Chapter

Information and Communications Security

Volume 5308 of the series Lecture Notes in Computer Science pp 267-278

Pseudo-randomness Inside Web Browsers

  • Zhi GuanAffiliated withInstitute of Software, School of EECS, Peking University., Key Lab of High Confidence Software Technologies (Peking Univ.), Ministry of Education
  • , Long ZhangAffiliated withInstitute of Software, School of EECS, Peking University., Key Lab of High Confidence Software Technologies (Peking Univ.), Ministry of Education
  • , Zhong ChenAffiliated withInstitute of Software, School of EECS, Peking University., Key Lab of High Confidence Software Technologies (Peking Univ.), Ministry of Education
  • , Xianghao NanAffiliated withInstitute of Software, School of EECS, Peking University., Key Lab of High Confidence Software Technologies (Peking Univ.), Ministry of Education

* Final gross prices may vary according to local VAT.

Get Access

Abstract

With the increasing concerns over the security and privacy of Web based applications, many solutions based on strong cryptography have been proposed to protect client side Web applications against attacks such as phishing, pharming and even server side attacks. While strong cryptography is used, one critical building block in cryptosystem, the random number generator, is often neglected. Considering this situation, in this paper we design and implement a pseudo-random number generator only rely on ubiquitous Web browser abilities - JavaScript, HTML and AJAX. We also provide a mechanism called Pseudo-cookie for JavaScript programs to access operating system services for retrieving random or entropy values without changing Web browser security policies. The security model, analysis and performance evaluation demonstrate that our method is secure and efficient.