Protecting Online Transactions with Unique Embedded Key Generators

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Martin Boesgaard Articles by Erik Zenner

The Second International Conference on Availability, Reliability and Security (ARES'07)

Vienna, Austria

April 10-April 13

ISBN: 0-7695-2775-2

	ASCII Text	x
	Martin Boesgaard, Erik Zenner, "Protecting Online Transactions with Unique Embedded Key Generators," Availability, Reliability and Security, International Conference on, pp. 663-669, The Second International Conference on Availability, Reliability and Security (ARES'07), 2007.

	BibTex	x
	@article{ 10.1109/ARES.2007.117, author = {Martin Boesgaard and Erik Zenner}, title = {Protecting Online Transactions with Unique Embedded Key Generators}, journal ={Availability, Reliability and Security, International Conference on}, volume = {0}, year = {2007}, isbn = {0-7695-2775-2}, pages = {663-669}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2007.117}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Availability, Reliability and Security, International Conference on TI - Protecting Online Transactions with Unique Embedded Key Generators SN - 0-7695-2775-2 SP663 EP669 A1 - Martin Boesgaard, A1 - Erik Zenner, PY - 2007 KW - null VL - 0 JA - Availability, Reliability and Security, International Conference on ER -

Martin Boesgaard, codesealer.com

Erik Zenner, codesealer.com

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2007.117

We present a novel approach for protecting transactions over networks. While we use the example of a netbank application, the proposal is relevant for many security-critical transactions.

The approach is based on two major changes compared to current solutions. The first one is the use of individualized key derivation functions, which ensure that given the same input, each copy of the application ends up with different keys. The second contribution is the individualizing of program copies by subtle code modification. This makes automated analysis and patching of a client-side application very difficult. In combination, these techniques allow to build a secure channel between the client program and the server, while current solutions only build such a channel between the client computer and the server.

Citation:

Martin Boesgaard, Erik Zenner, "Protecting Online Transactions with Unique Embedded Key Generators," ares, pp.663-669, The Second International Conference on Availability, Reliability and Security (ARES'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.