Skip to main content
SpringerLink
Log in

A New Scheme for Protecting Master-Key of Data Centre Web Server in Online Banking

  • Conference paper
Web Information Systems and Mining (WISM 2010)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6318))

Included in the following conference series:

  • 2934 Accesses

Abstract

The master-key is used to encrypt the operation-key, and the operation-key is applied to encrypt the transport-key, consequently safety protection of the master-key is security core in online banking system. A scheme to protect the master-key was presented. Using method of 3-out-4 key share and LaGrange formula, the shares of the master-key were distributed to one synthesizing card and four key servers. When the data centre web server needed the master-key, the synthesizing card firstly authenticated the legitimacy of the shares of randomly selected three key severs from the four by zero-knowledge proof technology, once the shares were modified and destroyed, rest shares could make up a group so that the system worked continuously. Then the synthesizing card synthesized the master-key based on the shares of those three key severs. Security analysis proves that this scheme makes the whole system to have fault-tolerant and error detection, and also shows no-information leakage and defending collusive attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Guo, H., Mu, Y., Zhang, X.Y.: Enhanced McCullagh-Barreto identity-based key exchange protocols with master key forward security. International Journal of Security and Networks 5(2-3), 173–187 (2010)

    Article  Google Scholar 

  2. Hua, G., Yi, M., Xiyong, Z.: Novel and efficient identity-based authenticated key agreement protocols from weil pairings. In: Zhang, D., Portmann, M., Tan, A.-H., Indulska, J. (eds.) UIC 2009. LNCS, vol. 5585, pp. 310–324. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  3. Morrissey, P., Smart, N.P., Warinschi, B.: The TLS handshake protocol: A modular analysis. Journal of Cryptology 23(2), 187–223 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  4. Zhendong, S., Gary, W.: The essence of command injection attacks in web applications. ACM SIGPLAN Notices 41(1), 372–382 (2006)

    Article  MATH  Google Scholar 

  5. Ashley, C., Wanlei, Z., Yang, X.: Protecting web services from DDOS attacks by SOTA. ICITA 2008, 379–384 (2008)

    Google Scholar 

  6. Wu, T., Malkin, M., Boneh, D.: Building intrusion-tolerant applications. In: Information Survivability Conference and Exposition, pp. 25–27. IEEE Computer Society, Los Alamitos (2000)

    Google Scholar 

  7. Xian-feng, Z., Jin-de, L.: A threshold ECC Based on Intrusion Tolerance TTP Scheme. Computer applications 24(2), 5–8 (2004)

    Google Scholar 

  8. Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer and Communication, Lanzhou University of Technology, Lanzhou, 730050, China

    Cao Lai-Cheng & Liang Lei

Authors
  1. Cao Lai-Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liang Lei
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Business Administration, Caritas Francis Hsu College, 18 Chui Ling Road, Tseung Kwan O, Hong Kong, China

    Fu Lee Wang

  2. Department of Computer and Inforamtion Science, University of Macau, Av. Padre Tomás Pereira, Taipa, Macau, SAR, China

    Zhiguo Gong

  3. School of Computer, Shanghai University, 99 Shangda Road, 200444, Shanghai, China

    Xiangfeng Luo

  4. School of Computer, Nanjing University of Posts and Telecommunications, 210003, Nanjing, China

    Jingsheng Lei

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lai-Cheng, C., Lei, L. (2010). A New Scheme for Protecting Master-Key of Data Centre Web Server in Online Banking. In: Wang, F.L., Gong, Z., Luo, X., Lei, J. (eds) Web Information Systems and Mining. WISM 2010. Lecture Notes in Computer Science, vol 6318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16515-3_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16515-3_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16514-6

  • Online ISBN: 978-3-642-16515-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation