JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Link-E-Param : A URL Parameter Encryption Technique for Improving Web Application Security
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Link-E-Param : A URL Parameter Encryption Technique for Improving Web Application Security
Lim, Deok-Byung; Park, Jun-Cheol;
  PDF(new window)
 Abstract
An URL parameter can hold some information that is confidential or vulnerable to illegitimate tampering. We propose Link-E-Param(Link with Encrypted Parameters) to protect the whole URL parameter names as well as their values. Unlike other techniques concealing only some of the URL parameters, it will successfully discourage attacks based on URL analysis to steal secret information on the Web sites. We implement Link-E-Param in the form of a servlet filter to be deployed on any Java Web server by simply copying a jar file and setting a few configuration values. Thus it can be used for any existing Web application without modifying the application. It also supports numerous encryption algorithms to choose from. Experiments show that our implementation induces only 2~3% increase in user response time due to encryption and decryption, which is deemed acceptable.
 Keywords
Web Application Security;Web Cracking;Encryption;URL Parameter;Servlet Filter;
 Language
Korean
 Cited by
 References
1.
E. Spiegelberg, "Securing Your Web Application Requests", http://today.java.net/article/2008/05/14/securing-your-web-application-requests, 2008.

2.
V. Guhesan, "QueryCrypt [Encrypt Your Query Parameters]", http://www.avedatech.com/Products/QueryCrypt/index.jsp, 2006.

3.
황순일, 김광진, "웹 해킹 패턴과 대응", 사이텍미디어, 2005.

4.
이용호, 박명수, 윤준, 윤정원, "안전한 웹 서비스를 위한 웹 어플리케이션 공격 유형 및 대응 방안 분석", 정보보호학회지, 제14권, 제4호, pp.1-9, 2004년 8월.

5.
T. Berners-Lee, L. Masinter, M. McCahill, "Uniform Resource Locators (URL)", IETF RFC 1738, http://www.ietf.org/rfc/rfc1738.txt, 1994.

6.
N. Coffey, "Comparison of encryption ciphers in Java", http://www.javamex.com/tutorials/cryptography/ciphers.shtml

7.
SANS Top Cyber Security Risks 2009, http://www.sans.org/

8.
Base64, http://en.wikipedia.org/wiki/Base64

9.
Transport Layer Security (TLS), http://en.wikipedia.org/wiki/Transport_Layer_Security