Conference paper
Protecting Online Transactions with Unique Embedded Key Generators
We present a novel approach for protecting transactions over networks. While we use the example of a netbank application, the proposal is relevant for many security-critical transactions. The approach is based on two major changes compared to current solutions. The first one is the use of individualized key derivation functions, which ensure that given the same input, each copy of the application ends up with different keys.
The second contribution is the individualizing of program copies by subtle code modification. This makes automated analysis and patching of a client-side application very difficult. In combination, these techniques allow to build a secure channel between the client program and the server, while current solutions only build such a channel between the client computer and the server.
Language: | English |
---|---|
Publisher: | IEEE Computer Society Press |
Year: | 2007 |
Pages: | 663-669 |
Proceedings: | International Conference on Availability, Reliability and Security |
ISBN: | 0769527752 , 1509087303 , 9780769527758 and 9781509087303 |
Types: | Conference paper |
DOI: | 10.1109/ARES.2007.117 |
Application software Banking Communication channels Costs Information filtering Information filters Internet Proposals Protection Web server banking client-server system client-server systems client-side application code modification cryptography electronic commerce embedded key generators individualized key derivation functions netbank application online transaction protection safety-critical software security-critical transactions transaction processing