Abstract
Traditional authentication systems used to protect access to online services are vulnerable by using various types of keyboard hacking tools at application-level and kernel-level. This study has been carried out for the purpose to secure keyboard input information at end to end area between the keyboard hardware and the computer main system. For this, we found out security vulnerabilities at kernel-level in accordance with the input information processing procedure by using risk analysis based technology methodology. To secure derived vulnerabilities we have designed a couple of detailed system components such as debug interrupt exception processing, ‘JUMP’ code insertion, keyboard input encryption and direct transmission. As the consequence of security evaluation on our proposed technologies, we have got experiment results better than literature studies in the confidentiality experiment and the comparison experiment (regarding authentication and access control) about various information invasion tools. We expect that our research would be able to contribute to follow-up study not only to prevent leaking about keyboard input information but also to secure important information in ubiquitous commerce applications.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
AhnLab (2003) Method for protecting from keystroke logging. Korea Patent, 10-0496462
Awad NF, Fitzgerald K (2005) The deceptive behaviors that OFFEND US MOST about spyware. Commun ACM, 48
Biessener DW, Biessener GR (2003) Virtual physical drivers. US Patent 6,204,700
Challenger DC (2003) Apparatus and method for verifying keystrokes within a computing system. US Patent 6,630,926
Custer H (2003) Inside Windows NT. Microsoft Press, Redmond
Fung ARW, Farm CJ, Lin AC (2003) A study on the certification of the information security management’s systems. Comput Stand Interfaces
Goring SP, Rabaiotti JR, Jones AJ (2007) Anti-keylogging measures for secure Internet login: an example of the law of unintended consequences. Comput Secur 26(6):421–426
Guven R, Sogukpinar I (2003) Understanding users keystroke patterns for computer access security. Comput Secur 22(8). doi:10.1016/j.cose.2004.06.014
Jamil T (2004) The Rijundael algorithm. IEEE Potentials 23(2):36–38
Lee HW (2001) Paradigm’s change and some ideas of network offensive method. Secur Map, 10–18
Lee S, Park J, Kang H (2004) Design of remote keystroke monitoring for honey pot. Conf Inf Sci 31(2):367–369
Marchesini J, Smith SW, Zhao M (2005) Keyjacking: the surprising insecurity of client-side SSL. Comput Secur 24. doi:10.1016/S1361-3723(08)70023-X
Treat DG (2002) Keyboard encryption. IEEE Potentials 21(3):40–42
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chang, H. The study on end-to-end security for ubiquitous commerce. J Supercomput 55, 228–245 (2011). https://doi.org/10.1007/s11227-010-0412-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-010-0412-4