Title :
Client controlled security for Web applications
Author :
Hassinen, Marko ; Mussalo, Petteri
Author_Institution :
Dept. of Comput. Sci., Kuopio Univ.
Abstract :
The main contribution of this paper is an encryption system for Web applications, where the encryption is done on the client side. By a Web application we mean an application that uses a web browser as a user interface and the content is in HTML or equivalent. In our application the client creates and stores an encryption key. The data is always encrypted when in transit through the transport media, and cannot be decrypted on the server without an explicit consent of the client. Even a malicious server software cannot be used to disclose the confidential data. Furthermore, the client will detect any attempt to tamper with the encrypted data. We show how to create a Web application that uses client side encryption and key generation. Our approach delivers confidentiality, integrity, and user trust. Furthermore it doesn´t require any additional hardware or any software installations on the client side
Keywords :
Internet; cryptography; telecommunication security; HTML; Web application; client controlled security; encryption system; transport media; Application software; Computer science; Costs; Cryptography; Databases; Hospitals; Internet; Privacy; Protection; User interfaces;
Conference_Titel :
Local Computer Networks, 2005. 30th Anniversary. The IEEE Conference on
Conference_Location :
Sydney, NSW
Print_ISBN :
0-7695-2421-4
DOI :
10.1109/LCN.2005.38
