1. ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
Abstract:
• Authentication and Authorization are the base of security for all the Technologies
present in this world today.
• Proper authentication is an essential technology for cloud-computing environments
in which connections to external environments are common and risks are high.
• As the cyber threat landscape continues to evolve, robust authentication
mechanisms are essential to protect sensitive information and prevent unauthorized
access.To secure a website and allow access only to certain users based on their
stated intentions or reasons for access, we can implement a multi-layered access
control system
1
2. Introduction:.
• In today's interconnected and data-driven world, the security of digital systems and
sensitive information is of paramount importance
• Authorization is the process of granting or denying permissions or access rights to users
or entities based on their authenticated identity and their specific roles, privileges, or
attributes
• However, as the digital landscape becomes more complex and security threats grow in
sophistication, there is an increasing need for a deeper understanding of user intentions
• Intention verification introduces a new layer of security, where security measures are not
only concerned with protecting against unauthorized access but also with assessing the
potential risks associated with a user's intentions.
2
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
3. Literature Review:
3
Title Author
Software/
Hardware
Methodology Key Points Inference
Authenticatio
n and
authorization
in modern
web apps for
data security
using node js
and role of
dark web
Piyush Pant,
Anand Singh
Rajawat,
S.B.Goyal,
Pradeep Bedi,
Chaman
Verma,
Maria
Simona
Raboaca,Flor
entina Magda
Enescu
Artificial
Intelligence
Blockchain,
NodeJS,
Hashing
Algorithm
Dark web,
MongoDB
Scyther
automatically verifies
all the security
protocols. Scyther’s
adversary model is
based on the Dolev–
Yao model [47].
Scyther creates an
attack graph on
detecting an attack. It
is based on the
pattern-refinement
algorithm that gives
the brief and to the
point representation
of sets traces
(infinite) [4
This system is
tested using Scyther
formal system tool
against various
attacks to evaluate
the performance.
The results prove
that the proposed
system is highly
efficient and
successful in
mitigating various
outsider and insider
threat’s. It also
enhances the
security of the
cloud environment
by identifying all
sorts of possible
attacks.
In the research
we learnt that,
Authentication
can be built either
by developing the
model from
scratch or using
package to
implement
authentication. It
is concluded that
using a Package
is better as they
provide better
security and are
mostly bug-free.
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
4. Literature Review:
4
Title Author
Software/
Hardware
Methodology Key Points Inference
Authentication
Protocol for Cloud
Databases Using
Blockchain
Mechanism
Gaurav Deep ,
Rajni Mohana ,
Anand Nayyar ,
P. Sanjeevikumar
,
and
Eklas Hossain
Blockchain; clustering
algorithm; hash value; e
Scyther claim
test,NodeJS ,ExpressJS.
To implement
Authentication and
authorization, a
programming language for
the backend should be
learned and mastered.
NodeJS – (NodeJS is a
JavaScript runtime built on
Chrome’s V8 JavaScript
engine)
This Research fills
the research gap by
providing how the
authentication
methods are
implemented in
industry based
website and how
the data stolen from
websites plays
important role in
the dark web
The research paper
comprehensively
explained the security
flaw’s existing in the
cloud environment and
has proved how
insiders, as well as
outsiders, can bypass
the authentication
system in cloud
databases
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
5. Literature Review:
5
Title Author
Software/
Hardware
Methodology Key Points Inference
A Permissioned
Blockchain-based
Identity Management
and User
Authentication
Scheme for E-health
Systems
XINYIN
XIANG1,2,
(Member, IEEE),
MINGYU
WANG1,2,
WEIGUO(PATR
ICK) FAN,
(Senior Member)
Scyther tool verification,
Blockchain,
Authentication,
Biometric, E-health.
To provide secure data
transmission and storage in
an intelligent medical
environment, cryptographic
mechanisms must be used
to protect privacy and avoid
network attacks
A PBBIMUA
scheme for ehealth
systems using
personal
biometrics, which is
a new key
distribution
mechanism is usede
that achieves
privacy protection
by recording
identity information
using blockchain
technology
information needs to
be protected
effectively. However,
due to the
vulnerability to
network attacks of the
medical system,
sharing the sensitive
information of patients
in an IoT environment
may result in a series
of serious security and
privacy issues
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
6. Literature Review:
6
Title Author
Software/
Hardware
Methodology Key Points Inference
An Enhanced SIP
Authentication
Protocol for
Preserving User
Privacy
Sarah Naveed,
Aiman Sultan,
Khwaja Mansoor
Authentication Protocol,
Session initiation
protocol (SIP), ProVerif.
The proposed protocol is
formally verified to check
and validate both security
and authentication using
ProVerif. Proverif is used to
verify different
cryptographic primitives
such as hash function,
signatures, encryption /
decryption mechanisms etc
presented a scheme
that can mitigate
the traceability
issue with
achievement of
high performance
and better security
issue is that the
proposed scheme is a
risk of traceability
attack which can lead
to tracing user
activities in different
sessions
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
7. Literature Review:
7
Title Author
Software/
Hardware
Methodology Key Points Inference
Intelligent Pervasive
Network
Authentication
S/Key based Device
Authentication
Deok Gyu Lee†,
Jong-Wook Han,
Doo Soon Park,
Im Yeong Lee
-Intelligent Pervasive
Network;
Authentication; S/Key,
LIGHTWEIGHT
AUTHORIZATION
PROTOCOL(LAP)
we consider the S/Key
scheme and its variants,
which uses lightweight
cryptographic operations
such as exclusive-OR and
Hash function. This section
briefly describes the S/Key
based authentication
schemes. The S/KEY one-
time password scheme is
designed to protect a system
against replay or
eavesdropping attacks
The purpose of
authorization is
controlling access
of entity even
though it has been
successfully
authenticated and
restricting a
privilege and access
right
pervasive network
consists of
heterogeneous
network protocols and
a variety of service
models, it is likely to
be exposed to various
cyber attacks of
Internet
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
8. Objective:
• The objective of the "Access Guard: Purpose-Driven Web Security" project is to develop a
comprehensive and adaptive web security solution that focuses on safeguarding digital
assets and user interactions by aligning security measures with the specific purposes and
needs of an organization, thereby ensuring a more efficient and context-aware protection
against cyber threats.
8
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
9. Existing System:
• In the previous paper provides authentication to the users by providing user name
and password so any user can login easily to the website and use the resource of
the website
• There is no proper authentication techniques to ensure the privacy of the admin
• In the existing websites we have only the username verification ,password
verification ,mail verification , Biometrics verification and so on
9
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
10. ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
Proposed System:
• Here we are going to create a secure interface to the users who want to access the
website
• Here we are using NodeJS with crypto. Cryptography is the science of secret
writing with the intention of keeping the data secret.
• Users must first register on the website, providing their basic information, including
email, username, and password.
• They need to answer few questions after that which must satisfy the admin, then
the Admins evaluate the intentions and decide whether to approve or deny access
based on predefined criteria.
10
12. METHODOLOGY:
Choice of Node.js and Express.js: The research focuses on implementing authentication and authorization
for a web application, using Node.js as the backend programming language and Express.js as the web
application framework.
Database Selection: MongoDB is chosen as the database for storing user information due to its scalability
and flexibility. It emphasizes the importance of secure data storage for tasks like authentication and
authorization.
Authentication Implementation: The process of implementing authentication from scratch is outlined,
starting with user registration, password hashing using algorithms like Bcrypt for security, and comparing
entered credentials with stored ones during login.
12
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
16. ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
Future Scope:
Blockchain Technology: Leveraging blockchain for user identity verification and
intention validation can offer enhanced security and transparency. Blockchain can
ensure the immutability of intention records and prevent unauthorized modifications
• blockchain-based access control provides a secure, transparent, and efficient
method for managing user intentions and access decisions on websites. It leverages
the immutability and smart contract capabilities of blockchain technology to create
a tamper-proof and decentralized access management system.
16
17. 17
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
Conclusion:
This system not only enhances security but also allows website administrators to make
informed decisions about user access, ensuring that only legitimate users with valid
reasons gain entry. we can strike a balance between security and usability.
Additionally, by periodically reviewing and adapting the approval criteria, the system can
remain responsive to changing circumstances and user needs.
In an ever-evolving digital landscape, this approach not only safeguards the website but
also respects user privacy and intentions, making it a valuable strategy for managing
access to sensitive online resources.
18. 18
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
References:
P. Pant et al., "Blockchain for AI-Enabled Industrial IoT with 5G Network," 2022 14th International Conference on
Electronics, Computers
and Artificial Intelligence (ECAI), 2022, pp. 1-4, doi: 10.1109/ECAI54874.2022.9847428.
[25] Joby, P. P. "Expedient information retrieval system for web pages using the natural language modeling." Journal of
Artificial Intelligence 2,
no. 02 (2020): 100-110.
[21] H. Zhang and F. Zou, "A Survey of the Dark Web and Dark Market Research," 2020 IEEE 6th International
Conference on Computer and
Communications (ICCC), 2020, pp. 1694-1705, doi: 10.1109/ICCC51575.2020.9345271
B. O. ALSaleem and A. I. Alshoshan, "Multi-Factor Authentication to Systems Login," 2021 National Computing Colleges
Conference
(NCCC), 2021, pp. 1-4, doi: 10.1109/NCCC49330.2021.9428806.
Paro, A., 17, M. A. | F., 03, B. S. | F., 28, J. S. | J., Richi Jennings | 4, M. V. | M., & 11, R. J. | M. (2021). Hackers leaked 22
million records
on the dark web in 2020.| https://securityboulevard.com/2021/01/hackers-leaked-22-million-records-on-the-dark-web-in-
2020/
[2] Bernard Meyer | 2022 | Most common passwords 2022 | https://cybernews.com/best-password-managers/most-common-
passwords/