Protecting Online Transactions with Unique Embedded Key Generators

Author

Boesgaard, Martin ; Zenner, Erik

fYear

2007

fDate

10-13 April 2007

Firstpage

663

Lastpage

669

Abstract

We present a novel approach for protecting transactions over networks. While we use the example of a netbank application, the proposal is relevant for many security-critical transactions. The approach is based on two major changes compared to current solutions. The first one is the use of individualized key derivation functions, which ensure that given the same input, each copy of the application ends up with different keys. The second contribution is the individualizing of program copies by subtle code modification. This makes automated analysis and patching of a client-side application very difficult. In combination, these techniques allow to build a secure channel between the client program and the server, while current solutions only build such a channel between the client computer and the server

Keywords

banking; client-server systems; cryptography; electronic commerce; safety-critical software; transaction processing; client-server system; client-side application; code modification; embedded key generators; individualized key derivation functions; netbank application; online transaction protection; security-critical transactions; Application software; Banking; Communication channels; Costs; Information filtering; Information filters; Internet; Proposals; Protection; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on

Conference_Location

Vienna

Print_ISBN

0-7695-2775-2

Type

conf

DOI

10.1109/ARES.2007.117

Filename

4159861