Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Transactions: Protocols and Politics D. Crocker Brandenberg Consulting +1 408 246 8253 D. Crocker Brandenberg Consulting.

Published byLawrence Nichols Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Transactions: Protocols and Politics D. Crocker Brandenberg Consulting +1 408 246 8253 D. Crocker Brandenberg Consulting."— Presentation transcript:

1 Securing Transactions: Protocols and Politics D. Crocker Brandenberg Consulting +1 408 246 8253 dcrocker@brandenburg.com D. Crocker Brandenberg Consulting +1 408 246 8253 dcrocker@brandenburg.com b b b b b b b b

2 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Brandenburg Consulting  Product & service / planning & design  Technical 4 Large-scale systems 4 Internet & interoperability 4 Operations 4 Security 4 Protocols (email, transport, commerce)  Internet development since 1972  Chair, Silicon Valley - Public Access Link

3 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Secure transactions  Doing business on the Internet  Object- vs. Transport- security  Payment protocols  Standards work

4 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Internet for commerce?  Strong pressures emerging 4 Businesses now online 4 Reduced access costs 4 Global “reach”

5 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b A global Internet  Scaling 4 A chicken in every pot!  Security 4 Military vs. commercial vs. personal  Management  4 Interconnection  interoperability  4 Sometimes  always

6 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Styles of use  Receiver pull 4 Interactive sessions 4 Individual, foreground refinement  Sender push 4 Messaging 4 Bulk, background distribution (Mark Smith, Intel)

7 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b To be on the Internet  Full (core) 4 Permanent, visible, native  Direct (consumer) 4 Native  Client 4 User runs Internet applications  Mediated 4 Provider runs applications for user  Messaging 4 Surprisingly useful

8 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b What is business?  R&D 4 Search, browse 4 Test 4 Coordinate  Support 4 Discuss 4 Info push  Marketing 4 Targeted info push 4 Survey  Sales 4 Negotiate 4 Order, bill, pay 4 Deliver

9 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Where to put functions?  Core vs. edges 4 Place it in the core Can’t be used until all of the pieces between users adopt it 4 Place it at the edges Useful as soon as adopted by two, consenting hosts

10 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Where to put security... My object Object Transport Secure My object FTP EMail Web Secure My object Secure My object EMail My object Web Security Web Server MTAMTA MTAMTA EMail Security

11 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Transport security IPSEC IP-level labeling Kerberos (MIT) Third-party service S-KEY (Bellcore) Pairwise login S-HTTP (EIT) Negotiate specifical object wrapper security SSL (Netscape) Client-server transport link STT (Microsoft) (TBD)

12 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Object security  MOSS (was: PEM) 4 MIME Object Security Service - IETF 4 RSA + DES 4 Global, formal key certification hierarchy  PGP 4 Pretty Good Privacy - Phil Zimmerman 4 RSA + IDEA 4 Informal, personal, direct certification  S/MIME 4 Secure MIME - RSA & Consortium

13 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Basic algorithms MsgMsgMsgMsg MsgMsg Msg Hash Msg Hash ++ Ÿ Ÿ + + Key PRIV-ORIG Digital Signatur e Digital + Key DATA Ÿ Ÿ EncryptDataEncryptData Msg Hash Msg Hash + Key DATA + Key PUB-RECIP Key PUB-RECIP IntegrityAuthentication (sign) Privacy (seal) ŸŸ EncryptKeyEncryptKey When do you need each?...not always!

14 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b EDI over Internet  Multiple EDI transports already 4 Internet is one more  EDI/MIME, proposed standard 4 Regular EDI objects, encapsulated in MIME 4 Use MIME-based security

15 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Payment system model Buyer Merchant Issuing Bank Acquiring Bank Clearing House 16+4 (M. Rose, FV )

16 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Payment system issues  Transaction category “card not present” 4 For all bankcard approaches for Internet  Issues 4 Knowing buyer/merchant authorized 4 Avoiding third-party interception 4 Interchange, assessment, fees 4 Retrievals, chargebacks, etc. Risk management Risk management

17 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Payment system efforts Commercenet www.commerce.net First Virtual Holdings www.fv.com CyberCash www.cybercash.com Open Market www.openmarket.com NetMarket www.netmarket.com Netscape www.netscape.com DigiCash www.digicash.com

18 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Scheme “Clear” ClearingHouse Buyer Merchant 16+4 in the clear! 16+4 Just trust the net... Easy to capture and replay.

19 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Scheme “ID” ClearingHouse Buyer Merchant 16+4 ID ID 16+4 Still Still trust the net, until the next statement... Easy to capture and replay.

20 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Scheme “ID confirm” ClearingHouse Buyer 16+4 ID ID Confirm ID Merchant Each transaction confirmed. Requires mildly safe user account.

21 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Scheme “Secure link” ClearingHouse Buyer Merchant Encrypted16+4 16+4 Same a telephone, but encrypt over Internet. Merchant gets number. Is merchant safe??

22 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Scheme “Mediated” ClearingHouse Buyer Merchant Encrypted16+4 Encrypted16+4 Only banks sees data in clear. Limited points of attack.

23 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b The standards debate Open IP labeling Session Security S-HTTP (sort of) MOSS Proprietary SSL STT PGP (sort of) S/MIME

24 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Freezing out competition  Non-interoperability mine 4 Do it because it’s mine! 4 Customer lock-in through proprietary extensions  Half-hearted integration 4 Specialized protocols for each and every need

25 © 1995 D. Crocker, Brandenburg Consulting b b b b b b b b Is there hope?  Vendor initiatives 4 Market lead  Folded into public standards 4 Open access 4 Open enhancement It all depends on market demand. You are the market; start demanding!

Download ppt "Securing Transactions: Protocols and Politics D. Crocker Brandenberg Consulting +1 408 246 8253 D. Crocker Brandenberg Consulting."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
The Dance of Co-Opetition Dave Crocker Brandenburg Consulting MY: +60 (19) 3299 445 +1 (408) 426 9827

The Dance of Co-Opetition Dave Crocker Brandenburg Consulting MY: +60 (19) (408)
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.

1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
Chapter 8 Web Security.

Chapter 8 Web Security.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.

BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
E-C OMMERCE S ECURITY Presented by SAGAR CHAKRABORTY.

E-C OMMERCE S ECURITY Presented by SAGAR CHAKRABORTY.

Similar presentations

Ads by Google