A novel security scheme for online banking based on virtual machine

Bei Guan, Yanjun Wu, Yongji Wang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Current online banking scheme built on ordinary software stack, which comprises of the operating system and its applications running on it, is facing attacks including Phishing, Pharming, Malicious Software Attacks (MSW), Man in the Middle Attacks (MITM) and Keylogger. Today's countermeasures either prevent only part of these attacks or have high cost on performance and usability. In this paper, we introduce the Domain Online Banking (DOBank), a novel security scheme for online banking that combines the virtual machine (VM) technology with web services. Firstly, DOBank encapsulates the banking service into a lightweight domain and protects it from any attacks caused by virus from the user's host. Secondly, the domain can access certain hardware devices exclusively against Keylogger and gains nearly native performance using the passthrough technology. Finally, we use the virtual Trusted Platform Module (vTPM) for the online banking domain's integrity verification as well as the SSL/TLS (Security Sockets Layer/Transport Layer Security) protocol for the confidentiality of data transaction over the internet. We show that this scheme is secure enough to prevent typical viruses that threaten the online banking. The experiments on the network throughput and the time consumed of integrity measurement show it adds little overhead to the overall system.

Original languageEnglish
Title of host publicationProceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012
Pages12-17
Number of pages6
DOIs
Publication statusPublished - 5 Oct 2012
Externally publishedYes
Event2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012 - Gaithersburg, MD, United States
Duration: 20 Jun 201222 Jun 2012

Other

Other2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012
CountryUnited States
CityGaithersburg, MD
Period20/6/1222/6/12

Fingerprint

Viruses
Computer operating systems
Web services
Computer hardware
Throughput
Internet
Network protocols
Virtual machine
Malware
Costs
Experiments
Hardware security

Keywords

  • Online banking
  • Security
  • Virtual machine
  • Virtualization
  • Web service
  • Xen

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Guan, B., Wu, Y., & Wang, Y. (2012). A novel security scheme for online banking based on virtual machine. In Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012 (pp. 12-17). [6258439] https://doi.org/10.1109/SERE-C.2012.28

A novel security scheme for online banking based on virtual machine. / Guan, Bei; Wu, Yanjun; Wang, Yongji.

Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012. 2012. p. 12-17 6258439.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Guan, B, Wu, Y & Wang, Y 2012, A novel security scheme for online banking based on virtual machine. in Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012., 6258439, pp. 12-17, 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012, Gaithersburg, MD, United States, 20/6/12. https://doi.org/10.1109/SERE-C.2012.28
Guan B, Wu Y, Wang Y. A novel security scheme for online banking based on virtual machine. In Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012. 2012. p. 12-17. 6258439 https://doi.org/10.1109/SERE-C.2012.28
Guan, Bei ; Wu, Yanjun ; Wang, Yongji. / A novel security scheme for online banking based on virtual machine. Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012. 2012. pp. 12-17
@inproceedings{a8a4e5535e9e467ba97e4fb80ca95454,
title = "A novel security scheme for online banking based on virtual machine",
abstract = "Current online banking scheme built on ordinary software stack, which comprises of the operating system and its applications running on it, is facing attacks including Phishing, Pharming, Malicious Software Attacks (MSW), Man in the Middle Attacks (MITM) and Keylogger. Today's countermeasures either prevent only part of these attacks or have high cost on performance and usability. In this paper, we introduce the Domain Online Banking (DOBank), a novel security scheme for online banking that combines the virtual machine (VM) technology with web services. Firstly, DOBank encapsulates the banking service into a lightweight domain and protects it from any attacks caused by virus from the user's host. Secondly, the domain can access certain hardware devices exclusively against Keylogger and gains nearly native performance using the passthrough technology. Finally, we use the virtual Trusted Platform Module (vTPM) for the online banking domain's integrity verification as well as the SSL/TLS (Security Sockets Layer/Transport Layer Security) protocol for the confidentiality of data transaction over the internet. We show that this scheme is secure enough to prevent typical viruses that threaten the online banking. The experiments on the network throughput and the time consumed of integrity measurement show it adds little overhead to the overall system.",
keywords = "Online banking, Security, Virtual machine, Virtualization, Web service, Xen",
author = "Bei Guan and Yanjun Wu and Yongji Wang",
year = "2012",
month = "10",
day = "5",
doi = "10.1109/SERE-C.2012.28",
language = "English",
isbn = "9780769547435",
pages = "12--17",
booktitle = "Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012",

}

TY - GEN

T1 - A novel security scheme for online banking based on virtual machine

AU - Guan, Bei

AU - Wu, Yanjun

AU - Wang, Yongji

PY - 2012/10/5

Y1 - 2012/10/5

N2 - Current online banking scheme built on ordinary software stack, which comprises of the operating system and its applications running on it, is facing attacks including Phishing, Pharming, Malicious Software Attacks (MSW), Man in the Middle Attacks (MITM) and Keylogger. Today's countermeasures either prevent only part of these attacks or have high cost on performance and usability. In this paper, we introduce the Domain Online Banking (DOBank), a novel security scheme for online banking that combines the virtual machine (VM) technology with web services. Firstly, DOBank encapsulates the banking service into a lightweight domain and protects it from any attacks caused by virus from the user's host. Secondly, the domain can access certain hardware devices exclusively against Keylogger and gains nearly native performance using the passthrough technology. Finally, we use the virtual Trusted Platform Module (vTPM) for the online banking domain's integrity verification as well as the SSL/TLS (Security Sockets Layer/Transport Layer Security) protocol for the confidentiality of data transaction over the internet. We show that this scheme is secure enough to prevent typical viruses that threaten the online banking. The experiments on the network throughput and the time consumed of integrity measurement show it adds little overhead to the overall system.

AB - Current online banking scheme built on ordinary software stack, which comprises of the operating system and its applications running on it, is facing attacks including Phishing, Pharming, Malicious Software Attacks (MSW), Man in the Middle Attacks (MITM) and Keylogger. Today's countermeasures either prevent only part of these attacks or have high cost on performance and usability. In this paper, we introduce the Domain Online Banking (DOBank), a novel security scheme for online banking that combines the virtual machine (VM) technology with web services. Firstly, DOBank encapsulates the banking service into a lightweight domain and protects it from any attacks caused by virus from the user's host. Secondly, the domain can access certain hardware devices exclusively against Keylogger and gains nearly native performance using the passthrough technology. Finally, we use the virtual Trusted Platform Module (vTPM) for the online banking domain's integrity verification as well as the SSL/TLS (Security Sockets Layer/Transport Layer Security) protocol for the confidentiality of data transaction over the internet. We show that this scheme is secure enough to prevent typical viruses that threaten the online banking. The experiments on the network throughput and the time consumed of integrity measurement show it adds little overhead to the overall system.

KW - Online banking

KW - Security

KW - Virtual machine

KW - Virtualization

KW - Web service

KW - Xen

UR - http://www.scopus.com/inward/record.url?scp=84866894716&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84866894716&partnerID=8YFLogxK

U2 - 10.1109/SERE-C.2012.28

DO - 10.1109/SERE-C.2012.28

M3 - Conference contribution

SN - 9780769547435

SP - 12

EP - 17

BT - Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012

ER -