Client controlled security for Web applications

Hassinen, Marko; Mussalo, Petteri

doi:10.1109/lcn.2005.38

Cited by 10 publications

(4 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The clients are implemented based on HTML and Java Script in order to run entirely in a web browser as a web application [12], while including all designated use-cases and functionalities stipulated by the Data Security Decree (DSD) to authenticate, set and get requests, encrypt and decrypt data, digital sign data and check digital signatures, as well as to gather and prepare needed statistics. The prototype satisfied all legislative requirements and showed the sustainability of the underlying concept.…”

Section: Prototyping Of the Dls And Its Clientsmentioning

confidence: 99%

Data retention services with soft privacy impacts: Concept and implementation

Schafferer

Gruber

Schanes

et al. 2014

2014 IEEE 5th International Conference on Software Engineering and Service Science

View full text Add to dashboard Cite

Data retention is a controversial instrument of governments and their agencies with the background of fighting terrorism and crime. In 2006 the European Union (EU) passed the directive 2006/24/EC, which is about the retention of data generated or processed in connection with the provision of publicly available electronic communications services, or of public communications networks. Based on the Austrian approach, this paper shows how it is possible for governments to implement a data retention system supporting authorities while taking into account a best possible protection of their citizens' personal data and privacy. The authors implemented a proof-of-concept using a centrally managed service to exchange necessary retention data between corresponding authorities and provider. The concept is based on strong cryptographic algorithms ensuring end-to-end encryption while enabling central monitoring and administration. Therefore it is in conformity with the directive, as well as Austrian law, and enforces a core aspect to guarantee citizens privacy.

show abstract

Section: Prototyping Of the Dls And Its Clientsmentioning

confidence: 99%

Data retention services with soft privacy impacts: Concept and implementation

Schafferer

Gruber

Schanes

et al. 2014

2014 IEEE 5th International Conference on Software Engineering and Service Science

View full text Add to dashboard Cite

show abstract

“…Hassinen and Mussalo [15] have proposed a client-side encryption system to protect confidentiality, data integrity, and user trust. They encrypt data inputs using a client encryption key before submitting the content of an (X) HTML Form.…”

Section: Journal Of Theoretical and Applied Electronic Commerce Researchmentioning

confidence: 99%

“…If they are the same, the data is accepted, otherwise, the data is deemed to have been altered and the validation will fail. This system has two main requirements [15]:…”

Section: Journal Of Theoretical and Applied Electronic Commerce Researchmentioning

confidence: 99%

A Semantic Data Validation Service for Web Applications

Aljawarneh

Alkhateeb

Maghayreh

2010

J. theor. appl. electron. commer. res.

View full text Add to dashboard Cite

An Input validation can be a critical issue. Typically, a little attention is paid to it in a web development project, because overenthusiastic validation can tend to cause failures in the software, and can also break the security upon web applications such as an unauthorized access to data. Now, it is estimated the web application vulnerabilities (such as XSS or SQL injection) for more than two thirds of the reported web security vulnerabilities. In this paper, we start with a case study of the bypassing data validation and security vulnerabilities such as SQL injection and then go on to discuss the merits of a number of common data validation techniques. We also review the different solutions to date to provide data validation techniques in ecommerce applications. From this analysis, a new data validation service which is based upon semantic web Technologies, has been designed and implemented to prevent the web security vulnerabilities at the application level and to secure the web system even if the input validation modules are bypassed. Our semantic architecture consists of the following components: RDFa annotation for elements of web pages, interceptor, RDF extractor, RDF parser, and data validator. The experimental results of the pilot study indicate that the proposed data validation service might provide a detection, and prevention of some web application attacks.

show abstract

“…First, Hassinen and Mussalo [8] propose a client-side encryption system to protect data integrity and user trust. The client encryption key is located on a client smart card or can be stored on the server and transferred over an HTTP connection.…”

Section: Related Workmentioning

confidence: 99%

A Web Client Authentication System Using Smart Card for e-Systems: Initial Testing and Evaluation

Aljawarneh

Dababneh

Hosseny

et al. 2010

2010 Fourth International Conference on Digital Society

View full text Add to dashboard Cite

Although a number of techniques exist for authentication, web sites and web applications continue to use weak authentication schemes that are vulnerable for attack, particularly in e-commerce environments. These challenges are often occurred because of careless use of authenticators stored on the client-side. In this paper, we have developed a web client authentication system using smart card, called Dynamic HMAC Validation System (DHVS) to make sure that the requested confidential digital object is authenticated and hence no tampering can be performed upon it particularly at the client-side. The DHVS is based on HMAC technology where the key that is to be used for ciphering is dynamically generated every time the client sends a request. Our initial testing shows the DHVS could be able to authenticate multimedia content transactions and payment.

show abstract

Client controlled security for Web applications

Cited by 10 publications

References 7 publications

Data retention services with soft privacy impacts: Concept and implementation

Data retention services with soft privacy impacts: Concept and implementation

A Semantic Data Validation Service for Web Applications

A Web Client Authentication System Using Smart Card for e-Systems: Initial Testing and Evaluation

Contact Info

Product

Resources

About