Session hijacking is one of the major threats in such systems. For the given scenario which type of session hijacking can be easily implemented? Is IPSEC a possible solution for the given scenario if yes, which mode will give better security.
Scenario
Electronic voting system (also known as e-voting) is a term encompassing several different types of voting, embracing both electronic means of casting a vote and electronic means of counting votes at (inter)national level. This system can also be used in a small scale, such as a general student body election at a relatively small private university where it is easy to implement security and reliability measures. The functions of the systems relate specifically either to the process of a person casting a vote or an administrator running the election. The software's main function is to conduct an election of officials using the internet to allow people to vote. A student who would like to cast a vote should first be directed through the university website to the election's webpage. Here, he/she will be asked to log in to the system. The system should verify that the student has not voted yet and then bring them to an instruction page. After the student accepts the terms of the votes and understands how to vote, he/she will be brought to the voting page. This page should list the positions and candidates. After the student has selected the candidates he/she would like to vote for, the system should check the validity of the vote and bring up a confirmation page. After the student confirms his/her vote, he/she will be able to print out and save a receipt. Once the vote confirmed, the vote will be transmitted over the internet to a central server. The information recorded will include the time of the vote, candidates voted for and an id number unique to the student. The votes for the candidates will be tabulated and the vote information will be printed out, available for the student to verify his/her vote. The software should also have an interface for administrators to allow a new election to be set up and a current election to be edited if problems arise.
Question : Session hijacking is one of the major threats in such systems. For the given scenario which type of session hijacking can be easily implemented? Is IPSEC a possible solution for the given scenario if yes, which mode will give better security.
Step by step
Solved in 2 steps
