Abstract
The paper aims at enhancing XML security by generating an XML digital signature capable of providing the major security features such as authentication, integrity, non-repudiation and confidentiality [14]. It also extends the concept of Information hiding which overcomes the hidden problem of traditional XML digital signature generation called “MID-WAY READING”. The security of the document is ensured by a process called ‘information hiding’. The document to be sent is digitally signed as well as encrypted and thereby ensuring excellent security level during the business transactions in an e-commerce environment and in addition to that, the private key used for signing the document is stored in a virtual smart card that provides enhanced security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
http://www.oasisopen.org/committees/download.php/20508/oasis-dss-1.0-interop-wd-07.doc
Dournaee, B., Dournee, B.: XML Security. Mcgraw-Hill, New York (2002)
Groz, B., et al.: Static analysis of XML security views and query rewriting. Inf. Comput. 238, 2–29 (2014)
Barhoom, T.S.M, Shen-Sheng, Z.; Trusted exam marks system at IUG using XML-signature. In: The Fourth International Conference on Computer and Information Technology, CIT’04. IEEE (2004)
Rao, W., Gan, Q.: The performance analysis of two digital signature schemes based on secure charging protocol. In: International Conference on Wireless Communications, Networking and Mobile Computing. Proceedings, vol. 2. IEEE (2005)
ESA-02: SOAP Interfaces vulnerable to XML signature element wrapping attacks. Retrieved Apr 2012, from http://www.eucalyptus.com/eucalyptus-cloud/security/esa-02
Tao, H., Qihai, Z., Le, Z., Zhongjun, L., Xun, L.: An improved scheme for e-signature techniques based on digital encryption and information hiding. In: 2008 International Symposiums on Information Processing (ISIP), pp. 593, 597, 23–25 May 2008
Jie, Y.: Algorithm of XML document information hiding based on equal element. In: 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT), vol. 3. IEEE (2010)
How to Enable Smartcard Support. Retrieved Apr 2012. http://www.safehousesoftware.com/manual/SafeHouse.htm#user_s_guide/SMARTCARD_Virtual.htm
Bedi, H., Yang, L.: Fair electronic exchange based on fingerprint biometrics. Int. J. Inf. Secur. Privacy (IJISP) 3(3), 76–106 (2009)
Gómez, J.M., Lichtenberg, J.: Intrusion detection management system for ecommerce security. J. Inf. Priv. Secur. 3(4), 19–31 (2007)
Grabher, P., Großschädl, J., Page, D.: Light-weight instruction set extensions for bit-sliced cryptography. In: Cryptographic Hardware and Embedded Systems–CHES 2008, pp. 331–345. Springer, Berlin (2008)
Chan, G.Y., Lee, C.S., Heng, S.H.: Defending against XML-related attacks in e-commerce applications with predictive fuzzy associative rules. Appl. Soft Comput. 24, 142–157 (2014)
Meadors, K.: Secure electronic data interchange over the Internet. IEEE Internet Comput. 9(3), 82–89 (2005)
Wajih, E.H.Y., Mohsen, M., Rached, T.: A secure elliptic curve digital signature scheme for embedded devices. In: 2nd International Conference on Signals, Circuits and Systems, SCS 2008, pp. 1, 6, 7–9 Nov 2008
Masoumi, M., Mohammadi, S.: A new and efficient approach to protect AES against differential power analysis. In: 2011 World Congress on Internet Security (WorldCIS). IEEE (2011)
Hasan, M.A.: Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems. IEEE Trans. Comput. 50(10), 1071–1083 (2001)
Mahmoud, H., Alghathbar, K.: Novel algorithmic countermeasures for differential power analysis attacks on smart cards. In: 2010 Sixth International Conference on Information Assurance and Security (IAS). IEEE (2010)
Kocher, P., et al.: Introduction to differential power analysis. J. Crypt. Eng. 1(1), 5–27 (2011)
Krieg, A., et al.: Accelerating early design phase differential power analysis using power emulation techniques. In: 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). IEEE (2011)
Karras, D.A., Zorkadis, V.: Neural network based benchmarks in the quality assessment of message digest algorithms for digital signatures based secure Internet communications. In: Proceedings of the International Joint Conference on Neural Networks, vol. 2. IEEE (2003)
Lesson: Generating and verifying signatures. Retrieved Apr 2012. http://docs.oracle.com/javase/tutorial/security/apisign/index.html
Appendix A Key Management. Retrieved Apr 2012 from http://docs.oracle.com/cd/E19316-01/820-3748/gghyb/index.html
Michail, H.E., et al.: Optimizing SHA-1 hash function for high throughput with a partial unrolling study. In: Integrated Circuit and System Design. Power and Timing Modeling, Optimization and Simulation, pp. 591–600. Springer, Berlin (2005)
Großschädl, J., Page, D., Tillich, S.: Efficient java implementation of elliptic curve cryptography for J2ME-Enabled mobile devices. In: Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems, pp. 189–207. Springer, Berlin (2012)
RSA Laboratories|Cryptography FAQ: http://www.rsasecurity.com/rsalabs/faq/index.html
Caelli, W.J., Dawson, E.P., Rea, S.A.: PKI, elliptic curve cryptography, and digital signatures. Comput. Secur. 18(1), 47–66 (1999)
Brown, D.R.: Standards for efficient cryptography. SEC 1: Elliptic curve cryptography. Released Standard Version 1.0 and Working Draft v1.5, 2005. Available online http://www.secg.org. Last accessed 3 Apr 2012
Koblitz, N., Menezes, A., Vanstone, S.: The state of elliptic curve cryptography. In: Towards a Quarter-Century of Public Key Cryptography, pp. 103–123. Springer, US (2000)
Bensheng, Y., Qiaoyun, W., Fangming, Z.: Security architecture design of bidding MIS based on B/S. In: 2009 International Workshop on Information Security and Application (IWISA 2009) (2009)
Dhawan, P: Performance comparison: security design choices. Microsoft Developer Network, Oct 2002. Retrieved Apr 2012: http://msdn.microsoft.com/en-us/library/ms978415.aspx
Takase, T., Uramoto, N., Baba, K.: XML digital signature system independent of existing applications. In: 2002 Symposium on Applications and the Internet (SAINT) Workshops. Proceedings. IEEE (2002)
Poulakis, D.: Some lattice attacks on DSA and ECDSA. Appl. Algebra Eng. Commun. Comput. 22(5–6), 347–358 (2011)
Teat, C., Peltsverger, S.: The security of cryptographic hashes. In: Proceedings of the 49th Annual Southeast Regional Conference. ACM (2011)
Lam, T.C.B., Ding, J.J., Liu, J.C.: XML document parsing: operational and performance characteristics. Computer 9, 30–37 (2008)
Chang, M.H., Chen, I.T., Chen, M.T.: Design of proxy signature in ECDSA. In: Eighth International Conference on Intelligent Systems Design and Applications. ISDA’08, vol. 3. IEEE (2008)
Lu, W., et al.: A streaming validation model for SOAP digital signature. In: 14th IEEE International Symposium on High Performance Distributed Computing. HPDC-14. Proceedings. IEEE (2005)
Yang, C.H., Morita, H., Okamoto, T.: Fast implementation of digital signature algorithms on smartcards without coprocessor. J. Int. Technol. Inf. Manag. (JITIm) 2, 82–90 (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Ravi, J., Balusamy, B. (2016). Provision of XML Security in E-Commerce Applications with XML Digital Signatures Using Virtual Smart Card. In: Satapathy, S., Das, S. (eds) Proceedings of First International Conference on Information and Communication Technology for Intelligent Systems: Volume 2. Smart Innovation, Systems and Technologies, vol 51. Springer, Cham. https://doi.org/10.1007/978-3-319-30927-9_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-30927-9_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30926-2
Online ISBN: 978-3-319-30927-9
eBook Packages: EngineeringEngineering (R0)