Call For Papers
Contact Us

  RWA: Resilient Web Application Using Client- Side Processing, Database, and Web Cryptography  
  Authors : Jebreel Alamari; C. Edward Chow
  Cite as:


Building resilient web applications helps mitigate risks due to server hardware failure, cyberattacks or loss of connectivity. The advantages of web applications over native applications, such as the ease of distribution and platform independence, attract developers and businesses. Traditional web application design requires at least two separate machines, client and server, to work and be connected at any given time. Keeping client and server connected is becoming a challenging task with the recent increase of cyberattacks [1]. With new browser capabilities, it is possible to create resilient web applications that can handle loss of connectivity or cyberattacks on the server. Developing such applications will improve cyber resilience and help reduce disaster recovery time and cost. Existing and new APIs such as Web Cryptography and Web Storage implemented in modern browsers were explored and evaluated for the dependability in creating a resilient application design. The experiment suggests a development of a new design and implementation framework. The result application is resilient to bad Internet connections, server failures, cyber-attacks on servers, and security problems in the browser environment.


Published In : IJCSN Journal Volume 7, Issue 5

Date of Publication : October 2018

Pages : 311-319

Figures :11

Tables : --


Jebreel Alamari : Computer Science Department, University of Colorado at Colorado Springs Colorado Springs, CO 80918, United States.

C. Edward Chow : Computer Science Department, University of Colorado at Colorado Springs Colorado Springs, CO 80918, United States.


Web Browser, Web Cryptography, IndexedDB, JavaScript

In this research we built a resilient web application design that can handle multiple threat scenarios, such as connection loss, cyber attacks on the back-end machines, or hardware failure at server level. It also includes an efficient synchronization pattern to transfer data securely between client database and server database in about 20 milliseconds in average, taking into account the differences between the databases in the way they store data. Additionally, the design has a unique authentication model that can work either in online or offline mode. Also, in this design we put the user in charge of his/her data security by encrypting it at rest, either in the browser or on the server. Last, we came up with a mechanism to generate cryptographic keys from user credentials using Web Crypto API in reasonable time.


[1] "Cyber security: global incidents 2015 statistic."[Online]. Available: https://www.statista.com/statistics/387857/numbercyber- security-incidents-worldwide/ [2] T. F. S. LIVRAMENTO, E. A. Q. DE OLIVEIRA, M. S. RODRIGUES, and M. B. MORAES, "Scientific production analysis of resilient enterprises," in Conference Proceedings in International Association for Management of Technology-IAMOT, 2015, pp. 2253-2264. [3] Z. Yang, Y. Gou, Y. Zhu, and H. Zheng, "Availability modeling and simulation of satellite navigation system based on integration of pdop and reliability maintainability supportability," in China Satellite Navigation Conference. Springer, 2018, pp. 241-256. [4] W. West and S. M. Pulimood, "Analysis of privacy and security in html5 web storage," Journal of Computing Sciences in Colleges, vol. 27, no. 3, pp. 80-87, 2012. [5] "Jquery," https://jquery.com/. [6] Offlinefirst, "offlinefirst." [Online]. Available: http://offlinefirst.org/ [7] J. Justin and J. Jude, "Go offline," in Learn Ionic 2. Springer, 2017, pp. 79-97. [8] N. Foundation, "Node.js." [Online]. Available: https://nodejs.org/ [9] S. Z. Naseem and F. Majeed, "Extending html5 local storage to save more data; efficiently and in more structured way," in Digital Information Management (ICDIM), 2013 Eighth International Conference on. IEEE, 2013, pp. 337-340. [10] T. Wahlberg, P. Paakkola, C. Wieser, M. Laakso, and J. Ršoning, "Kepler-raising browser security awareness," in Software Testing, Verification and Validation Workshops (ICSTW), 2013 IEEE Sixth International Conference on. IEEE, 2013, pp. 435-440. [11] "Superheroic javascript mvw framework." [Online]. Available: https://angularjs.org/ [12] "Ember.js: Homepage." [Online]. Available: https://www.emberjs.com/ [13] [Online]. Available: https://www.mysql.com/ [14] "Indexed database api 2.0." [Online]. Available: https://www.w3.org/TR/IndexedDB-2/ [15] "Web sql database." [Online]. Available: https://www.w3.org/TR/webdatabase/ [16] "Same origin policy." [Online]. Available: https://www.w3.org/Security/wiki/Same Origin Policy [17] C. Bansal, K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis, "Keys to the cloud: formal analysis and concrete attacks on encrypted web storage," in International Conference on Principles of Security and Trust. Springer, 2013, pp. 126-146. [18] "Web crypotography." [Online]. Available: https://www.w3.org/TR/WebCryptoAPI/ [19] "crypto.js." [Online]. Available: https://code.google.com/archive/p/crypto-js/ [20] "polycrypt.js a web crypto polyfill." [Online]. Available: http://polycrypt.net/ [21] "Nfwebcrypto." [Online]. Available: https://github.com/Netflix/NfWebCrypto [22] C. Reis, A. Barth, and C. Pizano, "Browser security: lessons from google chrome," Communications of the ACM, vol. 52, no. 8, pp. 45-49, 2009. [23] S. Adee, "Chrome the conqueror," IEEE Spectrum, vol. 47, no. 1, 2010.