Secure authentication in e-government 2.0: a comparative analysis of traditional session-based and modern jwt-based authentication
DOI:
https://doi.org/10.46299/j.isjea.20240306.12Keywords:
Information society public services, Website, e-Government 2.0, interactive services authenticationAbstract
In the era of e-Government 2.0, the security of web applications is paramount, particularly in terms of user authentication. This article provides a comprehensive examination of two primary authentication methods: session-based authentication and JSON Web Token (JWT)-based authentication. It begins by discussing the foundational aspects of secure authentication, emphasizing its importance in e-Government platforms. The article then delves into the mechanics of session-based authentication, highlighting its reliance on server-side session management and the associated challenges. In contrast, JWT-based authentication is explored in depth, showcasing its stateless nature, structure, and the advantages of using access and refresh tokens in theory and also in practice. Through a detailed code example in Express.js, the article demonstrates the implementation of JWT-based authentication in a web application. The analysis concludes by summarizing the benefits of JWT, including enhanced security, scalability, and improved user experience, making it a suitable choice for modern e-Government applications.References
Bucko, A., Vishi, K., Krasniqi, B., & Rexha, B. (2023). Enhancing JWT authentication and authorization in web applications based on user behavior history. *Computers*, 12(4), 78. https://doi.org/10.3390/computers12040078
Conklin, A., & White, G. B. (2006). e-Government and cyber security: The role of cyber security exercises. In *Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06)* (pp. 1–7). Kauai, HI, USA. https://doi.org/10.1109/HICSS.2006.133
Melesse, A. (2023). Enhancing REST API access control using multiple factor authentication with refresh token. *University of Texas at Dallas Electronic Theses and Dissertations*. https://hdl.handle.net/10735.1/10036
Akanksha, & Chaturvedi, A. (2022). Comparison of different authentication techniques and steps to implement robust JWT authentication. In *2022 7th International Conference on Communication and Electronics Systems (ICCES)* (pp. 1–5). Coimbatore, India. https://doi.org/10.1109/ICCES54183.2022.9835796
Braun, B., Kucher, S., Johns, M., & Posegga, J. (2012). A user-level authentication scheme to mitigate web session-based vulnerabilities. In *Information Security Practice and Experience (ISPEC 2012)* (pp. 12–24). Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32287-7_2
Medjahed, B., Rezgui, A., Bouguettaya, A., & Ouzzani, M. (2003). Infrastructure for e-government web services. *IEEE Internet Computing*, 7(1), 58–65. https://doi.org/10.1109/MIC.2003.1167340
Tolbert, C. J., & Mossberger, K. (2006). The effects of e-government on trust and confidence in government. *Public Administration Review*, 66(3), 354–369. https://doi.org/10.1111/j.1540-6210.2006.00594.x
Fan, J., & Yang, W. (2015). Study on e-gov services quality: The integration of online and offline services. *Journal of Industrial Engineering and Management*, 8(3), 693–718. https://doi.org/10.3926/jiem
Dolnák, I., & Litvik, J. (2017). Introduction to HTTP security headers and implementation of HTTP strict transport security (HSTS) header for HTTPS enforcing. In *2017 15th International Conference on Emerging eLearning Technologies and Applications (ICETA)* (pp. 1–6). Stary Smokovec, Slovakia. https://doi.org/10.1109/ICETA.2017.8102478
Shah, I. A., Habeeb, R. A., Rajper, S., & Laraib, A. (2022). The influence of cybersecurity attacks on e-governance. In *Cybersecurity Measures for E-Government Frameworks* (pp. 77–95). IGI Global. https://doi.org/10.4018/978-1-7998-9624-1.ch005
Zhao, J. J., & Zhao, S. Y. (2010). Opportunities and threats: A security assessment of state e-government websites. *Government Information Quarterly*, 27(1), 49–56. https://doi.org/10.1016/j.giq.2009.07.004
Kubovy, J., Huber, C., Jäger, M., & Küng, J. (2016). A secure token-based communication for authentication and authorization servers. In *Advances in Service-Oriented and Cloud Computing (ESOCC 2016)* (pp. 237–250). Springer, Cham. https://doi.org/10.1007/978-3-319-33313-7_19
Melitski, J., Holzer, M., Kim, S., Kim, C., & Rho, S. (2005). Digital government worldwide: A e-government assessment of municipal web sites. *International Journal of Electronic Government Research (IJEGR)*, 1(1), 1–18. https://doi.org/10.4018/jegr.2005010101
Peguero, K., & Cheng, X. (2021). CSRF protection in JavaScript frameworks and the security of JavaScript applications. *Human-Centric Computing and Information Sciences*, 1(2), 100035. https://doi.org/10.1016/j.hcc.2021.100035
Zolotukhin, M., Hämäläinen, T., Kokkonen, T., & Siltanen, J. (2014). Analysis of HTTP requests for anomaly detection of web attacks. In *2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing* (pp. 1–7). Dalian, China. https://doi.org/10.1109/DASC.2014.79
Choejey, P., Fung, C. C., Wong, K. W., Murray, D., & Xie, H. (2015). Cybersecurity practices for e-government: An assessment in Bhutan. In *The 10th International Conference on e-Business (iNCEB2015)* (pp. 1–5). Bangkok, Thailand.
Ahmed, S., & Mahmood, Q. (2019). An authentication based scheme for applications using JSON web token. In *2019 22nd International Multitopic Conference (INMIC)* (pp. 1–5). Islamabad, Pakistan. https://doi.org/10.1109/INMIC48123.2019.9022766
Singh, S., Kumar, V., Paliwal, M., Verma, P., & Rajak, B. (2022). A citizen-centric approach to understand the effectiveness of e-government web portals: Empirical evidence from India. *Information Polity*, 27, 539–555. https://doi.org/10.3233/IP-220001
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Ilgar Shikhverdiyev, Elchin Babayev, Ceyhun Rahimli, Nargiz Rahimli, Hacar Aslanova
This work is licensed under a Creative Commons Attribution 4.0 International License.
