Browse > Article

Design and Implementation of Web Security Module for a Safe Data Transmission in Heterogeneous Systems  

Kim, Ki-Sung (한양대학교 컴퓨터공학과)
Kim, Kwang ((주)스포티누스)
Heu, Shin (한양대학교 컴퓨터공학과)
Publication Information
Journal of KIISE:Software and Applications / v.32, no.12, 2005 , pp. 1238-1246 More about this Journal
Abstract
This thesis is written with web security module for safe data transmission between heterogeneous systems(ex. OS). Web system has allowed users to have great convenience and a lot of information. Though web service business has been progressed much, because of the limitation of it's own system, lots of loss, derived from data spillage which is the weakest point of security, has also followed. Suggested security module is realized by two module. One for server security module for web server, the other is client security module for client. The security structure, suggested on this thesis guarantee safe data transmission by only simple installation of modules in clients and servers. for speed sensitive transmission between web server and browser, Triple-DES, symmetric encryption system suitable for fast encryption communication, is adapted. To solve problems caused from key management, Diffie-Hellman's key exchange algorithm is adapted. By this method, all symmetric encryption troubles from key distribution and management, speed could be work out a solution. And Diffie-Hellman type algorithm secures Authentication for safe data Protection.
Keywords
Web security module; Diffie-Hellnan's key exchange algorithm; Data security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Avied D. Rubin, Daniel Geer, Marcus J. Ranum 'Web Security Source Book,' John Wiley & Sons, Inc. 1997
2 F.Bergadano, B. Crispo, M. Eccettuato 'Secure www Transactions Using Standard HTTP and Java Applets,' 3rd USENIX Workshop on Electronic Commerce, 1998, pp.109-119
3 Joris Claessens, Bart Preneel and Joos Vandewalle., 'Secure communication for secure agent-based electronic commerce applications,' LNAl 2033, 2001, pp180-190
4 Http://java.sun.com/j2se/1.4.1/guide/securtiy/
5 Jess barms, Daniel Somerfield 'Professional Java Security,' Wrox Press Inc. 2001
6 Bruce Schneier, 'Applied Cryptography,' Jon Wiley & Son, Inc.
7 Lincoln D. Stein, Web Security: A Step-by-Step Refernce Guide, Addison-Wesley, 1999
8 Wangham, M, S., Lung, L. C., Westphall, C. M., Fraga, J. S., 'Integrating SSL to the JaCoWeb security security framework : project and implementation,' Integrated Network Management Proceedings, 2001 IEEE/IFIP International Symposium on, pp.779-792, 2001
9 W.Diffie and M. E. Hellman, 'New directions in cryptography,' IEEE Trans. on Information Theory IT-22, No.6, pp.644-654, 1976   DOI
10 Whitefield Diffie, Paul C. van Oorchot and Michael J. Wiener 'Authentication and Authenticated Key Exchanges,' Designs Codes and Cryptography, 1992, pp.107-125   DOI
11 김병천, 이경호, 박성준, 원동호, '전자 서명방식의 구현 및 성능분석', 제4회 통신정보 합동학술대회논문집, pp.662-666, 1994
12 Gutzmann, km., 'Access control and session management in the HTTP environment,' IEEE Internet Computing. Vol.5 Issue. 1, pp.26-35, Jan.- Feb. 2001   DOI   ScienceOn
13 R. L. Rivest, A. Shamir and L.Adleman, 'A method of obtaining digital signature and public key cryptosystem,' ACM Communication 21, NO.2, pp.120-126, 1978   DOI   ScienceOn
14 Ddbaty, P., Caswell, D., 'Uniform Web presence architecture for people, places, and things,' IEEE Personal Communications, Vol.8 Issue.4, pp.46-51, Aug., 2001   DOI
15 Rubin, A.D., Geer, D. E., Jr., 'A survey of Web security,' Computer, Vol.31, Issue.9, pp.34-41, Sept., 1998   DOI   ScienceOn