2nd International ICST Workshop on Advances in Data and Information Management: Recent Advances of Cloud Computing in Data and Information Management Conference on Communications and Networking in China

Research Article

A Hash-based Secure Interface on Plain Connection

  • @INPROCEEDINGS{10.1109/ChinaCom.2011.6158347,
        author={Zhenxing Liu and Harjinder Lallie and Lu Liu and Yongzhao Zhan and Kaigui Wu},
        title={A Hash-based Secure Interface on Plain Connection},
        proceedings={2nd International ICST Workshop on Advances in Data and Information Management: Recent Advances of Cloud Computing in Data and Information Management  Conference on Communications and Networking in China},
        publisher={IEEE},
        proceedings_a={ADIM},
        year={2012},
        month={3},
        keywords={hash functions network security web applications},
        doi={10.1109/ChinaCom.2011.6158347}
    }
    
  • Zhenxing Liu
    Harjinder Lallie
    Lu Liu
    Yongzhao Zhan
    Kaigui Wu
    Year: 2012
    A Hash-based Secure Interface on Plain Connection
    ADIM
    IEEE
    DOI: 10.1109/ChinaCom.2011.6158347
Zhenxing Liu1, Harjinder Lallie1, Lu Liu1,*, Yongzhao Zhan2, Kaigui Wu3
  • 1: University of Derby
  • 2: Jiangsu University
  • 3: Chongqing University
*Contact email: chinaliulu@hotmail.com

Abstract

This paper proposes a hash-based secure interface between two nodes on the Internet, especial between two interfaces or two web pages. Digital signatures and public-private keys are traditionally used to provide integrity and authentication. This paper proposes an alternative method which uses a shared private key and a public hash function for a message that is sent over a plain connection without losing integrity and authentication. An additional private algorithm is needed when the message has been hashed based on the message and the salt (the shared private key), and the hashed value will be re-computed with the private algorithm to produce a string named as checksum. At the other end, when a message is received with a checksum the same process is followed to produce a new checksum. If the produced checksum is equal to the received checksum, the message is legitimate. For efficiency and reliability, a timestamp and validity period is introduced to the scheme. The salt gets more salty with time included and so does the secure interface.