The Journal of Supercomputing

, Volume 55, Issue 2, pp 228–245 | Cite as

The study on end-to-end security for ubiquitous commerce

Article

Abstract

Traditional authentication systems used to protect access to online services are vulnerable by using various types of keyboard hacking tools at application-level and kernel-level. This study has been carried out for the purpose to secure keyboard input information at end to end area between the keyboard hardware and the computer main system. For this, we found out security vulnerabilities at kernel-level in accordance with the input information processing procedure by using risk analysis based technology methodology. To secure derived vulnerabilities we have designed a couple of detailed system components such as debug interrupt exception processing, ‘JUMP’ code insertion, keyboard input encryption and direct transmission. As the consequence of security evaluation on our proposed technologies, we have got experiment results better than literature studies in the confidentiality experiment and the comparison experiment (regarding authentication and access control) about various information invasion tools. We expect that our research would be able to contribute to follow-up study not only to prevent leaking about keyboard input information but also to secure important information in ubiquitous commerce applications.

Keywords

Keyboard information security Debug exception Jump code insertion Linkage with public key infrastructure 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    AhnLab (2003) Method for protecting from keystroke logging. Korea Patent, 10-0496462 Google Scholar
  2. 2.
    Awad NF, Fitzgerald K (2005) The deceptive behaviors that OFFEND US MOST about spyware. Commun ACM, 48 Google Scholar
  3. 3.
    Biessener DW, Biessener GR (2003) Virtual physical drivers. US Patent 6,204,700 Google Scholar
  4. 4.
    Challenger DC (2003) Apparatus and method for verifying keystrokes within a computing system. US Patent 6,630,926 Google Scholar
  5. 5.
    Custer H (2003) Inside Windows NT. Microsoft Press, Redmond Google Scholar
  6. 6.
    Fung ARW, Farm CJ, Lin AC (2003) A study on the certification of the information security management’s systems. Comput Stand Interfaces Google Scholar
  7. 7.
    Goring SP, Rabaiotti JR, Jones AJ (2007) Anti-keylogging measures for secure Internet login: an example of the law of unintended consequences. Comput Secur 26(6):421–426 CrossRefGoogle Scholar
  8. 8.
    Guven R, Sogukpinar I (2003) Understanding users keystroke patterns for computer access security. Comput Secur 22(8). doi:10.1016/j.cose.2004.06.014
  9. 9.
    Jamil T (2004) The Rijundael algorithm. IEEE Potentials 23(2):36–38 CrossRefMathSciNetGoogle Scholar
  10. 10.
    Lee HW (2001) Paradigm’s change and some ideas of network offensive method. Secur Map, 10–18 Google Scholar
  11. 11.
    Lee S, Park J, Kang H (2004) Design of remote keystroke monitoring for honey pot. Conf Inf Sci 31(2):367–369 Google Scholar
  12. 12.
    Marchesini J, Smith SW, Zhao M (2005) Keyjacking: the surprising insecurity of client-side SSL. Comput Secur 24. doi:10.1016/S1361-3723(08)70023-X
  13. 13.
    Treat DG (2002) Keyboard encryption. IEEE Potentials 21(3):40–42 CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Department of Business AdministrationDaejin UniversityPocheon-SiKorea

Personalised recommendations