Browse > Article

Security System using Protocol-Based Security Module for Secure Data Transmission in Web Environment  

장승주 (동의대학교 컴퓨터공학과)
임동훈 (경상대학교 통계정보학과)
Publication Information
Journal of KIISE:Information Networking / v.29, no.6, 2002 , pp. 635-644 More about this Journal
Abstract
We propose the PBSM(Protocol-Based Security Module) system which guarantees the secure data transmission under web environments. There are two modules in the PBSM architecture. One is Web Server Security Module(WSSM) which is working on a web server, the other is the Winsock Client Security Module(WSCSM) which is working on a client. The WSCSM security module decrypts the encrypted HTML document that is received from the security web server. The decrypted HTML document is displayed on the screen of a client. The WSSM module contains the encryption function for HTML file and the decryption function for CGI(Common Gateway Interface). The formal analysis methodology is imported from format theory for analyzing the data flow of the PBSM system. The formal analysis methodology is based on the order theory.
Keywords
PBSM security system; WSSM module; WSCSM module; web security module;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Lincoln D. Stein, Web Security: A Step-by-Step Reference Guide, Addison-Wesley, 1999
2 Donna Woouteiler, Web Security; A Matter of Trust, O'Reilly & Associates, 1997
3 A.O. Frier, P. Karlton, and P.C. Kocher, The SSL protocol version 3.0, dratt-ietf-tls-ssl-version3-00.txt, November 18, 1996
4 Lala, C,; Panda, B., 'Evaluating damage from cyber attacks: a model and analysis Systems, Man and Cybernetics,' Part A, IEEE Transactions on, Volume: 31 Issue: 4, Page(s): 300-310, July 2001   DOI   ScienceOn
5 D.L.Dill., 'The Murpi verification system,' In Computer Aided Verification 8th International Conference, pages 390-403, 1996   DOI   ScienceOn
6 Younglove, R.W., 'IP security: what makes it work?,' Computing & Control Engineering Journal, Volume: 12 Issue: 1 , Pagers): 44-46, Feb 2001   DOI   ScienceOn
7 Warwick Ford, Michael S. Baum, Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Prentice Hall, 2000
8 김병천, 이경호, 박성준, 원동호, '전자 서명 방식의 구현 및 성능분석', 제4회 통신정보 합동학술대회 논문집, pp.662-666, 1994
9 Niemeyer, R.E., 'Using Web technologies in two MLS environments: a security analysis,' Computer Security Applications Conference, 1997. Proceedings, 13th Annual, Page(s): 205-214, 1997   DOI
10 Wangham, M.S.; Lung, L.C. Westphall, C.M.; Fraga, J,S. 'Integrating SSL to the JaCoWeb security framework: project and implementation,' Integrated Network Management Proceedings, 2001 IEEE/IFIP International Symposium on, Page(s): 779-792, 2001   DOI
11 Rubin, A.D.; Geer, D.E., Jr., 'A survey of Web security,' Computer, Volume: 31 Issue: 9, Page(s): 34-41, Sept. 1995   DOI   ScienceOn
12 Debary, P.; Caswell, D., 'Uniform Web presence architecture for people, places, and things,' IEEE Personal Communications, Volume: 8 Issue: 4, Page(s): 46-51, Aug. 2001   DOI
13 염흥렬, '전자 서명 방식 고찰,' 한국통신정보보호학회 학회지, 제3권/2호, pp.7-18. 1993
14 Ronald L. Rivest, Adi Shamir, Len Adelman, 'On Digital Signatures and Public Key Crypto systems,' MIT Labatory for Computer Science Technical Memorandum 82, 1972
15 W. Diffie and M. E.Hellman, 'New directions In cryptography,' IEEE Trans. on Information Theory IT-22 No.6, pp.644-654, 1976
16 박일환, 장청룡, 원동호, '증명이 가능한 전자서명기법', 한국통신정보보호학회 논문지, 제4권/1호, pp.41-50, 1994
17 Gutzmann, K, 'Access control and session management in the HTTP environment,' IEEE Internet Computing, Volume:5 Issue: 1 , Page(s): 26-35, Jan.-Feb. 2001   DOI   ScienceOn
18 Anup K. Ghosh, E-Commerce Security: Weak Links, Best Defenses, John Wiley & Sons, 1995
19 Liu, S.; Sullivan, J.: Ormaner, J' 'A practical approach to enterprise it security,' IT Professional, Volume: 3 Issue: 5, Page(s): 35-42, Sep/Oct 2001   DOI   ScienceOn
20 R.C. Merkle and M. E. Hellman 'Hiding Information and signatures in trap-door knapsacks,' IEEE Trans. On Information Theory IT-24, No.5 pp.525-530, 1978
21 Bob Quinn, Dave Shute, Windows Sockets Network Programming, Addison-Wesley, 1995
22 K. Nyberg and R. A. Rueppel, 'Message recovery for signature scheme based on the discrete logarithm problem,' Eurocrypt'94 Proceedings, Springer-Verlag, 1995   DOI
23 S. C. Pohlig and M. E. Hellman, 'An improved algorithm for computing logarithm over GF(p) and its cryptographic significance,' IEEE Trans. on Information Theory IT -24, No.5, pp.106-110, 1978
24 R. L. Rivest, A. Shamir and L. Adleman, 'A method of obtaining digital signature and public key cryptosystem,' ACM Communication 21 No.2, pp.120-126, 1978   DOI   ScienceOn
25 Mohammed J. Kabir, 'Apache Server Bible,' IDG Books Worldwide, 1998