Securing Transactions: Protocols and Politics D. Crocker Brandenberg Consulting +1 408 246 8253 D. Crocker Brandenberg Consulting.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure and Applications
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
The Dance of Co-Opetition Dave Crocker Brandenburg Consulting MY: +60 (19) (408)
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
Principles of Information Security, 2nd edition1 Cryptography.
Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
Chapter 8 Web Security.
Security Jonathan Calazan December 12, 2005.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
E-C OMMERCE S ECURITY Presented by SAGAR CHAKRABORTY.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.
1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.
Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
Commerce and Financial Transaction Security Over the Internet Dave Crocker Brandenburg www.brandenburg.com.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Chapter Seven E-Business Risks. E-Business Model Evolution EDI EDI Web pages Web pages The online environment The online environment Distributed e-business.
Making Commerce Safe D. Crocker Brandenburg Consulting – Preliminary – Not for distribution.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
E-commerce 24/12/ Electronic Commerce (E-Commerce) Commerce refers to all the activities the purchase and sales of goods or services. Marketing,
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Module 7 – SET SET predecessors iKP, STT, SEPP. iKP Developed by IBM Three parties are involved - Customer, Merchant, and Acquirer Uses public key cryptography,
7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Electronic Money Lincoln Stein Whitehead Institute/MIT Center for Genome Research.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.
1 Original Message Scrambled Message Public Key receiver Internet Scrambled+Signed Message Original Message Private Key receiver The Process of Sending.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
S/MIME T ANANDHAN.
Cryptography and Network Security
Secure Electronic Transaction (SET) University of Windsor
Network Security 4/21/2019 Raj Rajarajan.
Unit 8 Network Security.
Electronic Payment Security Technologies
Module 4 System and Application Security
Cryptography and Network Security
Presentation transcript:

Securing Transactions: Protocols and Politics D. Crocker Brandenberg Consulting D. Crocker Brandenberg Consulting b b b b b b b b

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Brandenburg Consulting  Product & service / planning & design  Technical 4 Large-scale systems 4 Internet & interoperability 4 Operations 4 Security 4 Protocols ( , transport, commerce)  Internet development since 1972  Chair, Silicon Valley - Public Access Link

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Secure transactions  Doing business on the Internet  Object- vs. Transport- security  Payment protocols  Standards work

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Internet for commerce?  Strong pressures emerging 4 Businesses now online 4 Reduced access costs 4 Global “reach”

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b A global Internet  Scaling 4 A chicken in every pot!  Security 4 Military vs. commercial vs. personal  Management  4 Interconnection  interoperability  4 Sometimes  always

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Styles of use  Receiver pull 4 Interactive sessions 4 Individual, foreground refinement  Sender push 4 Messaging 4 Bulk, background distribution (Mark Smith, Intel)

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b To be on the Internet  Full (core) 4 Permanent, visible, native  Direct (consumer) 4 Native  Client 4 User runs Internet applications  Mediated 4 Provider runs applications for user  Messaging 4 Surprisingly useful

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b What is business?  R&D 4 Search, browse 4 Test 4 Coordinate  Support 4 Discuss 4 Info push  Marketing 4 Targeted info push 4 Survey  Sales 4 Negotiate 4 Order, bill, pay 4 Deliver

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Where to put functions?  Core vs. edges 4 Place it in the core Can’t be used until all of the pieces between users adopt it 4 Place it at the edges Useful as soon as adopted by two, consenting hosts

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Where to put security... My object Object Transport Secure My object FTP Web Secure My object Secure My object My object Web Security Web Server MTAMTA MTAMTA Security

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Transport security IPSEC IP-level labeling Kerberos (MIT) Third-party service S-KEY (Bellcore) Pairwise login S-HTTP (EIT) Negotiate specifical object wrapper security SSL (Netscape) Client-server transport link STT (Microsoft) (TBD)

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Object security  MOSS (was: PEM) 4 MIME Object Security Service - IETF 4 RSA + DES 4 Global, formal key certification hierarchy  PGP 4 Pretty Good Privacy - Phil Zimmerman 4 RSA + IDEA 4 Informal, personal, direct certification  S/MIME 4 Secure MIME - RSA & Consortium

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Basic algorithms MsgMsgMsgMsg MsgMsg Msg Hash Msg Hash ++ Ÿ Ÿ + + Key PRIV-ORIG Digital Signatur e Digital + Key DATA Ÿ Ÿ EncryptDataEncryptData Msg Hash Msg Hash + Key DATA + Key PUB-RECIP Key PUB-RECIP IntegrityAuthentication (sign) Privacy (seal) ŸŸ EncryptKeyEncryptKey When do you need each?...not always!

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b EDI over Internet  Multiple EDI transports already 4 Internet is one more  EDI/MIME, proposed standard 4 Regular EDI objects, encapsulated in MIME 4 Use MIME-based security

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Payment system model Buyer Merchant Issuing Bank Acquiring Bank Clearing House 16+4 (M. Rose, FV )

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Payment system issues  Transaction category “card not present” 4 For all bankcard approaches for Internet  Issues 4 Knowing buyer/merchant authorized 4 Avoiding third-party interception 4 Interchange, assessment, fees 4 Retrievals, chargebacks, etc. Risk management Risk management

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Payment system efforts Commercenet First Virtual Holdings CyberCash Open Market NetMarket Netscape DigiCash

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Scheme “Clear” ClearingHouse Buyer Merchant 16+4 in the clear! 16+4 Just trust the net... Easy to capture and replay.

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Scheme “ID” ClearingHouse Buyer Merchant 16+4 ID ID 16+4 Still Still trust the net, until the next statement... Easy to capture and replay.

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Scheme “ID confirm” ClearingHouse Buyer 16+4 ID ID Confirm ID Merchant Each transaction confirmed. Requires mildly safe user account.

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Scheme “Secure link” ClearingHouse Buyer Merchant Encrypted Same a telephone, but encrypt over Internet. Merchant gets number. Is merchant safe??

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Scheme “Mediated” ClearingHouse Buyer Merchant Encrypted16+4 Encrypted16+4 Only banks sees data in clear. Limited points of attack.

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b The standards debate Open IP labeling Session Security S-HTTP (sort of) MOSS Proprietary SSL STT PGP (sort of) S/MIME

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Freezing out competition  Non-interoperability mine 4 Do it because it’s mine! 4 Customer lock-in through proprietary extensions  Half-hearted integration 4 Specialized protocols for each and every need

© 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Is there hope?  Vendor initiatives 4 Market lead  Folded into public standards 4 Open access 4 Open enhancement It all depends on market demand. You are the market; start demanding!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.