Interactive Symmetric Context Encryption in Framework of Asynchronous Data Exchange

Abstract

With the rapid development of the Internet world, information security issues has been increasingly concerned with wide investigations. In the browser/server (B/S) architecture, a server is the provider of information services including content, control and security of end-users’ web-pages. Browsers and servers exchange web-page context based on Hypertext Transfer Protocol (HTTP), which exposes private confidential or sensitive information. To protect web-pages’ context against information theft on the clients’ accessing and submitting data to the server, this paper proposes an interactive symmetric context encryption (ISCE) method based on HTTP. For overcoming the defects of traditional browser-side data encryption algorithms, ISCE is developed by setting a non-transparent data encryption process with an interactive data exchange and symmetric encryption algorithm. For such a purpose the runtime script interpretation is first employed, by which the client browser asynchronously loads the symmetric encryption codes from the server into its cache instead of a synchronous web page with a transparent context for users. Based on the web session technology, a multi-step random check codes can be exchanged between the client and the server in time sequences to consistently obtain a valid symmetric key mask. With the combination of two techniques a novel web-page context encryption protocol is proposed to realize a lightweight encryption scheme to prevent an information theft. With an experimental B/S system and widespread HTTP data capture tools, the proposed encryption is tested. The results have shown that the cipher text can be generated with higher efficiency and stronger security to transmit data from a client to a server. Especially the server can dominantly control the encryption by continuously adjusting the configures of generating random check codes, which effectively increase the difficulties of cracking the cipher text.