Sometimes relying upon the sort of intermediary server utilized, the inner customers can perform redirection without the client being mindful of it. The intermediary server then starts the association through determined organization. This keeps the clients from being assaulted by outside servers as intermediary servers require validation before access is conceded. The entrance control list convention must be overhauled before the client or framework is permitted to have entry to the system. More advanced intermediary servers called Application Layer Gateways, or ALGs can further improve security by designing and blocking subsections of conventions. For instance, an ALG for FTP can permit "get" order and forbid "put" summon so that the clients can't put any records on the remote server. This kind of shifting of charges is successful when contrasted with the host servers that just has the ability of the completely permit server to communicate with different servers/clients or thoroughly deny the administration (Bharti et al., 2013).2.3.3 Virus Detection Applications Now and again one peruses of vindictive bugs and infections like Melissa and Love Bug that keep running in email script and focus on the clients by entering their frameworks and wreck programs and so forth. A reason bugs and infections effortlessly get to clients' framework is because of the way that these objective Microsoft items, for example, Internet Explorer and Outlook Express The most well-known interface among buyer IE is helpless against assaults as well as being focused by culprits. The viewpoint, for instance, is a powerless instrument as it naturally opens email as read when a client taps on another email. Thus, the infection is activated notwithstanding when the
  • 10. client endeavors to erase the spontaneous email by tapping on it (Broad, 2013). Broad additionally asserts that "The shots of a PC infection getting to your framework may be under 1% or more prominent than 10% relying upon where you surf, who sends you email connections, and so forth., yet in the end an infection will draw near to you- - if not really pulverize information and consequently deny you of hours of diligent work." For this reason, there is more explanation behind taking prudent measures for infection assaults. To detect and mitigate threats, Broad prescribes clients to introduce an in number programming that is hostile enough to prevent infections. Moreover, the client additionally has the decision of utilizing Netscape as an interface and Eudora for email perusing. These items, however, may not bolster the greater part of the administrations that Microsoft brings to the table yet they keep infections from assaulting the entire framework. Eudora, for instance, is a sheltered email program and can be utilized to control spontaneous messages also.2.3.4 Digitized Signature The critical part of the computerized correspondence is that the Internet does not offer secure transmission. Online email sessions particularly are being hacked, and messages read o a general premise. Programmers can sniff open sessions and get passwords in content structure; they may hack into corporate records through checking apparatuses for producing passwords secured email accounts and so on. To neutralize these occasions of security rupture, advanced marks have been made through Public Key Infrastructure or PKI (Wedman et al., 2013). The PKI is essentially an advanced information transmission device for secure Internet communication. The PKI depends on encryption involving keys to ensure the computerized data. The trustworthiness and classification of the computerized data are guaranteed as it is just available for the planned collector. The sender has an open key that can use to encode a message; the message is then sent to the collector. The collector as a private key that he can use to unscramble the data. The PKI is affirmed,
  • 11. issued and oversaw by neighbourhood accreditation power. Like this just the sender, recipient, and the confirmation power can have admittance to the data being sent. Today there are different sorts of PKI and oversaw by a large group of confirmation houses. As per Wedman (2013), in spite of the positive side of PKI, the innovation is not without pitfalls of its own. One is that the PKI accreditation is not a proof that data won't be gotten to by outside clients. Rather it only ensures that the organization that issues the PKI will secure the keys issued to the clients. A large group of PKI organizations, for example, RSA Security, Entrust, and Verisign have ended up and declare themselves as advanced affirmation powers though this has not been recognized by the administration or any official substance (Broad, 2013). Therefore, there are some enterprises that don't completely hold onto PKI as they realize that the freeware form of the apparatuses are accessible to everybody, and it is hard to prevent assailants from formulating approaches to go into the accreditation center point and get to keys information.2.3.5 Computerized Authentication Computerized authentications are a standout amongst the most utilized security strategies. They are given by outside accreditation power that checks the candidate's character and creates authentication for lawful exchanges. The authentications guarantee that the electronic message, for example, charge card data and other individual points of interest are not altered amid transmission on the Internet. The computerized marks depend on encryption calculation for scrambling and unscrambling of the same. The two most normal security conventions in computerized accreditation are SSL (secure attachments layer) by Netscape and SET (secure electronic exchange) by Visa International. These have been created to guarantee that charge card clients' security when they are exchanging on the web. The SET uses computerized declarations to recognize the purchaser, server and shipper bank. In such manner the SET representative's open key cryptography to secure the messages (Valacich & Schneider, 2014)2.3.6 Firewalls
  • 12. Firewalls essentially work on multilevel security by first raising a boundary between the system that is the private system and the Internet. The firewall then screens the activity with particular attributes and permit it to go through entryways to the client machine. At the point when an advanced movement does not agree to the firewall criteria, then the data can't go through the passages in this manner avoiding unapproved activity, for example, infections and bugs from going into the PC. The most imperative piece of building a firewall is setting criteria for parcels to have an entry or denied at the portals. Contingent upon the way of the activity system managers can set up the sorts firewalls (Broad, 2013)2.3.7 Surf Anonymously As indicated by Wedman et al., (2013) clients can maintain a strategic distance from assailants by surfing secretly. Surfers tend to client either IE or Netscape for their skimming reason. These programs not just are most regularly utilized they are additionally powerless against online aggressors. For instance, they may give out data that are put away as Cookies or get to be held up in the machine's store. Individual data, for example, passwords, information shared, mailing records or Mastercard data, and so on stays open to the aggressors the length of the client is online and not logged out of the site. Correspondingly, sites dispatch mystery projects to publicize or keep an eye on client exercises called Fries that get to be stopped into the program. These are intended to peruse keystrokes and logged for publicizing utilization.
  • 13. CHAPTER THREE3.0 RESEARCH METHODOLOGY AND DESIGN3.1 Introduction This part depicts the examination technique that was utilized in doing the study; it also contains the target population, and the sampling design, test of reliability and validity, data collection procedures and data analysis.3.2 Research Design According to Takhar & Ghorbani, (2015), a research design is a master plan/framework or blueprint specifying the strategies and techniques for gathering and investigating the required data. The study will receive illustrative exploration outline. This kind of exploration configuration reports things the way they are and endeavours to depict such things as could reasonably be expected conduct, mentalities, qualities, and attributes. This exploration design will also be suitable because it will be concerned with describing the characteristics of particular individual or group of individuals. The study will be aimed at describing the state of affairs as it is and, therefore, consider the descriptive research design to be the most appropriate for this study. As asserted by Takhar & Ghorbani, (2015), a descriptive study tries to discover answers to who, what, when, where, and sometimes how questions.3.3 Data Collection Instruments The research will focus on data sources such as institution library, online educational libraries, peer-reviewed articles books and journals also available online. The justification for the use of online sources is that they are economical to use in terms of time and money. They also permit a greater depth of response.3.4 Methods of data Analysis and expected results Data collected from all the sources will be edited and coded for analysis. It will be analyzed quantitatively and qualitatively. Quantitative information will be investigated through the utilization of elucidating measurements .charts, tables, and
  • 14. percentages for data representation. The qualitative information will be dissected through substance investigation. It is normal that the data collected from the different sources will be analyzed and interpreted making it easily understood by the reader. The outcomes of this analysis are expected to teach the reader on cloud computing and session hijacking as well as the best ways of ensuring security in cloud computing.3.5 Time tables DESCRIPTION START DATE DURATION (days) END DATE Research topics of interest 01-Dec-14 90 01-Mar-15 Develop research questions and aims 04-Mar-15 8 11-Mar Reading on literature review 13-Mar-15 22 03-Apr-15 Write up proposal 05-Apr-15 29 03-May-15 Submit research proposal 05-May-15 22 26-May-15 Continue lit review and data collection 15-Jun-15 36 20-Jul-15
  • 15. Analyse collected data from lit review 27-Jul-15 8 03-Aug-15 Write up lit review, methodology, and analysis 10-Aug-15 18 27-Aug-15 Write up conclusion, introduction and discussion 31-Aug-15 8 07-Jul-15 Send sample pages to supervisor 14-Sep-15 11 24-Sep-15 Write up the reflection and action plan paper 28-Sep-15 8 05-Oct-15 Proof read of dissertation and binding 12-Oct-15 8 19-Oct-15 Hand in dissertation 20-Oct-15 1 20-Oct-15 3.6 Conclusion Distributed computing can be seen as a subset of framework processing as they have the same advances and keep up the key ideas of the newly disseminated figuring worldview. It can offer practicality, conveying moment IT system base to new clients in any possible division. Rather than spending significant measures of cash and time building up a fresh out of the plastic new system, clients can 'module' to a current cloud framework
  • 16. and be up and running immediately. Also, Cloud figuring offers the possibility to retrieve topographical hindrances to convey processing energy to groups that beforehand did not have practical access. For instance, through satellite broadband associations, remote third world areas can as of now get entrance to first world centralized computers. Everything they need is to be outfitted with ease essential portable PC equipment. This innovation offers colossal open doors and is prone to change profoundly the way individuals utilize the Internet in the coming years. By adding to a general reception system, or essentially simply perceiving the significance of the more extensive variables specified above, clients and associations can lessen the potential dangers, for example, session capturing and guarantee they get the most extreme conceivable advantage from their adventure into the cloud. The study above has unmistakably explained the powerlessness issue of session capturing and the routes in which people and association can work day and night to execute productive yet secure appropriated processing advances. Nonetheless, it ought to be noticed that distributed computing is a constantly advancing idea, and more research should be done on methods for improving the security prerequisites for its foundation and additional methods for conquering the security risk of session capturing REFERENCES Bursztein, E., Soman, C., Boneh, D., & Mitchell, J. C. (2012, April). Sessionjuggler: secure web login from an untrusted terminal using session hijacking. In Proceedings of the 21st international conference on World Wide Web (pp. 321-330). ACM. Bharti, A. K., Goyal, M., & Chaudhary, M. (2013). A Review on Detection of Session Hijacking and Ip Spoofing. International Journal of Advanced Research in Computer Science, 4(9). Broad, J. (2013). Risk Management Framework: A Lab-Based Approach to Securing Information Systems. Newnes.
  • 17. ComPUtING, C. (2011). Cloud computing privacy concerns on our doorstep. Communications of the ACM, 54(1). Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611. Dacosta, I., Chakradeo, S., Ahamad, M., & Traynor, P. (2012). One-time cookies: Preventing session hijacking attacks with stateless authentication tokens. ACM Transactions on Internet Technology (TOIT), 12(1), 1. Feng, D. G., Zhang, M., Zhang, Y., & Xu, Z. (2011). Study on cloud computing security. Journal of software, 22(1), 71-83. http://searchmidmarketsecurity.techtarget.com/tip/Defending- against-Firesheep-How-to-prevent-a-session-hijacking-attack. Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. Oti, S. B., & Hayfron-Acquah, J. B. (2014). Practical Security Approaches against Border Gateway Protocol (BGP) Session Hijacking Attacks between Autonomous Systems. Journal of Computer and Communications, 2014. Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), 1-11. Takhar-Lail, A., & Ghorbani, A. (2015). Market Research Methodologies: Multi-Method and Qualitative. Wedman, S., Tetmeyer, A., & Saiedian, H. (2013). An analytical study of web application session management mechanisms and HTTP session hijacking attacks. Information Security Journal: A Global Perspective, 22(2), 55-67. Valacich, J., & Schneider, C. (2014). Information Systems Today: Managing in the Digital World with MyITLab. Policy Statement. Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.