Skip to main content

The study on end-to-end security for ubiquitous commerce

Abstract

Traditional authentication systems used to protect access to online services are vulnerable by using various types of keyboard hacking tools at application-level and kernel-level. This study has been carried out for the purpose to secure keyboard input information at end to end area between the keyboard hardware and the computer main system. For this, we found out security vulnerabilities at kernel-level in accordance with the input information processing procedure by using risk analysis based technology methodology. To secure derived vulnerabilities we have designed a couple of detailed system components such as debug interrupt exception processing, ‘JUMP’ code insertion, keyboard input encryption and direct transmission. As the consequence of security evaluation on our proposed technologies, we have got experiment results better than literature studies in the confidentiality experiment and the comparison experiment (regarding authentication and access control) about various information invasion tools. We expect that our research would be able to contribute to follow-up study not only to prevent leaking about keyboard input information but also to secure important information in ubiquitous commerce applications.

This is a preview of subscription content, access via your institution.

References

  1. AhnLab (2003) Method for protecting from keystroke logging. Korea Patent, 10-0496462

  2. Awad NF, Fitzgerald K (2005) The deceptive behaviors that OFFEND US MOST about spyware. Commun ACM, 48

  3. Biessener DW, Biessener GR (2003) Virtual physical drivers. US Patent 6,204,700

  4. Challenger DC (2003) Apparatus and method for verifying keystrokes within a computing system. US Patent 6,630,926

  5. Custer H (2003) Inside Windows NT. Microsoft Press, Redmond

    Google Scholar 

  6. Fung ARW, Farm CJ, Lin AC (2003) A study on the certification of the information security management’s systems. Comput Stand Interfaces

  7. Goring SP, Rabaiotti JR, Jones AJ (2007) Anti-keylogging measures for secure Internet login: an example of the law of unintended consequences. Comput Secur 26(6):421–426

    Article  Google Scholar 

  8. Guven R, Sogukpinar I (2003) Understanding users keystroke patterns for computer access security. Comput Secur 22(8). doi:10.1016/j.cose.2004.06.014

  9. Jamil T (2004) The Rijundael algorithm. IEEE Potentials 23(2):36–38

    Article  MathSciNet  Google Scholar 

  10. Lee HW (2001) Paradigm’s change and some ideas of network offensive method. Secur Map, 10–18

  11. Lee S, Park J, Kang H (2004) Design of remote keystroke monitoring for honey pot. Conf Inf Sci 31(2):367–369

    Google Scholar 

  12. Marchesini J, Smith SW, Zhao M (2005) Keyjacking: the surprising insecurity of client-side SSL. Comput Secur 24. doi:10.1016/S1361-3723(08)70023-X

  13. Treat DG (2002) Keyboard encryption. IEEE Potentials 21(3):40–42

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Hangbae Chang.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Chang, H. The study on end-to-end security for ubiquitous commerce. J Supercomput 55, 228–245 (2011). https://doi.org/10.1007/s11227-010-0412-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-010-0412-4

Keywords

  • Keyboard information security
  • Debug exception
  • Jump code insertion
  • Linkage with public key infrastructure