Securing Ports of Web Applications Against Cross Site Port Attack (XSPA) by Using a Strong Session Identifier (Session ID)

Abstract

XSPA vulnerability can be attacked by stealing the cookie's information. In this case, it becomes utmost necessary to secure the information written in a cookie. A cookie contains a session ID that is a unique number generated by the server. This session ID must be a large random number so that no one can guess a valid session ID in real-time. Numerous research studies have been accomplished on the same but the area still persist gaps in view of emerging threats, such as phishing, pharming, and DoS. This paper proposes a new random-number generator that produces unique numbers in bulk. This helps the server to match the high demand of unique session IDs from different clients. The proposed generator is suitable for all types of web applications, because it requires the smallest area of only 134 Gate Equivalent on the application specific integrated circuit (ASIC) for its execution. Additionally, the proposed generator passed all tests of EPCglobal. Total time delay of digital circuit and power analysis results presented in the subsequent sections are also in the favour of proposed generator. With the implementation of this proposed technique cookies are expected to be more secure as evident from try-out results. © 2025 The Author(s). IET Cyber-Physical Systems: Theory & Applications published by John Wiley & Sons Ltd on behalf of The Institution of Engineering and Technology.