The middleware service is based on Axis2 web service and MySQL relational database, which provides functionalities for user authentication and session control, HPC resource information collections, discovery and matching, job information logging and notification.
The purpose of this paper is to show how MPLS technology can be employed to address all the required functions of tomorrow's converged wireless/wired networks, from initial IP-level authentication and session control to sophisticated resource reservation, traffic distribution, quality of service and policy management.
Besides, since there is no way for the control server CS to know the real identity of the user, the authentication and session key agreement phase of Sood et al.'s protocol is incorrect.
The OWASP top 10 tests are named as follows; 1 injection, 2 broken authentication and session management, 3 cross-site scripting (XSS), 4—insecure direct object references, 5—security misconfiguration, 6—sensitive data exposure, 7—missing function level access control, 8—cross-site request forgery (CSRF), 9—using components with known vulnerabilities, and 10—unvalidated redirects and forwards. .
The OWASP top 10 tests are named as follows; 1 injection, 2 broken authentication and session management, 3 cross-site scripting (XSS), 4—insecure direct object references, 5—security misconfiguration, 6—sensitive data exposure, 7—missing function level access control, 8—cross-site request forgery (CSRF), 9—using components with known vulnerabilities, and 10—unvalidated redirects and forwards.
Test 2: Broken authentication and session management.
The proposed scheme can achieve mutual authentication and session key agreement.
However, Tseng et al.'s scheme cannot provide mutual authentication and session key agreement.
EAP-AKA is an extensible authentication protocol (EAP) mechanism for authentication and session key distribution using Authentication and Key Agreement (AKA) mechanism.
Then we propose an authentication and session key distribution protocol which provides end-to-end security between the PK-SIM card and the SAG, and give a formal security analysis to the proposed protocol based on BAN authentication logic2.
In this paradigm, providing authentication and session keys of a subscriber is a critical tasks because of the open accessibility and heterogeneousness of an All-IP network.
