Enhancing JWT Authentication and Authorization in Web Applications Based on User Behavior History-Reference-Cited by-同舟云学术

Enhancing JWT Authentication and Authorization in Web Applications Based on User Behavior History

Published:2023-04-13 Issue:4 Volume:12 Page:78
ISSN:2073-431X
Container-title:Computers
language:en
Short-container-title:Computers

Author:

Bucko Ahmet¹^ORCID,Vishi Kamer²^ORCID,Krasniqi Bujar¹^ORCID,Rexha Blerim¹^ORCID

Affiliation:

1. Faculty of Electrical and Computer Engineering, University of Prishtina, 10000 Prishtina, Kosovo

2. Department of Informatics, University of Oslo, Gaustadalléen 23B, 0373 Oslo, Norway

Abstract

The rapid growth of the web has transformed our daily lives and the need for secure user authentication and authorization has become a crucial aspect of web-based services. JSON Web Tokens (JWT), based on RFC 7519, are widely used as a standard for user authentication and authorization. However, these tokens do not store information about the user’s behavior history. To address this issue, this paper presents a solution to enhance the trustworthiness of user authentication in web applications based on their behavior history. The solution considers factors such as the number of password attempts, IP address consistency, and user agent type and assigns a weight or percentage to each. These weights are summed up and stored in the user’s account, and updated after each transaction. The proposed approach was implemented using the .NET framework, C# programming language, and PostgreSQL database. The results show that the proposed solution effectively increases the level of trust in user authentication. The paper concludes by highlighting the strengths and limitations of the proposed solution.

Funder

Ministry of Education, Science, Technology and Innovation, Government of Kosovo

Publisher

MDPI AG

Subject

Computer Networks and Communications,Human-Computer Interaction

Link

https://www.mdpi.com/2073-431X/12/4/78/pdf

Reference35 articles.

1. An empirical study of authentication methods to secure e-learning system activities against impersonation fraud;Beaudin;Online J. Appl. Knowl. Manag.,2016

2. The Details of Conceptual Modelling Notations are Important—A Comparison of Relationship Normative Language;Hitchman;Commun. Assoc. Inf. Syst.,2002

3. Imageware (2023, January 16). Identification, Authentication, Authorization—What’s the Difference. Available online: https://imageware.io/identification-authentication-authorization-difference/.

4. Implementing data security in student lifecycle management system at the University of Prishtina;Rexha;Trans. Inf. Sci. Appl.,2010

5. Alangot, B., Szalachowski, P., Dinh, T.T.A., Meftah, S., Gana, J.I., Aung, K.M.M., and Li, Z. (2023). Decentralized Identity Authentication with Auditability and Privacy. Algorithms, 16.

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Securing Blockchain-Based Supply Chain Management: Textual Data Encryption and Access Control;Technologies;2024-07-09

2. Hybrid Architectures Used in the Protection of Large Healthcare Records Based on Cloud and Blockchain Integration: A Review;Computers;2024-06-12

3. Improving the Security and Reliability of SDN Controller REST APIs Using JSON Web Token (JWT) with OpenID and auth2.0;2024 IEEE 4th International Maghreb Meeting of the Conference on Sciences and Techniques of Automatic Control and Computer Engineering (MI-STA);2024-05-19

4. DECODE: A New Cloud-Based Framework for Advanced Visualization, Simulation, and Optimization Treatment of Peripheral Artery Disease;2023 IEEE 23rd International Conference on Bioinformatics and Bioengineering (BIBE);2023-12-04

5. Cloud Computing-Based API Design and Implementation for Hening Mobile Application;2023 IEEE International Conference on Communication, Networks and Satellite (COMNETSAT);2023-11-23