Enhancing JWT Authentication and Authorization in Web Applications Based on User Behavior History

The rapid growth of the web has transformed our daily lives and the need for secure user authentication and authorization has become a crucial aspect of web-based services. JSON Web Tokens (JWT), based on RFC 7519, are widely used as a standard for user authentication and authorization. However, the...

Full description

Saved in:
Bibliographic Details
Published in:Computers (Basel) 2023-04, Vol.12 (4), p.78
Main Authors: Bucko, Ahmet, Vishi, Kamer, Krasniqi, Bujar, Rexha, Blerim
Format: Article
Language:English
Subjects:
Access control
Applications programs
Authentication
authorization
Biometrics
cybersecurity
Data integrity
Internet
Internet software
JWT
Programming languages
Smart cards
Technology application
Transmission Control Protocol/Internet Protocol (Computer network protocol)
User behavior
Web applications
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The rapid growth of the web has transformed our daily lives and the need for secure user authentication and authorization has become a crucial aspect of web-based services. JSON Web Tokens (JWT), based on RFC 7519, are widely used as a standard for user authentication and authorization. However, these tokens do not store information about the user’s behavior history. To address this issue, this paper presents a solution to enhance the trustworthiness of user authentication in web applications based on their behavior history. The solution considers factors such as the number of password attempts, IP address consistency, and user agent type and assigns a weight or percentage to each. These weights are summed up and stored in the user’s account, and updated after each transaction. The proposed approach was implemented using the .NET framework, C# programming language, and PostgreSQL database. The results show that the proposed solution effectively increases the level of trust in user authentication. The paper concludes by highlighting the strengths and limitations of the proposed solution.
ISSN:2073-431X
2073-431X
DOI:10.3390/computers12040078