A prevention model for session hijack attacks in wireless networks using strong and encrypted session ID

Abstract

Most of the web applications are establishing the web session with the client. It is very important to protect the wireless networks against session hijacking attack. Session Hijack attack is easy to execute and difficult to detect. Wireless networks do not have specific boundary regions for the packets to be transferred. As the data packets are transferred in air, the chances of sniffing the network packets by the hackers or attackers are high by using the network sniffing tools. In this paper, we have proposed the Strong and Encrypted Session ID to prevent the session hijack attacks in web applications. Session ID is generated and the generated Session ID is encrypted, using a Secret Key Sharing algorithm and decrypted at the client side. We have tested the integrity of the session ID of length 32, 92 and 212 characters in a web application. Attacks are executed to capture the session ID of a web application. Our experimental results proved that 212 characters encrypted session ID completely prevents the session hijack attacks in web applications of wireless networks.