Skip to main content
SpringerLink
Log in

A Limited-Used Key Generation Scheme for Internet Transactions

  • Conference paper
Information Security Applications (WISA 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3325))

Included in the following conference series:

Abstract

Traditionally, the security of symmetric-key based systems heavily relies on the security of shared keys. In this paper, we present a new session key generation technique for internet transactions that eliminates the need of storing long-term shared key which makes the system insecure against key compromise during transactions. The generation of each set of session keys is based on randomly chosen preference keys. The higher number the transactions have been performed, the less chance the system is being compromised. We show that the proposed technique is secure against various kinds of attacks. Finally, the proposed technique can be applied to any kind of internet applications that deploy shared secrets. We demonstrate the practical usefulness of our technique by applying it to credit-card payment systems. The results show that our technique enhance their security considerably.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Freier, A.O., Karlton, P., Kocher, P.: The SSL Protocol Version 3.0. Internet Draft (1996), http://wp.netscape.com/eng/ssl3/ssl-toc.html

  2. Kungpisdan, S., Srinivasan, B., Le, P.D.: Lightweight Mobile Credit-Card Payment Protocol. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 295–308. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (1997)

    Google Scholar 

  4. Krawczyk, H.: Blinding of Credit Card Numbers in the SET Protocol. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 17–28. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  5. Li, Y., Zhang, X.: A Security-Enhanced One-Time Payment Scheme for Credit Card. In: Proceedings of the International Workshop on Research Issues on data Engineering: Web Services for E-Commerce and E-Government Applications, pp. 40–47 (2004)

    Google Scholar 

  6. Mastercard and Visa. SET Protocol Specifications (1997), http://www.setco.org/set_specifications.html

  7. Rubin, A.D., Wright, R.N.: Off-Line Generation of Limited-Use Credit Card Numbers. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, pp. 196–209. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  8. Shamir, A.: SecureClick: A Web Payment System with Disposable Credit Card Numbers. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, pp. 223–242. Springer, Heidelberg (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Software Engineering, Monash University, 900 Dandenong Road, Caulfield East, Victoria, 3145, Australia

    Supakorn Kungpisdan & Bala Srinivasan

  2. School of Network Computing, Monash University, McMahons Road, Frankston, Victoria, 3199, Australia

    Phu Dung Le

Authors
  1. Supakorn Kungpisdan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Phu Dung Le
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bala Srinivasan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Engineering, Sejong University, 143-747, Seoul, Korea

    Chae Hoon Lim

  2. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kungpisdan, S., Le, P.D., Srinivasan, B. (2005). A Limited-Used Key Generation Scheme for Internet Transactions. In: Lim, C.H., Yung, M. (eds) Information Security Applications. WISA 2004. Lecture Notes in Computer Science, vol 3325. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31815-6_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-31815-6_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24015-0

  • Online ISBN: 978-3-540-31815-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation