Abstract: The proliferation of web application and the pervasiveness of mobile technology make web-based attacks even more attractive and even easier to launch. Web Application Firewall (WAF) is an intermediate tool between web server and users that provides comprehensive protection for web application. WAF is a negative security model where the detection and prevention mechanisms are based on predefined or user-defined attack signatures and patterns. However, WAF alone is not adequate to offer best defensive system against web vulnerabilities that are increasing in number and complexity daily. This paper presents a methodology to automatically design a positive security based model which identifies and allows only legitimate web queries. The paper shows a true positive rate of more than 90% can be achieved.
Abstract: Elliptic curve-based certificateless signature is slowly
gaining attention due to its ability to retain the efficiency of
identity-based signature to eliminate the need of certificate
management while it does not suffer from inherent private
key escrow problem. Generally, cryptosystem based on elliptic
curve offers equivalent security strength at smaller key sizes
compared to conventional cryptosystem such as RSA which
results in faster computations and efficient use of computing
power, bandwidth, and storage. This paper proposes to implement
certificateless signature based on bilinear pairing to
structure the framework of IKE authentication. In this paper,
we perform a comparative analysis of certificateless signature
scheme with a well-known RSA scheme and also present the
experimental results in the context of signing and verification
execution times. By generalizing our observations, we discuss the
different trade-offs involved in implementing IKE authentication
by using certificateless signature.