• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Enhancing the Session Security of Zen Cart based on HMAC-SHA256

Vol. 11, No. 1, January 29, 2017
10.3837/tiis.2017.01.025, Download Paper (Free):

Abstract

Zen Cart is an open-source online store management system. It is used all over the world because of its stability and safety. Today, Zen Cart’s session security mechanism is mainly used to verify user agents and check IP addresses. However, the security in verifying the user agent is lower and checking the IP address can affect the user’s experience. This paper, which is based on the idea of session protection as proposed by Ben Adida, takes advantage of the HTML5’s sessionStorage property to store the shared keys that are used in HMAC-SHA256 encryption. Moreover, the request path, current timestamp, and parameter are encrypted by using HMAC-SHA256 in the client. The client then submits the result to the web server as per request. Finally, the web server recalculates the HMAC-SHA256 value to validate the request by comparing it with the submitted value. In this way, the Zen Cart’s open-source system is reinforced. Owing to the security and integrity of the HMAC-SHA256 algorithm, it can effectively protect the session security. Analysis and experimental results show that this mechanism can effectively protect the session security of Zen Cart without affecting the original performance.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
L. Lin, K. Chen, S. Zhong, "Enhancing the Session Security of Zen Cart based on HMAC-SHA256," KSII Transactions on Internet and Information Systems, vol. 11, no. 1, pp. 466-483, 2017. DOI: 10.3837/tiis.2017.01.025.

[ACM Style]
Lihui Lin, Kaizhi Chen, and Shangping Zhong. 2017. Enhancing the Session Security of Zen Cart based on HMAC-SHA256. KSII Transactions on Internet and Information Systems, 11, 1, (2017), 466-483. DOI: 10.3837/tiis.2017.01.025.

[BibTeX Style]
@article{tiis:21341, title="Enhancing the Session Security of Zen Cart based on HMAC-SHA256", author="Lihui Lin and Kaizhi Chen and Shangping Zhong and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2017.01.025}, volume={11}, number={1}, year="2017", month={January}, pages={466-483}}