Available

Available online
online at
at www.sciencedirect.com
www.sciencedirect.com
Available online at www.sciencedirect.com
Available online at www.sciencedirect.com
ScienceDirect
ScienceDirect
ScienceDirect
Available
Availableonline
Available onlineat
online at www.sciencedirect.com
www.sciencedirect.com
ScienceDirect
at www.sciencedirect.com
Procedia Computer Science 00 (2022) 000–000
Procedia Computer Science 00 (2022) 000–000
Procedia Computer Science 00 (2022) 000–000
www.elsevier.com/locate/procedia
ScienceDirect
ScienceDirect
Procedia Computer Science 00 (2022) 000–000 www.elsevier.com/locate/procedia
www.elsevier.com/locate/procedia
Procedia www.elsevier.com/locate/procedia
Procedia Computer ScienceComputer
Procedia Computer Science
Science
215 (2022) 00
00 (2022)
781–790 (2022) 000–000
000–000
www.elsevier.com/locate/procedia
4th
4th International
International Conference
Innovative
Innovative Data
Data Communication on
Communication Technology
Conference Technology and
www.elsevier.com/locate/procedia
on and
4th International Conference
Innovative Data
Application Communication on
Technology and
4th International Application
Conference
Innovative on
Data Communication Technology and
Application
Application
4th
4th International
International Conference on
on Innovative Data Communication Technology and
Authentication
Authentication and
and Authorization
Conference Innovativein
Authorization in Modern
Data Web Apps
Communication
Modern Web Technology
Apps for
for Data
and
Data
Authentication and Authorization in Modern Web Apps for Data
Application
Application
Authentication andUsing
Security
Security Authorization
Nodejs and in Modern
Role of Web Web
Dark Apps for Data
Security Using
Using Nodejs
Nodejs and and Role
Role of
of Dark
Dark WebWeb
Authentication andUsing
Security Authorization
Nodejs inc Modern
and Web Web
Role of Dark Apps for Data
Piyush
Piyush Pant aa
, Anand Singh Rajawat bb
, S.B.Goyal c, Pradeep Bedidd, Chaman Vermaee, Maria
Piyush Pant
Panta,, Anand
Anand Singh
Security
Singh Rajawat
Using
Rajawat
Simona Raboaca
b, S.B.Goyalc, Pradeep Bedid, Chaman Vermae, Maria
Nodejs andc, Pradeep
, S.B.Goyal Role ofBedi
Dark g WebVerma , Maria
, Chaman
b f,, Florentina Magda Enescu
f
a Simona
Piyush Pant , Anand Singh Raboaca
Rajawat f Florentina
, S.B.Goyal Magda Bedi
, Pradeep
Simona Raboaca , Florentina Magda Enescu Enescu
d g
, Chaman
g Vermae, Maria
Piyush Simona Raboaca
b f, Florentina Magda Enescu
d g
Piyush Pant , Anand
Pantaa,
Anand Singh
Singh Rajawat
Rajawatb,, S.B.Goyal
S.B.Goyalc,, Pradeep
Pradeep Bedi
Bedid,, Chaman
Chaman Verma
Vermae,, Maria
c e
aSchool of Computer Sciences and Engineering, Nashik, Sandip University, India; [email protected]
a

School
ba
ComputerSciences
Sciencesand
andEngineering,
Engineering,Nashik, Maria
School of Computer Sciences and Engineering, Nashik, Sandip University, India; [email protected]
b SchoolofofComputer Nashik,Sandip
SandipUniversity,
University,India;
India;[email protected]
[email protected]
School of Computer Sciences and Engineering, Nashik, Sandip University, India; [email protected]
Simona Raboaca
of
cFaculty
b ac
School of
of ff, Florentina Magda Enescugg
Simona Raboaca , Florentina Magda Enescu
School Computer
Computer Sciences
Information
Sciencesand
andEngineering,
Technology, City Nashik,
university,
Engineering, Sandip
Petaling
Nashik, Sandip University,
Jaya, 46100,
University,India; [email protected]
Malaysia;
India;
Faculty of Information Technology, City university, Petaling Jaya, 46100, Malaysia; [email protected]
[email protected]
[email protected]
dDepartment of
of Computer Science &
& Engg,
and Galgotias University, Greater Noida, India; [email protected]
d
Department
bcFaculty
School of of
ComputerInformation
ComputerScience Technology,
Sciences
Engg, City university,
Engineering,
Galgotias Nashik,Petaling
University, Sandip
GreaterJaya, 46100,
University,
Noida, Malaysia;
India;
India; [email protected]
[email protected]
[email protected]
d
Departmentca ofeFaculty
e Computer
aFaculty
School ofof
Faculty of Science
Information
Computer & Engg,
Informatics, Galgotias
University
Technology,
Sciences
of Informatics, and of
City University,
Eötvös
university,
Engineering,
University Greater
Loránd, 1053
Petaling
Nashik,
of EötvösNashik, Sandip
Loránd,Sandip Noida,
Budapest,
Jaya, India;
46100,
University,
1053 Budapest, [email protected]
Hungary;
Malaysia;
India; [email protected]
[email protected]
[email protected]
School of Computer Sciences and Engineering, University,Hungary; [email protected]
India; [email protected]
fICSI of Faculty
Energy of Informatics, University of Eötvös Loránd, 1053 Budapest, Hungary; [email protected]
e
d f b
Department
bSchool
ICSI Energy Department,
Computer
of Computer
ComputerScience
Department, National
Sciences andResearch
& Engg,
National Galgotias and
Engineering,
Research and Development
University,
Nashik, Sandip
Development Institute
Greater Noida,for
University,
Institute for Cryogenics
India;
India; and Isotopic
Isotopic Technologies,
[email protected]
[email protected]
Cryogenics and Technologies,
School of Sciences and Engineering, Nashik, Sandip University, India; [email protected]
f
ICSI
c Energy
e
cFaculty Department,
Faculty
of of
Information National
240050
Informatics, Research
Ramnicu
University
Technology,
240050 of
City
Ramnicu and Development
Valcea,
Eötvös Romania;
Loránd,
university,
Valcea, Institute
1053
Petaling
Romania; for
Budapest,
Jaya, 46100, Cryogenics
[email protected]
Hungary;
Malaysia;
[email protected] and Isotopic Technologies,
[email protected]
[email protected]
d Department
Faculty of Information Technology, City university, Petaling Jaya, 46100, Malaysia; [email protected]
g
of
ICSI EnergyElectronics,
Department,Communications
240050
National and Valcea,
Ramnicu Computers, University
Romania; of Pitesti,
Pitesti, Pitesti,
[email protected] Romania; [email protected]
Engg,Research and Development Institute forIndia;
Cryogenics and Isotopic Technologies,
f
dDepartment of Computer Science &
g
Department
Department ofof Electronics,
Computer Science & Engg, Galgotias
Communications and
Galgotias University,
Computers,
University, Greater
University
Greater Noida,
of
Noida, [email protected]
Pitesti,
India; Romania; [email protected]
[email protected]
g
Department eeof Electronics,
Faculty of Communications
240050
Informatics, and
Ramnicu
University of Computers,
Valcea,
Eötvös University
Romania;
Loránd, of Pitesti,Hungary;
Pitesti, Romania;
[email protected]
1053 Budapest, [email protected]
[email protected]
Faculty of Informatics, University of Eötvös Loránd, 1053 Budapest, Hungary; [email protected]
Abstract
g
Department
f
of Electronics,
fICSI Energy Department,Communications and Computers,
National Research University
and Development of Pitesti,
Institute Pitesti, Romania;
for Cryogenics [email protected]
and Isotopic Technologies,
ICSI Energy Department, National Research and Development Institute for Cryogenics and Isotopic Technologies,
Abstract 240050
Abstract 240050 Ramnicu
Ramnicu Valcea,
Valcea, Romania;
Romania; [email protected]
[email protected]
Authentication
Abstract
Authentication
g
and
and Authorization
g Department
Department of
of Electronics,
Authorization are
are the
the base
base of
Electronics, Communications
Communications security
of and for
for all
Computers,
security
and Computers, the
the Technologies
allUniversity of Pitesti, present
of Pitesti,
Technologies
University Pitesti, in
in this
this world
Pitesti, Romania;
present Romania; today.
today. Starting
Starting from
[email protected]
world
[email protected] from your
your
Authentication
smartphone andaAuthorization are the base of security for allaccess
the Technologies present in this world today. Starting from must
your
smartphone where a user authenticates himself before he could access the data inside to Entering into the White House, you
where user authenticates himself before he could the data inside to Entering into the White House, you must
Authentication
smartphone
authenticate
Abstract andaAuthorization
where
yourself, user
and based onare
authenticates the
that base
himself
you of
are security
before
authorized. forInall
he could thedigital
access
this Technologies
the world
data inside present
where toevery in this
Entering world
into the
Business, today.
White
MNC, Starting
House,from
Government your
youBody,
must
authenticate
Abstract yourself, and based on that you are authorized. In this digital world where every Business, MNC, Government Body,
smartphone
authenticate
Companies, where
yourself,
Users, a user
and
etc. authenticates
based on thathimself
you arebefore he
authorized. could
In access
this the
digital data
world inside
where to Entering
every into
Business, the White
MNC, House,
Government you must
Body,
Companies,
Authentication Users,
and etc. needs
needs aa website
website to
to inform
inform the
the world
world about
about their
their presence
presencepresent on
on the
theininternet,
internet, provide
provide services
services online
online and
and
authenticate
Companies,
Authentication
become
become aa “Brand”,and Authorization
yourself,
Users,
“Brand”, the
the
and
etc. risk
risk
based
needs
Authorization of
of
onare
aleaking
are
leaking
the
that
website base
you
to are
theuser’s
base
user’s
of
inform
of security
authorized.
security
sensitive
sensitive
for
forInall
the world all
information
information
the
this Technologies
thedigital
about theirworld
presence
Technologies
increases.
increases. It
It
whereon every
present
could
could
the
be
be
this world
Business,
internet,
indangerous
this world
dangerous to
to
today.
MNC,
provide
today.
the
the
Starting
Government
services
Starting
users
users of
of
from
online
from
the
the
your
Body,
and
your
hacked
hacked
smartphone
Companies,
become
smartphone
website because where
Users,
a “Brand”,
where aaetc.
their user
the
user authenticates
needs
risk
authenticates
sensitive himself
of ainformation
website
leaking to like
user’s
himself before
inform
before
a thehe
sensitive he
credit could
world
could
card, access
about
information
access
bank the
their
the
account data
presence
increases.
data inside
It could
inside
details, to
on
to
etc. Entering
the
be
could into
internet,
dangerous
Entering be into
sold the
to
the
in White
provide
the
White
the House,
services
users of
House,
black the
market you
online must
and
hacked
you must
of
website
authenticate because their and
yourself, sensitivebased information
on that you like
are a credit card,
authorized. In bank
this account
digital worlddetails, etc.every
couldBusiness,
be sold in the black of the
market Body, the
become
website
authenticate
“dark a “Brand”,
because
web”. The their
yourself,
roletheand
of risk
sensitive
the of information
based
darkleaking
onwebthat
isuser’s
you like
are
describedsensitive
a credit
authorized.
in the information
card,
In
paper bank
this
and increases.
account
digital
how world
the data Itwhere
details,could
where
is sold be
etc.every
could
theredangerous
be sold
Business,
and what MNC,
to
in the
MNC,
becomesGovernment
the users
black of
Government
of it. the
marketThehacked
of the
Body,
paper
“dark
Companies, web”. The
Users, role of
etc. the
needs dark
a web
websiteis described
to inform in the
the paper
world and
about how
their the data
presence is sold
on there
the and
internet,what becomes
provide of
services it. The
onlinepaper
and
website
“dark
Companies,
helps to because
web”. The
Users,
to understand their
understand howrole sensitive
of
etc. the
needs
how aa secure dark
ainformation
web
website
secure website is
website isto like
described a
inform
is developed credit
in the
the
developed that card,
paper
world bank
and
about
that promises account
how
promises the their the
the user details,
data
presence
user to is
to keep etc.
sold
on
keep the could
there
the be
and sold
internet,
the sensitive what in the black
becomes
provide
sensitive information of
services
information safe, market
increases the
it. The
online
safe, increases of
paper
and
helps
become aa “Brand”, the risk of leaking the
“dark
helps
become
bond web”.
to
of trust The
understand
“Brand”, rolehow
between theofa the
risk
clientdark
a secure
ofand web
leaking isuser’s
website
server described
user’s
which sensitive
is developed in the
sensitive
results information
that
in paper
a and how
promises
information
long-term increases.
the the
userdata
increases. toIt
relationship. could
is
Itkeep
couldthebe
sold
The there
be dangerous
and what
sensitive
aim dangerous
behind to the
the users
tobecomes
information
developing safe,
users
an of the
Thehacked
ofauthentication
ofit.
increases
the paper
hackedthe
bond
website of because
trust betweentheir a client and
sensitive server which
information like aresults
credit incard,
a long-term
bank relationship.
account details, The
etc. aim
could behind
be developing
sold in the an authentication
black market of the
helps
bond
website
systemtoisbecause
of understand
trust
to between
keep theirhow
users’ asensitive
a client
sensitivesecure
and website
information is like
server which
information developed
aresults
safe credit
so that
that promises
incard,
ahackers
long-term the
bank cannot
account user to keep
relationship.
details,
steal and theaim
The
etc.
sell sensitive
could
the behind information
be solddeveloping
information in on
thethesafe,
an
black
dark increases
authentication
market
web’s ofback
the
system
“dark is to The
web”. keeproleusers’of sensitive
the dark information
web is safeinsothethatpaper
hackers cannot steal and sell there
the information on the dark web’s back
bond
system
“dark of
market. istrust
web”. between
Toto perform
keep
The
perform users’
role a client
of
this, the and
sensitive
dark
the web
developer is described
server whichsafe
information
described
needs results
to insotheinpaper
that
understand and
ahackers
long-term how
and cannot
how how the data
torelationship.
thesteal
dataand
implement is sold
The
sell aim
sold and
and what
behind
the information
is authentication.
there what
NodeJS,becomes
developing the an
on with
becomes of
dark
of
theit. The
it.web’s paper
authentication
The of
help back
paperits
market.
helps To
toisunderstand
understand this,
how the developer
asensitive
secure website needs to
is developed
developed understand
that how
promises to implement
theauthentication
user to keep
keepauthentication.
the sensitive NodeJS,
information with the
safe, help
increases of its
the
system
market.
helps to
framework TotoexpressJS
keep users’
perform this,
howand a the
secure
some information
developer
website
other needs
is
packages, safe
to
is so that
understand
used that
to hackers
promises
develop cannot
howthe to
the steal
implement
user to andauthentication.
sell
the
and the information
sensitive NodeJS, on with
information
authorization thesafe,
system dark
of the web’s
help
increases
the websiteback
of its
the
by
framework
bond of expressJS and someandother packages, is used in to adevelop the relationship.
authentication andaim authorization system of the website by
market.
framework
bond
the of trust
trust
the research.
research. between
To expressJS
perform
betweenthis,
Previous
Previous
aapapers
and client
the on
some
client
papers and
on
server
developer
other
server
this
this field
field
which
needs
packages,
which
covered
covered
results
to understand
is used
results
the
the in long-term
howthe
to adevelop
long-term
authentication
authentication
totopic
implement
authentication
relationship.
topic in general.
in general.The
The aim
This
This
behind
authentication.
and behind
paper
paper
developing
NodeJS,
authorizationdeveloping
overcame
overcame
with
system
that
that
an
of
an
by
by
authentication
the
the help of by
website
authentication
going
going deeper
deeper
its
system
framework
the
system
into theis
research.
is to
to
fieldkeep
expressJS
keep
and users’
Previous
users’
being and sensitive
paperssome
sensitive
server-side information
onother
this packages,
field
information
language safe
covered
safe
specific.so
is used
the
so that
that
The hackers
to develop
authentication
hackers
common cannot
the topic
cannot
types steal
authentication and
inofgeneral.
steal and sell
and
This
sell
authentication the
the information
authorization
paper overcame
information
methods on
on
used the
system
that
the
in dark
ofbythe
dark web’s
going
different website
web’s back
deeper
back
types by
of
into
market. the To fieldperform
and being this, server-side
the language
developer needs specific.
to The common
understand how totypes of authentication
implement authentication.methods used in
NodeJS, withdifferent
the helptypes
of of
its
the
into
market. research.
the To
websites field
are Previous
and being
perform
discussed papers
this,
in the
detailon
server-sidethisthe
developer
and field
languagecovered
needs
best to
methods the
specific. authentication
The
understand
are common
purposed howfor totopic
types
the inofgeneral.
implement
developer This
authentication paper
authentication.
to be implementedovercame
methodsNodeJS,
for that
useda more
in
with by
thegoing
different
secure help deeper
types
of
website.of
its
websites
framework areexpressJS
discussedand in detail
some and
otherthepackages,
best methods is are topurposed for the developer to and be implemented for a more secure website.
into This the
websites
framework
This
field
research
research
andlight
areexpressJS
put
put
being
discussed
light andin server-side
on
on
detail
someandother
Artificial
Artificial
language
the best methods
packages,
Intelligence
Intelligence is used
specific.
and
and
areThe
used to
blockchain
blockchain
develop
common
purposed
develop the
for theauthentication
types
thefuture
as the
as the of security
developerauthentication
authentication
future of
to and
security
be
of
authorization
methods for
of implemented
authorization
big
big data.
data.
system
used a more
system of the
the website
in different
of secure types
website.
website by
of
by
the research.
websites
This
.the research.
research Previous
are discussed papers
in detail
put light papers
Previous on onand
thisIntelligence
Artificial
on this field
the
field covered
bestcovered
methods
andthethe authentication
areauthentication
purposed
blockchain topic
for future
as the inofgeneral.
the developer
topic in general. This
to be
security paper
of implemented
This big overcame
data.overcame
paper that by
for a more
that by goingwebsite.
secure
going deeper
deeper
©.into 2023
the ThefieldAuthors.
and beingPublished by Elsevier B.V.
This
.into
Keywords:
Keywords:
research
the field put
andlight
Artificial
Artificial being onserver-side
Artificial
server-side
Intelligence,
Intelligence,
language
Intelligence
language
Authentication:
Authentication:
specific.
specific.
Authorization:
Authorization:
The
and blockchain
The common
common
Blockchain,
Blockchain,
types
types of
as theNodeJS,
future
NodeJS, of authentication
security
authentication
Hashing
Hashing
methods
of big data.
Algorithm,methods
Algorithm, Dark used
Web,used
Dark Web,
in
in different
MongoDB
MongoDB different types
types ofof
This
Keywords: is
websites an open access
Artificial article
Intelligence, under CC
Authentication: BY-NC-ND
Authorization: license
purposed (https://creativecommons.org/licenses/by-nc-nd/4.0)
.websites are discussed in detail and the best methods are purposed for the developer to be implemented for a more secure website.
are discussed in detail and the best methods are Blockchain,for the
NodeJS, developer
Hashing to be implemented
Algorithm, Dark Web, for a more
MongoDB secure website.
Peer-review
This under responsibility of the scientific committeeBlockchain,
of the 4th International Conference on Innovative Data Communication
This research
Keywords: research
Technologies
put
Artificiallight on
on Artificial
Intelligence,
put Application
and light Intelligence
Authentication:
Artificial Intelligence and
and blockchain
blockchain as
Authorization: as the future
future of
theNodeJS, security
Hashing
of security of
of big
big data.
Algorithm, Dark Web, MongoDB
data.
.. * Corresponding author. Tel.:+60-164967715
* Corresponding
Artificialauthor. Tel.:+60-164967715
Intelligence, Authentication:
Keywords:
Keywords: Artificial Intelligence, Authentication: Authorization:
Authorization: Blockchain,
Blockchain, NodeJS,
NodeJS, Hashing
Hashing Algorithm,
Algorithm, Dark
Dark Web,
Web, MongoDB
MongoDB
*E-mail
E-mail address: [email protected]
address:
Corresponding author. Tel.:+60-164967715
[email protected]
E-mail address: [email protected]
* Corresponding author. Tel.:+60-164967715
E-mail address:
1877-0509 [email protected]
1877-0509 © © 2023
2023 TheThe Authors.
Authors. Published
Published by
by Elsevier
Elsevier B.V.
B.V.
** Corresponding
1877-0509 © 2023 author.
The Tel.:+60-164967715
Corresponding author. Tel.:+60-164967715 Elsevier B.V.
Authors. Published by
E-mail
1877-0509 © [email protected]
E-mail address:
address: The Authors. Published by Elsevier B.V.
[email protected]

1877-0509 ©
1877-0509 © 2023 The
© 2023
2023 TheAuthors.
The Authors.Published
Authors. Published by
byby
Published Elsevier
Elsevier B.V.
B.V.
Elsevier B.V.
This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0)
Peer-review under responsibility of the scientific committee of the 4th International Conference on Innovative Data Communication
Technologies and Application
10.1016/j.procs.2022.12.080
2 Author name / Procedia Computer Science 00 (2019) 000–000
This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0)
Peer-review under responsibility of the scientific committee of the 4th International Conference on Innovative Data Communication
782 Piyush Pant et al. / Procedia Computer Science 215 (2022) 781–790
Technologies and Application

1. Introduction
There are different types of authentication methods that could be used for Web Apps so that the security could be
provided to the website and to its users. Authentication is used not only on websites but everywhere. It is an “Idea”
to keep the hackers away so that if they are not authorized to access, how would they hack the platform? Just like in a
Military base, no civilian or minister is allowed to enter the base, even Not all the army personnel can enter some
parts of the base. They follow this strict rule to make sure that the information is not leaked like base design, how
many personnel, types of weapons and how many, routes, etc. As soon as someone wants to enter the base they
authenticate them using an “ID” or by a “Letter of Permission”, such methods are usable for some time, and later
they expire, kind of like a “Session-ID”. If they are not authenticated, they are denied to enter the base and are asked
to return, but if they are authenticated, they are allowed to enter the base keeping in mind that they are not authorized
to go to some zones. This is also like even if a user is authenticated, he/she is not authorized to enter some routes or
do tasks like accessing the admin panel, deleting a post by others, deleting users, etc. [8]. Both authentication and
authorization work together to ensure the website’s security to the core, if one of them is removed, the app’s security
is sacrificed. There is no point in authenticating the user if we are not authorizing them the task and routes, and the
same way if the authorization is implemented without authentication, the user simply cannot identify themselves to
the website to access. Some advanced systems are close to impossible to being hacked because they have multiple
servers spread across the globe, so no one can be present at all locations and hack at the same time. Unfortunately,
not all of us can afford such a deal so we have to rely on some methods, packages, dependencies, etc. There are many
ways developers can implement authentication and authorization, it depends on 2 major things – the first is the
server-side language being used to develop the backend and the second is the choice, knowledge, and expertise of the
developer. Both should be the best for the system to be the best. A group of hackers can access the unsecure routes
and retrieved the user’s information like what the user bought, what they ordered, their wish list, their credentials,
and so on. The hacker can sell the information on the black market or plan strategies of robberies of thousands of
dollars with gangs of thugs. The development of such application could be done with the help of top notch backend
languages like NodeJS, Python, Java, Ruby, etc. but the research proposes and uses the NodeJS as it is an extension
of JavaScript and JavaScript is built solely for one purpose which is to build website. As the industry grows, the data
increases at tremendous rate and it is a ‘must’ to keep the big data secure which could be done using the NodeJS.
Authentication is knowing the identity of the user and authorization is whether that identified user is allowed to do a
particular task or not. To understand the concept better, refer the Figure 1.

Figure 1 : Concept of Authentication and Authorization

Unauthorized users are prevented from accessing sensitive information via user authentication. User A can only see
relevant information and cannot see User B's sensitive information [5]. Such measures helps to maintain the security
of the user’s information and promote anti-hacking. When dealing with security of Big Data, one of the major reason
to ensure the security of big data is that the same data would be used for data mining and various purposes to derive
meaningful insights from the data. The big data would be stored in a ‘Data Warehouse’ where the data mining will
 Piyush Pant et al. / Procedia Computer Science 215 (2022) 781–790 783

Author name / Procedia Computer Science 00 (2019) 000–000 3

take place. That is why the security must be at its best. Even the slightest changes in the data of the data warehouse
because of a harmful entity could lead to wrong insights derived from the data which could cost millions of dollars.
A data warehouse generally contains all the data of the industry of all format, types and category and here the process
of ‘Data Mining’ takes place. Such data is precious for an organization, company or an industry because they use this
data to improve their UI/UX, products, markings, prices and many more. These small insights increases their revenue
and promote their brand more, so we can see how important the data is and why it is important to secure it. In further
sections, we will focus on the main methodology to secure the data.

2. Literature Review
The reference research work of this field covered the different types of authentication methods but the paper did not
clarify how such authentication methods are implemented. The dark web field research work described the
environment in dark web and what it is but the papers did not research on how dark web plays role in the world of
websites. This Research fills the research gap by providing how the authentication methods are implemented in
industry based website and how the data stolen from websites plays important role in the dark web.
Gordin, A. et al. [4] Research work is focused on two factor authentication .In this research, the multifactor is
covered which enhance the security of website. T. Saito, et al. [8], Research provides great work about authorization
as it describes schemes to implement authorization. The research needs some future work like covering why such
concepts needs to be implemented. C. Bansal, et al [9] research discuss the concrete attacks on websites but does not
cover the basics attacks on low or no security website made by beginner developers, which is covered in this research
work. R. Reeder and S. Schechter [12], Their research work talks about the recovery using multifactor but such can
be misused to get access of someone else’s account. Its solution is discussed in this research which is to use
biometric authentication. P. Gauravaram’s [19] research describes how salts are used to secure the hashed password
but sometimes adding salt is not enough so the research have a huge space for future work. In this paper, the
“peppers” are discussed which are added with salt to enhance the security. H. Zhang and F. Zou [21], their research
discuss about the dark market of the dark. The research does not cover how dark web’s dark market plays its role in
the field of Websites. In this research, role of dark web in the field of Website is researched and discussed .The
research gap is shown in the below table 1.
Table 1: Research gap
Author Algorithm/Method Advantages Research Gap
ology
I. Gordin OpenStack cloud Enhanced security by providing In this digital world, 2 layer security is not enough
et al. [4] (2019) 2 layers especially with using QR code as it could be used by
other. The gap is fulfilled in this paper by discussing
Multifactor authentication.
Takamichi Saito OAuth 2.0 and Allows client to conceal access Concealing client access is not enough to provide
et al. OpenID when requesting to authentication to users. In this study, the various
[8] (2016) authentication server strategies for authorization are discussed
Chetan Bansal Social sign-on, Discovers concrete attacks on Beginner developer’s website are easiest to attack on
et al. WebSpi, OAuth 2.0 website authorization since they are not much secure. In this study we fill the
[9] (2012) authorization research gap by providing authentication for the beginner
protocol developers
P. Gauravaram Davies-Meyer hash Adds salts to password and hash Salts are great way to increase the password’s security
et al. functions it to increase server’s security but in this study, peppers are added to password along
[19] (2012) with salts which takes security to another level
Hengrui Zhang Analyzes the Discuss and research on the In this study, the role of dark web in the field of Website
et al. current status of contents of dark web and its is discussed. The reasons and needs to implement
[21] (2020) Dark Web research status authentication is discussed.
methods

3. Common types of Authentication

3.1 Password-Based Authentication - Such Authentication methods require the user to create a password for their
account and then the password is hashed using hashing algorithms like SHA-1, Bcrypt, etc. Then the hashed
password is stored in the database in case the database is compromised, the hacker cannot make out the correct
784 Piyush Pant et al. / Procedia Computer Science 215 (2022) 781–790

4 Author name / Procedia Computer Science 00 (2019) 000–000

password. When the user wants to Sign In, He/she submits the credentials and if correct, they are authenticated
otherwise asked to re-enter [7].
3.2 Multi-Factor Authentication – Multi factor authentication is an enhanced and improved version of the basic
authentication. Unlike basic authentication, it has multiple layers and phases of authentication which are password-
based, OTP (One Time Password), Email verification, Unique Identity Verification or even sometimes some special
question. These layers are added to form a single authentication system and the user needs to pass all in order to
authenticate himself. The external sources are used to identify the person along with the general password like
Identification number, user’s contact number or email ID, or anything that is official and confirms the user’s
identity. This method of Authentication is recommended in every application or system to enhance the system’s
security [11]. Some examples are Email verification, OTP [6] (One-Time-Password), Code generated from user’s
smartphone, Captcha test, QR Code [4], etc.
3.3 Certificate-Based Authentication - Digital certificates are used in certificate-based authentication solutions to
identify individuals, machines, and devices. A digital certificate is a type of electronic document similar to a driver's
license or passport. The certificates contain a user's digital identity, including a public key, as well as a certification
authority's digital signature. Only a certification authority can issue digital certificates to show ownership of a public
key.
3.4 Biometrics Authentication – One of the most popular ways to authenticate when dealing with sensitive
information of users, the User’s biometrics are recorded and are analyzed when the user wants to sign in. It relies on
the unique biological characteristics of an individual. Some common techniques are- Facial recognition, Fingerprint
scanners, Speech Recognition, Eye scanners, etc.
3.5 Token-Based Authentication - Users can submit their credentials once and receive a unique encrypted string of
random characters in return using token-based authentication technologies. Instead of typing your credentials again,
you can utilize the token to access protected systems. The digital token verifies that you have already been granted
access. RESTful APIs that are utilized by multiple frameworks and clients are examples of token-based
authentication use cases [12].

4. Proposed Methodology

To implement Authentication and authorization, a programming language for the backend should be learned and
mastered. NodeJS – (NodeJS is a JavaScript runtime built on Chrome’s V8 JavaScript engine) would be used in this
research. NodeJS provides us with many packages just like python programming language provide libraries like
Tensorflow, Keras for tasks like machine learning, image recognition, etc. There is one more phenomenon to be
discussed which is ‘Framework’. A framework is an abstraction that allows generic software to be selectively
modified by extra user-written code, resulting in application-specific software. When developing apps, using a
framework allows you to concentrate on the application's high-level functionality. This is because the framework
handles all of the low-level functionality. This research includes one of the most trending frameworks for nodeJS
that is used for web-app development, known as ExpressJS. Express is a Node.js web application framework that
offers a comprehensive range of functionality for both web and mobile apps. As we know that JavaScript is solely
made for web development just like HTML and CSS. NodeJS is an extension of JavaScript. When developing
complex website for big data industry, it is recommended to use a ‘Framework’. For the same purpose, to build a
complex application that can handle big data and provide best authentication, a framework called as ExpressJS of
NodeJS is used in the research. The Framework ‘ExpressJS’ is used to provide the developer with a basic frame of
the application where large packages could be installed and used without any harm to the application. The
framework not just makes the work of the developer easy but also enables the application to handle complex
environment and deal with big data. A Database must be strong, secure, and compatible with the application since
we want to store the data entered by various users. This step must never be taken lightly as concepts like Data
Warehousing, Data Mining [23], Analysing the data are based and dependent on the basic concept of storing the data
in a database. MongoDB is used in this project for research as the Database to store the user’s information for
authentication. MongoDB is a document database with the scalability and flexibility that you want with the querying
and indexing that you need. Let us first understand the core basics of how the authentication and authorization works
and how it is implemented. There are traditional ways of everything and so it has as well. The following are the step
to implement authentication from scratch -
 Piyush Pant et al. / Procedia Computer Science 215 (2022) 781–790 785

Author name / Procedia Computer Science 00 (2019) 000–000 5

4.1 Created and Setup the Platform Visual Studio Code, installed required programming languages, setup the
framework, have the blueprint of the project ready, and installed extensions in the Editor. Extensions are used to add
languages, debuggers, and tools to your VS Code to help you with your development workflow.
4.2 Connected with our MongoDB database locally for development mode and production mode, MongoDB ATLAS
is connected via the URL in the ‘Dotenv’ file. Installed Mongoose package to connect MongoDB with NodeJS so
that we can store our data in Mongo using NodeJS commands.
4.3 Developed a fully functional website that has user log in, register, home, and many more pages. But only one
problem remains that is, anyone can access any page, content, and functionality of the website. The goal is that only
authenticated and registered users can be authorized to access a route and enjoy the provided services. Out of the
authenticated users, only one or few are authorized to have full control over the website as the admin or controller.
4.4 Created an Authentication system from scratch where the user will register first and then the user can log in. To
create an Authentication model, a registration form is created and a route where the form will send a POST request.
When a user wants to register, the user can enter credentials and submit a form, the form will be sent to the
registration route as a POST request where the insertion in the MongoDB and saving of information will take place.
4.5 One thing to keep in mind is that NEVER STORE PASSWORD AS IT IS!
4.6 To solve the above issue, Hashing Algorithms are used which hashes a password means encrypt a password in
such a way that it cannot be reverted or the password cannot be made out from the encrypted password [17]. For a
developer, it is difficult and time-taking to manually encrypt the password entered by the user and decrypt it when
needed. Not to mention that there are high chances of bugs in the manually developed code that can cause the
security system to fail. For this purpose, hashing algorithm are so precise that they encrypt the password in such a
way that the same encrypted password cannot be turned back to the password. Moreover, as discussed in the
research about ‘Salts’, the hashing algorithms automatically applies the salts as it encrypts. They encrypt the
password and add the salt to increase the security of the password and then passed on to the next phase which is
storing in database. For the logging in, the user entered password is checked with the password that is called from
the database. The hashing algorithm is used here again to decrypt the registered user’s password to check with the
current user’s entered password. One issue still exist that the hacker can know the password using the “Rainbow
table”. Rainbow tables are one of the tools of the hacker that contains two columns, one has common passwords and
the other column has its hashed version, hackers may use such tables to know the password by comparing the hashed
password with their tables [18]. The attacks on hashing algorithm are done with the help of tools available on dark
web or that the hackers have. If the hacker is familiar with the hashing algorithm used by the developer, they can use
their tools like ‘Rainbow Tables’ to translate the password. This is a direct attack. Indirect attacks happens on the
hashing algorithm when the hacker gets access to the database of the organization which has the hashed password
and other related details which the hacker can exploit. Such issues are solved by adding “Salt” to the password
which ensures an extra layer of security. Salt is the random string added to a password [19]. To understand the
working better, refer the figure 2. Passwords are added with salts to increase the security and then they are hashed
using a hashing algorithm like Bcrypt, SHA-1 [16] , etc. then at the final step, the hashed password is stored in the
database so even if someone gets access to the database, the password will still be safe. Bcrypt is being used in the
project. The registration of new users is done and the next step is to authenticate the user.

Figure 2 : Hashing and Storing of Password

4.7 If a user wants to log in, user would enter the credentials and send a POST request to the login route. There, the
entered credentials will be compared with the information in the database and the user with the provided email or
username would be searched in the database, if the user does not exist, User not found would appear otherwise the
786 Piyush Pant et al. / Procedia Computer Science 215 (2022) 781–790

6 Author name / Procedia Computer Science 00 (2019) 000–000

password would be matched using the compare function provided by the Bcrypt package which takes the entered
password and user’s original password. It returns a Boolean value, if the password is correct, TRUE is returned
resulting in successful authentication of the user and log in otherwise ‘User not found’ for FALSE.
4.8 The authentication part is completed and now the authorization. The non-authorized user cannot enter some parts
of the website or cannot enter into other users’ workspace, so the concept of Authorization comes into existence.
Every user is associated with his workspace which authorizes the user to create posts, delete and update his post, like
other’s posts with his account, and so on. Middleware, conditional Statements, cookies, session, and tokens are used
together as a combination to authorize users. Middleware in NodeJS are functions that run for every call and have 3
parameters in general – req, res, next. Cookies and sessions [3] are containers that store the user’s login information,
Cookies store the key for a session of the user called as Session ID and have an expiration. Inside the middleware,
the existence of token or session ID is checked and then some conditions are executed, If the middleware function
returns true, next() runs and the next callback is executed which means the user is authorized otherwise the user’s
request is blocked and redirected to the login page. The basics of Authentication and authorization are covered from
scratch. Such tasks can be complicated sometimes and so to make our development process faster, better, secure and
more efficient, we use ‘Packages’. Some popular NodeJS packages to build authentication and authorization easily
are –
A. PassportJS - PassportJS is a NPM (Node Package Manager) package that is a Node.js authentication
middleware. Passport is a highly versatile and modular web application framework that can be seamlessly integrated
into any Express-based web application. Authentication with a username and password, as well as Facebook,
Twitter, and other social media platforms, is supported by a diverse collection of mechanisms. It is Node.js
authentication that is simple and unobtrusive. It provides more than 500 strategies that developer can implement in
the project. In the project, 3 dependencies are used by passportJS. They are- Passport: the passport package for
middleware, passport-local: one of the strategy and passport-local-mongoose: connection to models of database
B. JWT - JWT stands for JSON Web Token, It's an open standard for securely sharing data between two parties: a
client and a server [15]. JWT authentication is a stateless, token-based authentication method. It's commonly used as
a client-side stateless session, which means the server doesn't have to rely on a database to save session information.
They primarily use token which consist of 3 parts and each part is separated by a dot as shown in figure 3-
Header - It consists of 2 parts - Contains the Algorithm being used for signing and the type of token, JWT in most of
the cases. Payload - Contains the data and information about the data. Signature – Signature are used to validate if the
JWT token was modified or tempered with during the transit or not.

Figure 3 : JSON Web Token Structure

Despite being one of the best method and technology for authentication and authorization, it does have some
limitations. As the current industry advances to the next level, more powerful technologies are introduced like
Blockchain and Artificial Intelligence. The efficiency of security of a NodeJS is quite less than a system that
operates on Blockchain and Artificial Intelligence. However, this issue can be resolved by one simple solution that is
to merge all of these domains into one. The Blockchain technology is the future of the security as it is a
decentralized system which is anti-corruption, whereas Artificial Intelligence is known for its ability to develop
intelligent machines which can be capable to detect threat on its own and make a decision [24][25]. Even now with
the help of Machine Learning (A subset of Artificial Intelligence), Data Scientist are able to deal with ‘Big data’ and
 Piyush Pant et al. / Procedia Computer Science 215 (2022) 781–790 787

Author name / Procedia Computer Science 00 (2019) 000–000 7

provide insights. Artificial Intelligence and Blockchain are the future of the world and using them both, an
application can achieve ultimate security.

5. Why do we need Authentication and Authorization? – Role of the Dark Web

Authentication and Authorization play a vital role in securing a user’s sensitive information. To explain the dark
web- It is a marketplace where illegal trade of goods occurs in unofficial and unauthorized ways since the dark web
is not indexed by search engines. It is not secure and possible to access the dark web by our daily browsers, we need
a special browser like ‘Tor’ which opens the portal to the dark web. The dark web should not be accessed by an
amateur user otherwise it will result in hacking, stealing of information, virus imported into the user’s system
resulting in chaos. Our web is divided into 3 parts, these parts are -surface web, the deep web, and the dark web
(refer to figure 4).

Figure 4 : Levels of Internet

The surface web is the web where the indexed websites exist, they consist of world-wide-web and we access them on
Google chrome, Firefox, safari and so on. The deep web is where government resources, academic information,
personal content of social media, chat, emails, etc. are present. The dark web is the home to illegal trades like
password selling, social media account selling, bank account numbers, details of millions of users and social security
numbers. The websites are not indexed in the deep and dark web [21]. To access the dark web, ‘TOR’ is used which
is short for ‘The Onion Router’. TOR is a project that was developed only to access the dark web. Its browser is used
to communicate with the dark web anonymously. The user’s identity is anonymous and privacy is protected, making
it a brilliant tool for hackers to use and hide their identity. One of the reasons to hack a website and get the sensitive
information of the user is to sell it on the Dark web. The Data is sold for thousands or millions of dollars and used by
the ‘Cybercriminals’ to do cyber-attacks [22]. Sometimes “fake websites are created for phishing to get user data”
[10] .The stolen information is traded in the black markets that operate on the dark web. Research says that over 22
million records were sold and traded on the dark web in 2020 [1]. A cryptocurrency like ‘Bitcoin’ is used to make
payments on the dark web making it secure for cybercriminals. Another important role played by the dark web is to
provide rainbow tables, common passwords, and, hashing information to the hacker which helps them to decrypt
passwords to gain access to users’ accounts at multiple platforms. The dark web is home to many of the rainbow
tables of different algorithms which provide the hackers with passwords and their hashes. That’s why we need strong
authentication and authorization so that our user’s information cannot be accessed by hackers to steal and sell on the
dark web. To make a secure site, Multi-factor authentication and biometrics authentication is advised since it is not
easy to copy the biometrics or get the OTP.

6. Result and Discussion

The Result is based on RQ, short for Research Questions
RQ1. Is NodeJS the only server-side programming language we can use to implement authentication and
authorization?
Answer: There are many server side languages like PHP, Python, Java, Ruby of Rails, C++, etc. And all of them can
be used to implement authentication and authorization. In this research, NodeJS is used because of its huge
community, reliability, heavy working and compatibility with the full stack web development.
RQ2. Can we just make a website secure using authentication and authorization?
788 Piyush Pant et al. / Procedia Computer Science 215 (2022) 781–790

8 Author name / Procedia Computer Science 00 (2019) 000–000

Answer: ‘Authentication and authorization’ is one important part to make a website or product secure but only
implementing it will not make our website secure as there are many other open routes for it to be hacked like sending
HTML <script> to the Textbox. The website can be made more secure by installing Packages like “HELMET”,
“SECURE-COOKIE”, The API’s are checked using ‘Postman’ or ‘Thunderclient’ to remove bugs, keeping the
website up to date, installing SSL and so on [9]. All of factors must be implemented to increase the security of a
website.
RQ3. Is it true that if someone gets to know our hashing algorithm, they can easily hack the passwords of our
user?
Answer: Hashing algorithms do not have a particular method to convert a letter to other letter like, “A” would be
encrypted to “123”, and so even if hacker knew your algorithm for hashing, they cannot hack the password of your
user. As per the research done, the top 10 common password used by people in 2022 are [2] –
123456, 123456789, qwerty, password, 12345, qwerty123, 1q2w3e, 12345678, 111111 and 1234567890.
The hackers can use rainbow tables and know the password if the users have used such common password, so it is
better not to brag about the hashing algorithm and use salts and peppers [20].
RQ4. Why is it important to add ‘salt’ and ‘pepper’ to the password?
Answer: Hackers have lots of tools and one of them is a rainbow table which is used to know the password from their
hashed version. If user used weak password, his password can be present in rainbow table and would be
compromised. To avoid such cases, the ‘smart’ developer adds a random string called as salt to the password making
the password strong and impossible to know even by using rainbow table. To make the password even more secure,
one secret value is added to it before hashing called as pepper. Its value is not stored in the database like salt which
makes the password super strong.
RQ5. Is it better to use ‘authentication from scratch’ or use packages to develop authentication in our website?
Answer: Both are the same concept, one thing to consider is that sometimes developers can make minor mistakes in
codes that can result in insecure authentication. So it is better to use packages because they are bug-free, they are
tested thoroughly by other developers and being used in many websites to keep them secure. They also provide other
features like unique user, emails, strong hashing function, salts, etc. which makes the developers work easier.
‘authentication from scratch’ is generally used to understand the concept behind authentication by building mini
project for development purpose, for production based, it is advisable to use packages for authentication.
RQ6. Is normal authentication or password-based authentication enough to make our website secure?
Answer: As the technologies are advancing, the hackers are becoming advanced as well. Normal authentication is
considered easier to crack since it uses only the password to authenticate, it can be seen, stolen, decrypted. In the
modern days, it is advisable to use multi factor authentication [13] for ‘production’ or even biometrics authentication
if the data is too sensitive. Although, some user might be annoyed and find it difficult to pass multiple phases to
authenticate but this is just for their own data safety and so must be done.

7. Conclusion
No website is complete if it is not secure. Security brings trust factor between client and the server and is
beneficial for long term relationship. A ‘secure website’ is achieved by implementing methods and using tools, one
of the most important method to implement, in order to make a secure website that keeps the user’s data safe is to
implement ‘Authentication and Authorization’. There are many server side languages that can be used to develop the
backend of a website but for this research, NodeJS is used as it have a strong community of developers, it is faster,
can take heavy load and it is one of the most compatible language for full stack development. In the research we
learnt that, Authentication can be built either by developing the model from scratch or using package to implement
authentication. It is concluded that using a Package is better as they provide better security and are mostly bug-free.
Hashing algorithms are used to hash the password and store the hashed password in the database. Aware about the
rainbow tables, to increase the security of password, ‘salt’ and ‘pepper’ are added to password before hashing. To
implement authorization, cookies and session plays a vital role to store user’s login information. Middleware use the
existence of session ID to authenticate and authorize the user. All the users are divided in categories like admin,
general users, can create post and perform CRUD (Create, Read, Update and Delete), users who can only read but
cannot perform any other operation. If a user wants to take some action, user’s rights are verified for that action to
take place through a process called as authorization. The need for authentication and authorization was researched
which concluded that, to keep the user’s sensitive data safe from hackers (to steal and sell in the black market of
 Piyush Pant et al. / Procedia Computer Science 215 (2022) 781–790 789

Author name / Procedia Computer Science 00 (2019) 000–000 9

‘dark web’), it is a must to provide authentication and authorization to the users of the website. For the websites that
deals with payment gateways, it is necessary to use multi factor authentication or biometrics authentication as the
user information is very sensitive in this case because of involvement of credit card, bank account details. Most of
the hackers targets such payment gateway websites because the selling of bank account and credit card details is in
very demand in the black market of dark web. Overall, the reputed server must be used to ensure utmost security,
along with that the final deployment should be done after successful testing of the application for the global
distribution. The research supports the extension of this research by introducing future technologies like Artificial
Intelligence and Blockchain. The future scope of this research is to explore the upcoming WEB3 which is way more
diverse than the current WEB2. WEB3 is decentralized and so blockchain could be studied for the same along with
the implementation of Artificial Intelligence. To quote about the importance of authentication and authorization-
“Without authentication and authorization, the application is only 50% complete”.

Acknowledgements:
This paper was also supported by Subprogram 1.1. Institutional performance-Projects to finance excellence in RDI,
Contract No. 19PFE/30.12.2021 and a grant of the National Centre for Hydrogen and Fuel Cells (CNHPC)—
Installations and Special Objectives of National Interest (IOSIN). This paper was partially supported by UEFISCDI
Romania and MCI through BEIA projects FinSESCo, CREATE, AISTOR, I-DELTA, SMARDY, STACK, ENTA,
UPSIM, SmartDelta, BENTRADE, SPICECO, OMD, V-SPACE and by European Union's Horizon 2020 research
and innovation program under grant agreements No. 872172 (TESTBED2) and No. 883522 (S4ALLCITIES).

References
[1] Paro, A., 17, M. A. | F., 03, B. S. | F., 28, J. S. | J., Richi Jennings | 4, M. V. | M., & 11, R. J. | M. (2021). Hackers leaked 22 million records
on the dark web in 2020.| https://securityboulevard.com/2021/01/hackers-leaked-22-million-records-on-the-dark-web-in-2020/
[2] Bernard Meyer | 2022 | Most common passwords 2022 | https://cybernews.com/best-password-managers/most-common-passwords/
[3] A. Demidov, D. Polovinkin, T. Potlova, R. Shateev and E. Sopina, "Algorithms of Authentication and Authorization by Proxy in Distributed
Information-Computing Environment," 2017 IEEE 11th International Conference on Application of Information and Communication
Technologies (AICT), 2017, pp. 1-5, doi: 10.1109/ICAICT.2017.8687048.
[4] I. Gordin, A. Graur and A. Potorac, "Two-factor authentication framework for private cloud," 2019 23rd International Conference on
System Theory, Control and Computing (ICSTCC), 2019, pp. 255-259, doi: 10.1109/ICSTCC.2019.8885460.
[5] W. Wang, S. Yuan and H. He, "Design of Portal-Based Uniform Identity Authentication System in Campus Network," 2010 International
Conference on Multimedia Communications, 2010, pp. 112-115, doi: 10.1109/MEDIACOM.2010.32.
[6] H. Seta, T. Wati and I. C. Kusuma, "Implement Time Based One Time Password and Secure Hash Algorithm 1 for Security of Website
Login Authentication," 2019 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS), 2019, pp.
115-120, doi: 10.1109/ICIMCIS48181.2019.8985196.
[7] W. Kennedy and A. Olmsted, "Three factor authentication," 2017 12th International Conference for Internet Technology and Secured
Transactions (ICITST), 2017, pp. 212-213, doi: 10.23919/ICITST.2017.8356384.
[8] T. Saito, Y. Tsunoda, D. Miyata, R. Watanabe and Y. Chen, "An Authorization Scheme Concealing Client's Access from Authentication
Server," 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2016, pp. 593-
598, doi: 10.1109/IMIS.2016.110.
[9] C. Bansal, K. Bhargavan and S. Maffeis, "Discovering Concrete Attacks on Website Authorization by Formal Analysis," 2012 IEEE 25th
Computer Security Foundations Symposium, 2012, pp. 247-262, doi: 10.1109/CSF.2012.27.
[10] C. Pascariu and I. C. Bacivarov, "Detecting Phishing Websites through Domain and Content Analysis," 2021 13th International Conference
on Electronics, Computers and Artificial Intelligence (ECAI), 2021, pp. 1-4, doi: 10.1109/ECAI52376.2021.9515165.
[11] S. Subrayan, S. Mugilan, B. Sivanesan and S. Kalaivani, "Multi-factor Authentication Scheme for Shadow Attacks in Social Network," 2017
International Conference on Technical Advancements in Computers and Communications (ICTACC), 2017, pp. 36-40, doi:
10.1109/ICTACC.2017.19.
[12] R. Reeder and S. Schechter, "When the Password Doesn't Work: Secondary Authentication for Websites," in IEEE Security & Privacy, vol.
9, no. 2, pp. 43-49, March-April 2011, doi: 10.1109/MSP.2011.1.
[13] B. O. ALSaleem and A. I. Alshoshan, "Multi-Factor Authentication to Systems Login," 2021 National Computing Colleges Conference
(NCCC), 2021, pp. 1-4, doi: 10.1109/NCCC49330.2021.9428806.
[14] E. İ. Tatlı, "Cracking More Password Hashes With Patterns," in IEEE Transactions on Information Forensics and Security, vol. 10, no. 8, pp.
1656-1665, Aug. 2015, doi: 10.1109/TIFS.2015.2422259.
[15] S. Ahmed and Q. Mahmood, "An authentication based scheme for applications using JSON web token," 2019 22nd International Multitopic
Conference (INMIC), 2019, pp. 1-6, doi: 10.1109/INMIC48123.2019.9022766.
[16] Laatansa, R. Saputra and B. Noranita, "Analysis of GPGPU-Based Brute-Force and Dictionary Attack on SHA-1 Password Hash," 2019 3rd
International Conference on Informatics and Computational Sciences (ICICoS), 2019, pp. 1-4, doi: 10.1109/ICICoS48119.2019.8982390.
[17] F. E. De Guzman, B. D. Gerardo and R. P. Medina, "Implementation of Enhanced Secure Hash Algorithm Towards a Secured Web Portal,"
2019 IEEE 4th International Conference on Computer and Communication Systems (ICCCS), 2019, pp. 189-192, doi:
10.1109/CCOMS.2019.8821763.
790 Piyush Pant et al. / Procedia Computer Science 215 (2022) 781–790

10 Author name / Procedia Computer Science 00 (2019) 000–000

[18] H. Kumar et al., "Rainbow table to crack password using MD5 hashing algorithm," 2013 IEEE Conference on Information &
Communication Technologies, 2013, pp. 433-439, doi: 10.1109/CICT.2013.6558135.
[19] P. Gauravaram, "Security Analysis of salt||password Hashes," 2012 International Conference on Advanced Computer Science Applications
and Technologies (ACSAT), 2012, pp. 25-30, doi: 10.1109/ACSAT.2012.49.
[20] S. Kharod, N. Sharma and A. Sharma, "An improved hashing based password security scheme using salting and differential masking," 2015
4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), 2015, pp. 1-
5, doi: 10.1109/ICRITO.2015.7359225.
[21] H. Zhang and F. Zou, "A Survey of the Dark Web and Dark Market Research," 2020 IEEE 6th International Conference on Computer and
Communications (ICCC), 2020, pp. 1694-1705, doi: 10.1109/ICCC51575.2020.9345271.
[22] H. Chen, "Dark Web: Exploring and Mining the Dark Side of the Web," 2011 European Intelligence and Security Informatics Conference,
2011, pp. 1-2, doi: 10.1109/EISIC.2011.78.
[23] S. Sharma and A. S. Rajawat, "A secure privacy preservation model for vertically partitioned distributed data," 2016 International
Conference on ICT in Business Industry & Government (ICTBIG), 2016, pp. 1-6, doi: 10.1109/ICTBIG.2016.7892653.
[24] P. Pant et al., "Blockchain for AI-Enabled Industrial IoT with 5G Network," 2022 14th International Conference on Electronics, Computers
and Artificial Intelligence (ECAI), 2022, pp. 1-4, doi: 10.1109/ECAI54874.2022.9847428.
[25] Joby, P. P. "Expedient information retrieval system for web pages using the natural language modeling." Journal of Artificial Intelligence 2,
no. 02 (2020): 100-110.