International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 04 Issue: 07 | July -2017
p-ISSN: 2395-0072
www.irjet.net
Data Lineage in Cross-Site Scripting (XSS) Attack Sunitha V.S ,Jissmol Jose 1Student,Dept.ofCcomputer
Science, St.Joseph’s College, Irinjalakkuda , Kerala, India Computer Science, St.Joseph’s College, Irinjalakkuda ,Kerala, India ---------------------------------------------------------------------***--------------------------------------------------------------------1Professor,Dept.of
Abstract - In this digital era ,leakage of sensitive data is
one of the most severe issue that the organization face. It is not only for organizations , the consequences are also faced by personal lives. Personal information is accessed through social networking sites or smart phones and it is indirectly transferred to unauthenticated persons for their personal gains. But we cannot identify the leaker in a provable manner. Now we introduce a frame work LIME, it has two characteristics :owner and consumer. And an important third party auditor to identify the leaker. The frame work provide some features to secure the data transfer such as novel accountable data transfer protocol, robust watermarking, and signature primitives. Cross -site scripting(XSS) attack and its prevention through three way handshaking protocol. Key Words: : LIME, Robust Watermarking ,Signature Primitives ,Novel Accountable Data Transfer Protocol XSS attack, Three way hand shaking
1.INTRODUCTION Sensitive data leakage is the present issue faced by the organization in this digital era. It is happened by malicious external entities or employees for their personal gains. But we cannot caught the leaker in a provable manner and identification of the leaker is not an accurate always. The data leakage not only faced by organizations but also personal lives. The personal information revealed to a third party is a serious issue. So we use a novel frame work LIME for secure data transfer. There will two characteristics for data transfer :owner and consumer. Here we use signature primitives such as symmetric key for data encryption and decryption. Cox algorithm for robust watermarking and HTTPA (Accountable Hyper Text Transfer Protocol), requires the data producer and the data consumer to come to an agreement before the data transfer. These features provides the transfer of data secure and identify the leaker in provable manner if it occur. In our system identify the leaker when XSS(Cross Site Scripting) attack occur and prevent from the lineage of data. To prevent data lineage in XSS attack use Three way hand shaking protocol.
2.EXISTING SYSTEM In the existing system leakage of information through malicious external entities or malicious authorized user is a serious problem for person as well as organizations. The organization did not reveal if their confidential data is leaked © 2017, IRJET
|
Impact Factor value: 5.181
|
because the fear of loss of customer confidence. The confidential digital data can be copied and spread through internet within short time by malicious authorized user. So primitives like encryption offers data protection only it to be decrypted. But we can’t identify the leaker in a provable manner. In LIME the auditor is communicated to the owner and the consumer. So he can identify when data is accessed in unauthorized way. Some scenarios make questionable situation to prove the guilty party which make data leakage. The scenarios like: Outsourcing : Companies transferring portions of work to outside suppliers rather than completing it internally, so it cost leakage of sensitive data. But cannot identify the person which cause data leakage Online Social Networking Site : Like facebook which leak private information of the user to other users or companies. There are different methods to access the sensitive data but we cannot prevent from it and find the malicious user in a provable way. Chart -1:
Fig -1: Outsourcing & Social networking site scenarios for data leakage Another method is forensic technique. It is used to identify the leaker in a provable manner but it’s not accurate always and it is costly.
ISO 9001:2008 Certified Journal
|
Page 2111