Skip to main content
SpringerLink
Log in

Provision of XML Security in E-Commerce Applications with XML Digital Signatures Using Virtual Smart Card

  • Conference paper
  • First Online:
Proceedings of First International Conference on Information and Communication Technology for Intelligent Systems: Volume 2

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 51))

Abstract

The paper aims at enhancing XML security by generating an XML digital signature capable of providing the major security features such as authentication, integrity, non-repudiation and confidentiality [14]. It also extends the concept of Information hiding which overcomes the hidden problem of traditional XML digital signature generation called “MID-WAY READING”. The security of the document is ensured by a process called ‘information hiding’. The document to be sent is digitally signed as well as encrypted and thereby ensuring excellent security level during the business transactions in an e-commerce environment and in addition to that, the private key used for signing the document is stored in a virtual smart card that provides enhanced security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. http://www.oasisopen.org/committees/download.php/20508/oasis-dss-1.0-interop-wd-07.doc

  2. Dournaee, B., Dournee, B.: XML Security. Mcgraw-Hill, New York (2002)

    Google Scholar 

  3. Groz, B., et al.: Static analysis of XML security views and query rewriting. Inf. Comput. 238, 2–29 (2014)

    Google Scholar 

  4. www.w3.org/TR/XMLdsig-core

  5. Barhoom, T.S.M, Shen-Sheng, Z.; Trusted exam marks system at IUG using XML-signature. In: The Fourth International Conference on Computer and Information Technology, CIT’04. IEEE (2004)

    Google Scholar 

  6. Rao, W., Gan, Q.: The performance analysis of two digital signature schemes based on secure charging protocol. In: International Conference on Wireless Communications, Networking and Mobile Computing. Proceedings, vol. 2. IEEE (2005)

    Google Scholar 

  7. ESA-02: SOAP Interfaces vulnerable to XML signature element wrapping attacks. Retrieved Apr 2012, from http://www.eucalyptus.com/eucalyptus-cloud/security/esa-02

  8. Tao, H., Qihai, Z., Le, Z., Zhongjun, L., Xun, L.: An improved scheme for e-signature techniques based on digital encryption and information hiding. In: 2008 International Symposiums on Information Processing (ISIP), pp. 593, 597, 23–25 May 2008

    Google Scholar 

  9. Jie, Y.: Algorithm of XML document information hiding based on equal element. In: 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT), vol. 3. IEEE (2010)

    Google Scholar 

  10. How to Enable Smartcard Support. Retrieved Apr 2012. http://www.safehousesoftware.com/manual/SafeHouse.htm#user_s_guide/SMARTCARD_Virtual.htm

  11. Bedi, H., Yang, L.: Fair electronic exchange based on fingerprint biometrics. Int. J. Inf. Secur. Privacy (IJISP) 3(3), 76–106 (2009)

    Article  Google Scholar 

  12. Gómez, J.M., Lichtenberg, J.: Intrusion detection management system for ecommerce security. J. Inf. Priv. Secur. 3(4), 19–31 (2007)

    Google Scholar 

  13. Grabher, P., Großschädl, J., Page, D.: Light-weight instruction set extensions for bit-sliced cryptography. In: Cryptographic Hardware and Embedded Systems–CHES 2008, pp. 331–345. Springer, Berlin (2008)

    Google Scholar 

  14. Chan, G.Y., Lee, C.S., Heng, S.H.: Defending against XML-related attacks in e-commerce applications with predictive fuzzy associative rules. Appl. Soft Comput. 24, 142–157 (2014)

    Article  Google Scholar 

  15. Meadors, K.: Secure electronic data interchange over the Internet. IEEE Internet Comput. 9(3), 82–89 (2005)

    Article  Google Scholar 

  16. Wajih, E.H.Y., Mohsen, M., Rached, T.: A secure elliptic curve digital signature scheme for embedded devices. In: 2nd International Conference on Signals, Circuits and Systems, SCS 2008, pp. 1, 6, 7–9 Nov 2008

    Google Scholar 

  17. Masoumi, M., Mohammadi, S.: A new and efficient approach to protect AES against differential power analysis. In: 2011 World Congress on Internet Security (WorldCIS). IEEE (2011)

    Google Scholar 

  18. Hasan, M.A.: Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems. IEEE Trans. Comput. 50(10), 1071–1083 (2001)

    Google Scholar 

  19. Mahmoud, H., Alghathbar, K.: Novel algorithmic countermeasures for differential power analysis attacks on smart cards. In: 2010 Sixth International Conference on Information Assurance and Security (IAS). IEEE (2010)

    Google Scholar 

  20. Kocher, P., et al.: Introduction to differential power analysis. J. Crypt. Eng. 1(1), 5–27 (2011)

    Google Scholar 

  21. Krieg, A., et al.: Accelerating early design phase differential power analysis using power emulation techniques. In: 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). IEEE (2011)

    Google Scholar 

  22. Karras, D.A., Zorkadis, V.: Neural network based benchmarks in the quality assessment of message digest algorithms for digital signatures based secure Internet communications. In: Proceedings of the International Joint Conference on Neural Networks, vol. 2. IEEE (2003)

    Google Scholar 

  23. Lesson: Generating and verifying signatures. Retrieved Apr 2012. http://docs.oracle.com/javase/tutorial/security/apisign/index.html

  24. Appendix A Key Management. Retrieved Apr 2012 from http://docs.oracle.com/cd/E19316-01/820-3748/gghyb/index.html

  25. Michail, H.E., et al.: Optimizing SHA-1 hash function for high throughput with a partial unrolling study. In: Integrated Circuit and System Design. Power and Timing Modeling, Optimization and Simulation, pp. 591–600. Springer, Berlin (2005)

    Google Scholar 

  26. Großschädl, J., Page, D., Tillich, S.: Efficient java implementation of elliptic curve cryptography for J2ME-Enabled mobile devices. In: Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems, pp. 189–207. Springer, Berlin (2012)

    Google Scholar 

  27. RSA Laboratories|Cryptography FAQ: http://www.rsasecurity.com/rsalabs/faq/index.html

  28. Caelli, W.J., Dawson, E.P., Rea, S.A.: PKI, elliptic curve cryptography, and digital signatures. Comput. Secur. 18(1), 47–66 (1999)

    Article  Google Scholar 

  29. Brown, D.R.: Standards for efficient cryptography. SEC 1: Elliptic curve cryptography. Released Standard Version 1.0 and Working Draft v1.5, 2005. Available online http://www.secg.org. Last accessed 3 Apr 2012

  30. Koblitz, N., Menezes, A., Vanstone, S.: The state of elliptic curve cryptography. In: Towards a Quarter-Century of Public Key Cryptography, pp. 103–123. Springer, US (2000)

    Google Scholar 

  31. Bensheng, Y., Qiaoyun, W., Fangming, Z.: Security architecture design of bidding MIS based on B/S. In: 2009 International Workshop on Information Security and Application (IWISA 2009) (2009)

    Google Scholar 

  32. Dhawan, P: Performance comparison: security design choices. Microsoft Developer Network, Oct 2002. Retrieved Apr 2012: http://msdn.microsoft.com/en-us/library/ms978415.aspx

  33. Takase, T., Uramoto, N., Baba, K.: XML digital signature system independent of existing applications. In: 2002 Symposium on Applications and the Internet (SAINT) Workshops. Proceedings. IEEE (2002)

    Google Scholar 

  34. Poulakis, D.: Some lattice attacks on DSA and ECDSA. Appl. Algebra Eng. Commun. Comput. 22(5–6), 347–358 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  35. Teat, C., Peltsverger, S.: The security of cryptographic hashes. In: Proceedings of the 49th Annual Southeast Regional Conference. ACM (2011)

    Google Scholar 

  36. Lam, T.C.B., Ding, J.J., Liu, J.C.: XML document parsing: operational and performance characteristics. Computer 9, 30–37 (2008)

    Google Scholar 

  37. Chang, M.H., Chen, I.T., Chen, M.T.: Design of proxy signature in ECDSA. In: Eighth International Conference on Intelligent Systems Design and Applications. ISDA’08, vol. 3. IEEE (2008)

    Google Scholar 

  38. Lu, W., et al.: A streaming validation model for SOAP digital signature. In: 14th IEEE International Symposium on High Performance Distributed Computing. HPDC-14. Proceedings. IEEE (2005)

    Google Scholar 

  39. Yang, C.H., Morita, H., Okamoto, T.: Fast implementation of digital signature algorithms on smartcards without coprocessor. J. Int. Technol. Inf. Manag. (JITIm) 2, 82–90 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Technology and Engineering, Vellore Institute of Technology, Vellore, Tamil Nadu, India

    Joannah Ravi & Balamurugan Balusamy

Authors
  1. Joannah Ravi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Balamurugan Balusamy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Balamurugan Balusamy .

Editor information

Editors and Affiliations

  1. Deparment of CSE, Anil Neerukonda Ins. of Tech. & Sci., Vishakapatnam, India

    Suresh Chandra Satapathy

  2. Indian Statistical Institute, Jadavpur University, Kolkata, India

    Swagatam Das

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Ravi, J., Balusamy, B. (2016). Provision of XML Security in E-Commerce Applications with XML Digital Signatures Using Virtual Smart Card. In: Satapathy, S., Das, S. (eds) Proceedings of First International Conference on Information and Communication Technology for Intelligent Systems: Volume 2. Smart Innovation, Systems and Technologies, vol 51. Springer, Cham. https://doi.org/10.1007/978-3-319-30927-9_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30927-9_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30926-2

  • Online ISBN: 978-3-319-30927-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation