The study on end-to-end security for ubiquitous commerce
Traditional authentication systems used to protect access to online services are vulnerable by using various types of keyboard hacking tools at application-level and kernel-level. This study has been carried out for the purpose to secure keyboard input information at end to end area between the keyboard hardware and the computer main system. For this, we found out security vulnerabilities at kernel-level in accordance with the input information processing procedure by using risk analysis based technology methodology. To secure derived vulnerabilities we have designed a couple of detailed system components such as debug interrupt exception processing, ‘JUMP’ code insertion, keyboard input encryption and direct transmission. As the consequence of security evaluation on our proposed technologies, we have got experiment results better than literature studies in the confidentiality experiment and the comparison experiment (regarding authentication and access control) about various information invasion tools. We expect that our research would be able to contribute to follow-up study not only to prevent leaking about keyboard input information but also to secure important information in ubiquitous commerce applications.
KeywordsKeyboard information security Debug exception Jump code insertion Linkage with public key infrastructure
Unable to display preview. Download preview PDF.
- 1.AhnLab (2003) Method for protecting from keystroke logging. Korea Patent, 10-0496462 Google Scholar
- 2.Awad NF, Fitzgerald K (2005) The deceptive behaviors that OFFEND US MOST about spyware. Commun ACM, 48 Google Scholar
- 3.Biessener DW, Biessener GR (2003) Virtual physical drivers. US Patent 6,204,700 Google Scholar
- 4.Challenger DC (2003) Apparatus and method for verifying keystrokes within a computing system. US Patent 6,630,926 Google Scholar
- 5.Custer H (2003) Inside Windows NT. Microsoft Press, Redmond Google Scholar
- 6.Fung ARW, Farm CJ, Lin AC (2003) A study on the certification of the information security management’s systems. Comput Stand Interfaces Google Scholar
- 8.Guven R, Sogukpinar I (2003) Understanding users keystroke patterns for computer access security. Comput Secur 22(8). doi:10.1016/j.cose.2004.06.014
- 10.Lee HW (2001) Paradigm’s change and some ideas of network offensive method. Secur Map, 10–18 Google Scholar
- 11.Lee S, Park J, Kang H (2004) Design of remote keystroke monitoring for honey pot. Conf Inf Sci 31(2):367–369 Google Scholar
- 12.Marchesini J, Smith SW, Zhao M (2005) Keyjacking: the surprising insecurity of client-side SSL. Comput Secur 24. doi:10.1016/S1361-3723(08)70023-X