Web communications between the server and the client are being used extensively. However, session hijacking has become a critical problem for most of the client-server communications. Among different session hijacking attacks, SSL stripping is the most dangerous attack.
There are a number of measures proposed to prevent SSL stripping-based session hijacking attacks. However, existing surveys did not summarize all the preventive measures in a comprehensive manner (without much illustration and categorization). Moreover, HTTPS has been proposed to defend session hijacking attacks in the Internet. However, the main problem is that the browsers have to somehow know if HTTPS is enabled for a specific site. To know the existence of HTTPS protocol, HSTS protocol has been proposed. But the problem is that HSTS protocol depends on Trust-on-First-Use policy. So if attacker can manage to attack in the beginning of network connection, then he can successfully bypass the security of HTTPS.
To prevent the drawback of HTTPS, DNSSEC has been proposed. DNSSEC is secured in the sense that domain name and its IP address along with HTTPS ability information is mapped in a secured fashion. DNSSEC with NSEC is vulnerable to zone walking attack. Using zone walking attack, it is possible to fetch all the domain information from DNS server. Attacker then performs some malicious things using the domain information, possibly session hijacking. So we need to prevent zone walking attack. To prevent zone walking attack, NSEC3 has been already proposed.But it has some disadvantages.
In this thesis, we have proposed two new solution to zone walking attack. We have performed simulation of the one of the proposed solutions. Then we have performed in-depth analysis of our proposed solution with results, graphs and detailed explanations. Overall, in this thesis, the issues in the existing network security have been addressed. Our main goal is to prevent session hijacking attack by using secured and efficient network infrastructure.