SlideShare a Scribd company logo

secnet.ppt

Download as PPT, PDF
S
ShahidHussain265137

ghyt

Investor Relations
1 of 40
Secure Web Transactions Sridhar Iyer K R School of Information Technology IIT Bombay sri@it.iitb.ernet.in http://www.it.iitb.ernet.in/~sri
Overview  Electronic Commerce  Underlying Technologies – Cryptography – Network Security Protocols  Electronic Payment Systems – Credit card-based methods – Electronic Cheques – Anonymous payment – Micropayments – SmartCards
Commerce  Commerce: Exchange of Goods / Services  Contracting parties: Buyer and Seller  Fundamental principles: Trust and Security  Intermediaries: • Direct (Distributors, Retailers) • Indirect (Banks, Regulators)  Money is a medium to facilitate transactions  Attributes of money: – Acceptability, Portability, Divisibility – Security, Anonymity – Durability, Interoperability
E-Commerce  Automation of commercial transactions using computer and communication technologies  Facilitated by Internet and WWW  Business-to-Business: EDI  Business-to-Consumer: WWW retailing  Some features: – Easy, global access, 24 hour availability – Customized products and services – Back Office integration – Additional revenue stream
E-Commerce Steps  Attract prospects to your site – Positive online experience – Value over traditional retail  Convert prospect to customer – Provide customized services – Online ordering, billing and payment  Keep them coming back – Online customer service – Offer more products and conveniences Maximize revenue per sale
E-Commerce Participants
E-Commerce Problems Snooper Unreliable Merchant Unknown customer
E-Commerce risks  Customer's risks – Stolen credentials or password – Dishonest merchant – Disputes over transaction – Inappropriate use of transaction details  Merchant’s risk – Forged or copied instruments – Disputed charges – Insufficient funds in customer’s account – Unauthorized redistribution of purchased items  Main issue: Secure payment scheme
Why is the Internet insecure? S S S C C  Host security – Client – Server (multi-user)  Transmission security – Passive sniffing – Active spoofing and masquerading – Denial of service  Active content – Java, Javascript, ActiveX, DCOM A B C Eavesdropping Denial of service A B C Interception A B C Replay/fabrication A B C
E-Commerce Security  Authorization, Access Control: – protect intranet from hordes: Firewalls  Confidentiality, Data Integrity: – protect contents against snoopers: Encryption  Authentication: – both parties prove identity before starting transaction: Digital certificates  Non-repudiation: – proof that the document originated by you & you only: Digital signature
Encryption (shared key) - Sender and receiver agree on a key K - No one else knows K - K is used to derive encryption key EK & decryption key DK - Sender computes and sends EK(Message) - Receiver computes DK(EK(Message)) - Example: DES: Data Encryption Standard m: message k: shared key
Public key encryption · Separate public key pk and private key sk · Private key is kept secret by receiver · Dsk(Epk(mesg)) = mesg and vice versa · Knowing Ke gives no clue about Kd m: message sk: private secret key pk: public key
Digital signature Sign: sign(sk,m) = Dsk(m) Verify: Epk(sign(sk,m)) = m Sign on small hash function to reduce cost
Signed and secret messages sign(sk1, m) Encrypt(pk2) m Decrypt(sk2) Verify-sign Encrypt(pk1) Epk2(Dsk1(m) ) pk1 pk2 First sign, then encrypt: order is important.
Digital certificates Register public key Download public key How to establish authenticity of public key?
Certification authority
Electronic payments: Issues  Secure transfer across internet  High reliability: no single failure point  Atomic transactions  Anonymity of buyer  Economic and computational efficiency: allow micropayments  Flexiblility: across different methods  Scalability in number of servers and users
E-Payments: Secure transfer  SSL: Secure socket layer – below application layer  S-HTTP: Secure HTTP: – On top of http
SSL: Secure Socket Layer  Application protocol independent  Provides connection security as: – Connection is private: Encryption is used after an initial handshake to define secret (symmetric) key – Peer's identity can be authenticated using public (asymmetric) key – Connection is reliable: Message transport includes a message integrity check (hash)  SSL Handshake protocol: – Allows server and client to authenticate each other and negotiate a encryption key
SSL Handshake Protocol  1. Client "Hello": challenge data, cipher specs  2. Server "Hello": connection ID, public key certificate, cipher specs  3. Client "session-key": encrypted with server's public key  4. Client "finish": connection ID signed with client's private key  5. Server "verify": client's challenge data signed with server's private key  6. Server "finish": session ID signed with server's private key  Session IDs and encryption options cached to avoid renegotiation for reconnection
S-HTTP: Secure HTTP  Application level security (HTTP specific)  "Content-Privacy-Domain" header: – Allows use of digital signatures &/ encryption – Various encryption options  Server-Browser negotiate – Property: cryptographic scheme to be used – Value: specific algorithm to be used – Direction: One way/Two way security
Secure end to end protocols
E-Payments: Atomicity  Money atomicity: no creation/destruction of money when transferred  Goods atomicity: no payment w/o goods and viceversa. – Eg: pay on delivery of parcel  Certified delivery: the goods delivered is what was promised: – Open the parcel in front of a trusted 3rd party
Anonymity of purchaser
Payment system types  Credit card-based methods – Credit card over SSL - First Virtual -SET  Electronic Cheques – - NetCheque  Anonymous payments – - Digicash - CAFE  Micropayments  SmartCards
Encrypted credit card payment  Set secure communication channel between buyer and seller  Send credit card number to merchant encrypted using merchant’s public key  Problems: merchant fraud, no customer signature  Ensures money but no goods atomicity  Not suitable for microtransactions
First virtual  Customer assigned virtual PIN by phone  Customer uses PIN to make purchases  Merchant contacts First virtual  First virtual send email to customer  If customer confirms, payment made to merchant  Not goods atomic since customer can refuse to pay  Not suitable for small transactions  Flood customer’s mailbox, delay merchant
Cybercash  Customer opens account with cybercash, gives credit card number and gets a PIN  Special software on customer side sends PIN, signature, transaction amount to merchant  Merchant forwards to cybercash server that completes credit card transaction  Pros: credit card # not shown to server, fast  Cons: not for microtransactions
SET:Secure Electronic Transactions  Merge of STT, SEPP, iKP  Secure credit card based protocol  Common structure: – Customer digitally signs a purchase along with price and encrypts in bank’s public key – Merchant submits a sales request with price to bank. – Bank compares purchase and sales request. If price match, bank authorizes sales  Avoids merchant fraud, ensures money but no goods atomicity
Electronic Cheques  Leverages the check payments system, a core competency of the banking industry.  Fits within current business practices  Works like a paper check does but in pure electronic form, with fewer manual steps.  Can be used by all bank customers who have checking accounts  Different from Electronic fund transfers
How does echeck work?  Exactly same way as paper  Check writer "writes" the echeck using one of many types of electronic devices  ”Gives" the echeck to the payee electronically.  Payee "deposits" echeck, receives credit,  Payee's bank "clears" the echeck to the paying bank.  Paying bank validates the echeck and "charges" the check writer's account for the check.
Anonymous payments 1. Withdraw money: cyrpographically encoded tokens 2. Transform so merchant can check validity but identity hidden 3. Send token after adding merchant’s identity 4. Check validity and send goods 5. Deposit token at bank. If double spent reveal identity and notify police customer merchant
Problems with the protocol  Not money atomic: if crash after 3, money lost – if money actually sent to merchant: returning to bank will alert police – if money not sent: not sending will lead to loss  High cost of cryptographic transformations: not suitable for micropayments  Examples: Digicash
Micropayments on hyperlinks  HTML extended to have pricing details with each link: displayed when user around the link  On clicking, browser talks to E-Wallet that initiates payment to webserver of the source site  Payment for content providers  Attempt to reduce overhead per transaction
Micropayments: NetBill  Customer & merchant have account with NetBill server  Protocol: – Customer request quote from merchant, gets quote and accepts – Merchant sends goods encrypted by key K – Customer prepares & signs Electronic Purchase Order having <price, crypto-checksum of goods> – Merchant countersigns EPO, signs K and sends both to NetBill server – NetBill verifies signatures and transfers funds, stores K and crypto-checksum and – NetBill sends receipt to merchant and K to customer
Recent micropayment systems Company Payment system Unique code Compaq Millicent mcent IBM IBM payment system mpay France Telecom Micrommerce microm
Smartcards  8-bit micro, < 5MHz, < 2k RAM, 20k ROM  Download electronic money on a card: wallet on a card  Efficient, secure, paperless, intuitive and speedy  Real and virtual stores accept them  Less susceptible to net attacks since disconnected  Has other uses spanning many industries, from banking to health care
Mondex  Smart card based sales and card to card transfers  Money is secured through a password and transactions are logged on the card  Other operation and features similar to traditional debit cards  Card signs transaction: so no anonymity  Need card reader everywhere  Available only in prototypes
Summary  Various protocols and software infrastructure for ecommerce  Today: credit card over SSL or S-HTTP  Getting there: – smart cards, – digital certificates  Need: – legal base for the entire ecommerce business – global market place for ecommerce
References  State of the art in electronic payment systems, IEEE COMPUTER 30/9 (1997) 28-35  Internet privacy - The quest for anonymity, Communications of the ACM 42/2 (1999) 28-60.  Hyper links: – http://www.javasoft.com/products/commerce/ – http://www.semper.org/ – http://www.echeck.org/ – http://nii-server.isi.edu/info/NetCheque/ – http://www.ec-europe.org/Welcome.html/ – http://www.zdnet.com/icom/e-business/

Recommended

Secnet
SecnetSecnet
SecnetSuman Madan
 
Secnet
SecnetSecnet
Secnetarjun roy
 
Secure Web Transaction
Secure Web TransactionSecure Web Transaction
Secure Web Transactionvikisharma24
 
Secure electronic transaction ppt
Secure electronic transaction pptSecure electronic transaction ppt
Secure electronic transaction pptSubhash Gupta
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SETRamesh Ogania
 
E commerce
E commerceE commerce
E commerceHimadri Shekhar
 
Ch 2
Ch 2Ch 2
Ch 2Muhammad Hijab
 
Final eb ch 09 encryption and e payments modes (2)
Final eb ch 09 encryption and e payments modes (2)Final eb ch 09 encryption and e payments modes (2)
Final eb ch 09 encryption and e payments modes (2)azmatmengal
 

Recommended

Secnet
SecnetSecnet
SecnetSuman Madan
 
Secnet
SecnetSecnet
Secnetarjun roy
 
Secure Web Transaction
Secure Web TransactionSecure Web Transaction
Secure Web Transactionvikisharma24
 
Secure electronic transaction ppt
Secure electronic transaction pptSecure electronic transaction ppt
Secure electronic transaction pptSubhash Gupta
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SETRamesh Ogania
 
E commerce
E commerceE commerce
E commerceHimadri Shekhar
 
Ch 2
Ch 2Ch 2
Ch 2Muhammad Hijab
 
Final eb ch 09 encryption and e payments modes (2)
Final eb ch 09 encryption and e payments modes (2)Final eb ch 09 encryption and e payments modes (2)
Final eb ch 09 encryption and e payments modes (2)azmatmengal
 
Online payment system
Online payment systemOnline payment system
Online payment systemmyangel27
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment systempankhadi
 
E-Business security
E-Business security E-Business security
E-Business security Surendhranatha Reddy
 
SET (1).ppt
SET (1).pptSET (1).ppt
SET (1).pptchandrakaren21
 
Ecommerce 27-1.pptx
Ecommerce 27-1.pptxEcommerce 27-1.pptx
Ecommerce 27-1.pptxAkash588342
 
Class 13
Class 13Class 13
Class 13Dr. Ajith Sundaram
 
Electronic Payment Systems Shortened
Electronic Payment Systems ShortenedElectronic Payment Systems Shortened
Electronic Payment Systems ShortenedRitesh Verma
 
Payment systems for electronic commerce
Payment systems for electronic commercePayment systems for electronic commerce
Payment systems for electronic commerceNishant Pahad
 
S.m.o.k.e. technologies
S.m.o.k.e. technologiesS.m.o.k.e. technologies
S.m.o.k.e. technologiesshub99
 
Digital signature and adv payment gateway
Digital signature and adv payment gatewayDigital signature and adv payment gateway
Digital signature and adv payment gatewayKartik Kalpande Patil
 
Electronic payment by ahmad
Electronic payment by ahmadElectronic payment by ahmad
Electronic payment by ahmadMohd. Ahmad Siddiqi
 
E Payment
E PaymentE Payment
E PaymentAnkit Saxena
 
electronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfelectronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfUjwalReddyPB
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
E-BUSINESS in INDIAN PERSPECTIVE
E-BUSINESS in INDIAN PERSPECTIVEE-BUSINESS in INDIAN PERSPECTIVE
E-BUSINESS in INDIAN PERSPECTIVEDr. Abzal Basha H S
 
Adrian Nextel Pki Wireless
Adrian Nextel Pki WirelessAdrian Nextel Pki Wireless
Adrian Nextel Pki WirelessAdrian Levinson
 
Paper id 2320146
Paper id 2320146Paper id 2320146
Paper id 2320146IJRAT
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)Omar Ghazi
 
Payment card security By Hitesh Asnani SVIT
Payment card security By Hitesh Asnani SVITPayment card security By Hitesh Asnani SVIT
Payment card security By Hitesh Asnani SVIThiteshasnani94
 
Transform Your Financial System with Crypto Payment Gateway Solutions
Transform Your Financial System with Crypto Payment Gateway SolutionsTransform Your Financial System with Crypto Payment Gateway Solutions
Transform Your Financial System with Crypto Payment Gateway Solutionsrichardaustin1595
 
chap1 with questions hjh khtkgddhi tru.ppt
chap1 with questions hjh khtkgddhi tru.pptchap1 with questions hjh khtkgddhi tru.ppt
chap1 with questions hjh khtkgddhi tru.pptShahidHussain265137
 
boone14ech08studentppt-120509174226-phpapp02.pptx
boone14ech08studentppt-120509174226-phpapp02.pptxboone14ech08studentppt-120509174226-phpapp02.pptx
boone14ech08studentppt-120509174226-phpapp02.pptxShahidHussain265137
 

More Related Content

Similar to secnet.ppt

Online payment system
Online payment systemOnline payment system
Online payment systemmyangel27
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment systempankhadi
 
Ecommerce 27-1.pptx
Ecommerce 27-1.pptxEcommerce 27-1.pptx
Ecommerce 27-1.pptxAkash588342
 
Electronic Payment Systems Shortened
Electronic Payment Systems ShortenedElectronic Payment Systems Shortened
Electronic Payment Systems ShortenedRitesh Verma
 
Payment systems for electronic commerce
Payment systems for electronic commercePayment systems for electronic commerce
Payment systems for electronic commerceNishant Pahad
 
S.m.o.k.e. technologies
S.m.o.k.e. technologiesS.m.o.k.e. technologies
S.m.o.k.e. technologiesshub99
 
Digital signature and adv payment gateway
Digital signature and adv payment gatewayDigital signature and adv payment gateway
Digital signature and adv payment gatewayKartik Kalpande Patil
 
electronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfelectronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfUjwalReddyPB
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
E-BUSINESS in INDIAN PERSPECTIVE
E-BUSINESS in INDIAN PERSPECTIVEE-BUSINESS in INDIAN PERSPECTIVE
E-BUSINESS in INDIAN PERSPECTIVEDr. Abzal Basha H S
 
Adrian Nextel Pki Wireless
Adrian Nextel Pki WirelessAdrian Nextel Pki Wireless
Adrian Nextel Pki WirelessAdrian Levinson
 
Paper id 2320146
Paper id 2320146Paper id 2320146
Paper id 2320146IJRAT
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)Omar Ghazi
 
Payment card security By Hitesh Asnani SVIT
Payment card security By Hitesh Asnani SVITPayment card security By Hitesh Asnani SVIT
Payment card security By Hitesh Asnani SVIThiteshasnani94
 
Transform Your Financial System with Crypto Payment Gateway Solutions
Transform Your Financial System with Crypto Payment Gateway SolutionsTransform Your Financial System with Crypto Payment Gateway Solutions
Transform Your Financial System with Crypto Payment Gateway Solutionsrichardaustin1595
 

Similar to secnet.ppt (20)

Online payment system
Online payment systemOnline payment system
Online payment system
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
 
E-Business security
E-Business security E-Business security
E-Business security
 
SET (1).ppt
SET (1).pptSET (1).ppt
SET (1).ppt
 
Ecommerce 27-1.pptx
Ecommerce 27-1.pptxEcommerce 27-1.pptx
Ecommerce 27-1.pptx
 
Class 13
Class 13Class 13
Class 13
 
Electronic Payment Systems Shortened
Electronic Payment Systems ShortenedElectronic Payment Systems Shortened
Electronic Payment Systems Shortened
 
Payment systems for electronic commerce
Payment systems for electronic commercePayment systems for electronic commerce
Payment systems for electronic commerce
 
S.m.o.k.e. technologies
S.m.o.k.e. technologiesS.m.o.k.e. technologies
S.m.o.k.e. technologies
 
Digital signature and adv payment gateway
Digital signature and adv payment gatewayDigital signature and adv payment gateway
Digital signature and adv payment gateway
 
Electronic payment by ahmad
Electronic payment by ahmadElectronic payment by ahmad
Electronic payment by ahmad
 
E Payment
E PaymentE Payment
E Payment
 
electronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfelectronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdf
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
 
E-BUSINESS in INDIAN PERSPECTIVE
E-BUSINESS in INDIAN PERSPECTIVEE-BUSINESS in INDIAN PERSPECTIVE
E-BUSINESS in INDIAN PERSPECTIVE
 
Adrian Nextel Pki Wireless
Adrian Nextel Pki WirelessAdrian Nextel Pki Wireless
Adrian Nextel Pki Wireless
 
Paper id 2320146
Paper id 2320146Paper id 2320146
Paper id 2320146
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)
 
Payment card security By Hitesh Asnani SVIT
Payment card security By Hitesh Asnani SVITPayment card security By Hitesh Asnani SVIT
Payment card security By Hitesh Asnani SVIT
 
Transform Your Financial System with Crypto Payment Gateway Solutions
Transform Your Financial System with Crypto Payment Gateway SolutionsTransform Your Financial System with Crypto Payment Gateway Solutions
Transform Your Financial System with Crypto Payment Gateway Solutions
 

More from ShahidHussain265137

chap1 with questions hjh khtkgddhi tru.ppt
chap1 with questions hjh khtkgddhi tru.pptchap1 with questions hjh khtkgddhi tru.ppt
chap1 with questions hjh khtkgddhi tru.pptShahidHussain265137
 
boone14ech08studentppt-120509174226-phpapp02.pptx
boone14ech08studentppt-120509174226-phpapp02.pptxboone14ech08studentppt-120509174226-phpapp02.pptx
boone14ech08studentppt-120509174226-phpapp02.pptxShahidHussain265137
 
chap2 kjklldfujr9oergklkjuytdsert6y789oiuhgfcfghjhvb
chap2 kjklldfujr9oergklkjuytdsert6y789oiuhgfcfghjhvbchap2 kjklldfujr9oergklkjuytdsert6y789oiuhgfcfghjhvb
chap2 kjklldfujr9oergklkjuytdsert6y789oiuhgfcfghjhvbShahidHussain265137
 
815cf6bd-9b11-47ea-a18e-8bafa00d2f60.ppt
815cf6bd-9b11-47ea-a18e-8bafa00d2f60.ppt815cf6bd-9b11-47ea-a18e-8bafa00d2f60.ppt
815cf6bd-9b11-47ea-a18e-8bafa00d2f60.pptShahidHussain265137
 
PhD Dissertation by Slidesgo.pptx
PhD Dissertation by Slidesgo.pptxPhD Dissertation by Slidesgo.pptx
PhD Dissertation by Slidesgo.pptxShahidHussain265137
 
Concept-of-Tourism-Geography.ppt
Concept-of-Tourism-Geography.pptConcept-of-Tourism-Geography.ppt
Concept-of-Tourism-Geography.pptShahidHussain265137
 

More from ShahidHussain265137 (20)

chap1 with questions hjh khtkgddhi tru.ppt
chap1 with questions hjh khtkgddhi tru.pptchap1 with questions hjh khtkgddhi tru.ppt
chap1 with questions hjh khtkgddhi tru.ppt
 
boone14ech08studentppt-120509174226-phpapp02.pptx
boone14ech08studentppt-120509174226-phpapp02.pptxboone14ech08studentppt-120509174226-phpapp02.pptx
boone14ech08studentppt-120509174226-phpapp02.pptx
 
chap2 kjklldfujr9oergklkjuytdsert6y789oiuhgfcfghjhvb
chap2 kjklldfujr9oergklkjuytdsert6y789oiuhgfcfghjhvbchap2 kjklldfujr9oergklkjuytdsert6y789oiuhgfcfghjhvb
chap2 kjklldfujr9oergklkjuytdsert6y789oiuhgfcfghjhvb
 
chap_1_powerpoint.ppt
chap_1_powerpoint.pptchap_1_powerpoint.ppt
chap_1_powerpoint.ppt
 
chapter 9 classroom ppt.ppt
chapter 9 classroom ppt.pptchapter 9 classroom ppt.ppt
chapter 9 classroom ppt.ppt
 
Poverty - Vivi.pptx
Poverty - Vivi.pptxPoverty - Vivi.pptx
Poverty - Vivi.pptx
 
815cf6bd-9b11-47ea-a18e-8bafa00d2f60.ppt
815cf6bd-9b11-47ea-a18e-8bafa00d2f60.ppt815cf6bd-9b11-47ea-a18e-8bafa00d2f60.ppt
815cf6bd-9b11-47ea-a18e-8bafa00d2f60.ppt
 
mishkin_econ12ege_ch09.pptx
mishkin_econ12ege_ch09.pptxmishkin_econ12ege_ch09.pptx
mishkin_econ12ege_ch09.pptx
 
mishkin_econ12ege_ch08.pptx
mishkin_econ12ege_ch08.pptxmishkin_econ12ege_ch08.pptx
mishkin_econ12ege_ch08.pptx
 
mishkin_econ12ege_ch04.pptx
mishkin_econ12ege_ch04.pptxmishkin_econ12ege_ch04.pptx
mishkin_econ12ege_ch04.pptx
 
ch11_mish11ge_embfm.ppt
ch11_mish11ge_embfm.pptch11_mish11ge_embfm.ppt
ch11_mish11ge_embfm.ppt
 
mishkin_embfm12ege_ch03.pptx
mishkin_embfm12ege_ch03.pptxmishkin_embfm12ege_ch03.pptx
mishkin_embfm12ege_ch03.pptx
 
mishkin_econ12ege_ch06.pptx
mishkin_econ12ege_ch06.pptxmishkin_econ12ege_ch06.pptx
mishkin_econ12ege_ch06.pptx
 
mishkin_embfm12ege_ch23.pptx
mishkin_embfm12ege_ch23.pptxmishkin_embfm12ege_ch23.pptx
mishkin_embfm12ege_ch23.pptx
 
PhD Dissertation by Slidesgo.pptx
PhD Dissertation by Slidesgo.pptxPhD Dissertation by Slidesgo.pptx
PhD Dissertation by Slidesgo.pptx
 
W2_Lecture.pptx
W2_Lecture.pptxW2_Lecture.pptx
W2_Lecture.pptx
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptx
 
prem_ppt_ch18.ppt
prem_ppt_ch18.pptprem_ppt_ch18.ppt
prem_ppt_ch18.ppt
 
Concept-of-Tourism-Geography.ppt
Concept-of-Tourism-Geography.pptConcept-of-Tourism-Geography.ppt
Concept-of-Tourism-Geography.ppt
 
ch03.ppt
ch03.pptch03.ppt
ch03.ppt
 

Recently uploaded

VIP 7001035870 Find & Meet Hyderabad Call Girls Shamirpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Shamirpet high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Shamirpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Shamirpet high-profile Call Girladitipandeya
 
Call Girls In Amritsar 💯Call Us 🔝 76967 34778🔝 💃 Independent Escort In Amritsar
Call Girls In Amritsar 💯Call Us 🔝 76967 34778🔝 💃 Independent Escort In AmritsarCall Girls In Amritsar 💯Call Us 🔝 76967 34778🔝 💃 Independent Escort In Amritsar
Call Girls In Amritsar 💯Call Us 🔝 76967 34778🔝 💃 Independent Escort In Amritsaronly4webmaster01
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Abids high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Abids high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Abids high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Abids high-profile Call Girladitipandeya
 
OKC Thunder Reveal Game 2 Playoff T Shirts
OKC Thunder Reveal Game 2 Playoff T ShirtsOKC Thunder Reveal Game 2 Playoff T Shirts
OKC Thunder Reveal Game 2 Playoff T Shirtsrahman018755
 
Malad Escorts, (Pooja 09892124323), Malad Call Girls Service
Malad Escorts, (Pooja 09892124323), Malad Call Girls ServiceMalad Escorts, (Pooja 09892124323), Malad Call Girls Service
Malad Escorts, (Pooja 09892124323), Malad Call Girls ServicePooja Nehwal
 
VIP Amritsar Call Girl 7001035870 Enjoy Call Girls With Our Escorts
VIP Amritsar Call Girl 7001035870 Enjoy Call Girls With Our EscortsVIP Amritsar Call Girl 7001035870 Enjoy Call Girls With Our Escorts
VIP Amritsar Call Girl 7001035870 Enjoy Call Girls With Our Escortssonatiwari757
 
VIP Kolkata Call Girl Rishra 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rishra 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rishra 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rishra 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Kolkata Call Girl Entally 👉 8250192130 Available With Room
VIP Kolkata Call Girl Entally 👉 8250192130 Available With RoomVIP Kolkata Call Girl Entally 👉 8250192130 Available With Room
VIP Kolkata Call Girl Entally 👉 8250192130 Available With Roomdivyansh0kumar0
 
CALL ON ➥8923113531 🔝Call Girls Fazullaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Fazullaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Fazullaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Fazullaganj Lucknow best sexual serviceanilsa9823
 
VIP Kolkata Call Girls Bidhannagar 8250192130 Available With Room
VIP Kolkata Call Girls Bidhannagar 8250192130 Available With RoomVIP Kolkata Call Girls Bidhannagar 8250192130 Available With Room
VIP Kolkata Call Girls Bidhannagar 8250192130 Available With Roomrran7532
 
Teck Investor Presentation, April 24, 2024
Teck Investor Presentation, April 24, 2024Teck Investor Presentation, April 24, 2024
Teck Investor Presentation, April 24, 2024TeckResourcesLtd
 
slideshare Call girls Noida Escorts 9999965857 henakhan
slideshare Call girls Noida Escorts 9999965857 henakhanslideshare Call girls Noida Escorts 9999965857 henakhan
slideshare Call girls Noida Escorts 9999965857 henakhanhanshkumar9870
 
Russian Call Girls Kolkata Indira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Indira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls Kolkata Indira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Indira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Cyberagent_For New Investors_EN_240424.pdf
Cyberagent_For New Investors_EN_240424.pdfCyberagent_For New Investors_EN_240424.pdf
Cyberagent_For New Investors_EN_240424.pdfCyberAgent, Inc.
 

Recently uploaded (20)

VIP 7001035870 Find & Meet Hyderabad Call Girls Shamirpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Shamirpet high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Shamirpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Shamirpet high-profile Call Girl
 
Call Girls In Amritsar 💯Call Us 🔝 76967 34778🔝 💃 Independent Escort In Amritsar
Call Girls In Amritsar 💯Call Us 🔝 76967 34778🔝 💃 Independent Escort In AmritsarCall Girls In Amritsar 💯Call Us 🔝 76967 34778🔝 💃 Independent Escort In Amritsar
Call Girls In Amritsar 💯Call Us 🔝 76967 34778🔝 💃 Independent Escort In Amritsar
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Abids high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Abids high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Abids high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Abids high-profile Call Girl
 
OKC Thunder Reveal Game 2 Playoff T Shirts
OKC Thunder Reveal Game 2 Playoff T ShirtsOKC Thunder Reveal Game 2 Playoff T Shirts
OKC Thunder Reveal Game 2 Playoff T Shirts
 
Vip Call Girls Vasant Kunj ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Vasant Kunj ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Vasant Kunj ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Vasant Kunj ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
(👉゚9999965857 ゚)👉 VIP Call Girls Greater Noida 👉 Delhi 👈 : 9999 Cash Payment...
(👉゚9999965857 ゚)👉 VIP Call Girls Greater Noida 👉 Delhi 👈 : 9999 Cash Payment...(👉゚9999965857 ゚)👉 VIP Call Girls Greater Noida 👉 Delhi 👈 : 9999 Cash Payment...
(👉゚9999965857 ゚)👉 VIP Call Girls Greater Noida 👉 Delhi 👈 : 9999 Cash Payment...
 
Model Call Girl in Uttam Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Uttam Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Uttam Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Uttam Nagar Delhi reach out to us at 🔝9953056974🔝
 
Malad Escorts, (Pooja 09892124323), Malad Call Girls Service
Malad Escorts, (Pooja 09892124323), Malad Call Girls ServiceMalad Escorts, (Pooja 09892124323), Malad Call Girls Service
Malad Escorts, (Pooja 09892124323), Malad Call Girls Service
 
VIP Amritsar Call Girl 7001035870 Enjoy Call Girls With Our Escorts
VIP Amritsar Call Girl 7001035870 Enjoy Call Girls With Our EscortsVIP Amritsar Call Girl 7001035870 Enjoy Call Girls With Our Escorts
VIP Amritsar Call Girl 7001035870 Enjoy Call Girls With Our Escorts
 
VIP Kolkata Call Girl Rishra 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rishra 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rishra 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rishra 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Entally 👉 8250192130 Available With Room
VIP Kolkata Call Girl Entally 👉 8250192130 Available With RoomVIP Kolkata Call Girl Entally 👉 8250192130 Available With Room
VIP Kolkata Call Girl Entally 👉 8250192130 Available With Room
 
CALL ON ➥8923113531 🔝Call Girls Fazullaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Fazullaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Fazullaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Fazullaganj Lucknow best sexual service
 
VIP Kolkata Call Girls Bidhannagar 8250192130 Available With Room
VIP Kolkata Call Girls Bidhannagar 8250192130 Available With RoomVIP Kolkata Call Girls Bidhannagar 8250192130 Available With Room
VIP Kolkata Call Girls Bidhannagar 8250192130 Available With Room
 
Rohini Sector 17 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 17 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 17 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 17 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Teck Investor Presentation, April 24, 2024
Teck Investor Presentation, April 24, 2024Teck Investor Presentation, April 24, 2024
Teck Investor Presentation, April 24, 2024
 
Escort Service Call Girls In Shalimar Bagh, 99530°56974 Delhi NCR
Escort Service Call Girls In Shalimar Bagh, 99530°56974 Delhi NCREscort Service Call Girls In Shalimar Bagh, 99530°56974 Delhi NCR
Escort Service Call Girls In Shalimar Bagh, 99530°56974 Delhi NCR
 
slideshare Call girls Noida Escorts 9999965857 henakhan
slideshare Call girls Noida Escorts 9999965857 henakhanslideshare Call girls Noida Escorts 9999965857 henakhan
slideshare Call girls Noida Escorts 9999965857 henakhan
 
Russian Call Girls Kolkata Indira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Indira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls Kolkata Indira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Indira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Cyberagent_For New Investors_EN_240424.pdf
Cyberagent_For New Investors_EN_240424.pdfCyberagent_For New Investors_EN_240424.pdf
Cyberagent_For New Investors_EN_240424.pdf
 
Call Girls 🫤 Mahipalpur ➡️ 9999965857 ➡️ Delhi 🫦 Russian Escorts FULL ENJOY
Call Girls 🫤 Mahipalpur ➡️ 9999965857 ➡️ Delhi 🫦 Russian Escorts FULL ENJOYCall Girls 🫤 Mahipalpur ➡️ 9999965857 ➡️ Delhi 🫦 Russian Escorts FULL ENJOY
Call Girls 🫤 Mahipalpur ➡️ 9999965857 ➡️ Delhi 🫦 Russian Escorts FULL ENJOY
 

secnet.ppt

  • 1. Secure Web Transactions Sridhar Iyer K R School of Information Technology IIT Bombay sri@it.iitb.ernet.in http://www.it.iitb.ernet.in/~sri
  • 2. Overview  Electronic Commerce  Underlying Technologies – Cryptography – Network Security Protocols  Electronic Payment Systems – Credit card-based methods – Electronic Cheques – Anonymous payment – Micropayments – SmartCards
  • 3. Commerce  Commerce: Exchange of Goods / Services  Contracting parties: Buyer and Seller  Fundamental principles: Trust and Security  Intermediaries: • Direct (Distributors, Retailers) • Indirect (Banks, Regulators)  Money is a medium to facilitate transactions  Attributes of money: – Acceptability, Portability, Divisibility – Security, Anonymity – Durability, Interoperability
  • 4. E-Commerce  Automation of commercial transactions using computer and communication technologies  Facilitated by Internet and WWW  Business-to-Business: EDI  Business-to-Consumer: WWW retailing  Some features: – Easy, global access, 24 hour availability – Customized products and services – Back Office integration – Additional revenue stream
  • 5. E-Commerce Steps  Attract prospects to your site – Positive online experience – Value over traditional retail  Convert prospect to customer – Provide customized services – Online ordering, billing and payment  Keep them coming back – Online customer service – Offer more products and conveniences Maximize revenue per sale
  • 8. E-Commerce risks  Customer's risks – Stolen credentials or password – Dishonest merchant – Disputes over transaction – Inappropriate use of transaction details  Merchant’s risk – Forged or copied instruments – Disputed charges – Insufficient funds in customer’s account – Unauthorized redistribution of purchased items  Main issue: Secure payment scheme
  • 9. Why is the Internet insecure? S S S C C  Host security – Client – Server (multi-user)  Transmission security – Passive sniffing – Active spoofing and masquerading – Denial of service  Active content – Java, Javascript, ActiveX, DCOM A B C Eavesdropping Denial of service A B C Interception A B C Replay/fabrication A B C
  • 10. E-Commerce Security  Authorization, Access Control: – protect intranet from hordes: Firewalls  Confidentiality, Data Integrity: – protect contents against snoopers: Encryption  Authentication: – both parties prove identity before starting transaction: Digital certificates  Non-repudiation: – proof that the document originated by you & you only: Digital signature
  • 11. Encryption (shared key) - Sender and receiver agree on a key K - No one else knows K - K is used to derive encryption key EK & decryption key DK - Sender computes and sends EK(Message) - Receiver computes DK(EK(Message)) - Example: DES: Data Encryption Standard m: message k: shared key
  • 12. Public key encryption · Separate public key pk and private key sk · Private key is kept secret by receiver · Dsk(Epk(mesg)) = mesg and vice versa · Knowing Ke gives no clue about Kd m: message sk: private secret key pk: public key
  • 13. Digital signature Sign: sign(sk,m) = Dsk(m) Verify: Epk(sign(sk,m)) = m Sign on small hash function to reduce cost
  • 14. Signed and secret messages sign(sk1, m) Encrypt(pk2) m Decrypt(sk2) Verify-sign Encrypt(pk1) Epk2(Dsk1(m) ) pk1 pk2 First sign, then encrypt: order is important.
  • 15. Digital certificates Register public key Download public key How to establish authenticity of public key?
  • 17. Electronic payments: Issues  Secure transfer across internet  High reliability: no single failure point  Atomic transactions  Anonymity of buyer  Economic and computational efficiency: allow micropayments  Flexiblility: across different methods  Scalability in number of servers and users
  • 18. E-Payments: Secure transfer  SSL: Secure socket layer – below application layer  S-HTTP: Secure HTTP: – On top of http
  • 19. SSL: Secure Socket Layer  Application protocol independent  Provides connection security as: – Connection is private: Encryption is used after an initial handshake to define secret (symmetric) key – Peer's identity can be authenticated using public (asymmetric) key – Connection is reliable: Message transport includes a message integrity check (hash)  SSL Handshake protocol: – Allows server and client to authenticate each other and negotiate a encryption key
  • 20. SSL Handshake Protocol  1. Client "Hello": challenge data, cipher specs  2. Server "Hello": connection ID, public key certificate, cipher specs  3. Client "session-key": encrypted with server's public key  4. Client "finish": connection ID signed with client's private key  5. Server "verify": client's challenge data signed with server's private key  6. Server "finish": session ID signed with server's private key  Session IDs and encryption options cached to avoid renegotiation for reconnection
  • 21. S-HTTP: Secure HTTP  Application level security (HTTP specific)  "Content-Privacy-Domain" header: – Allows use of digital signatures &/ encryption – Various encryption options  Server-Browser negotiate – Property: cryptographic scheme to be used – Value: specific algorithm to be used – Direction: One way/Two way security
  • 22. Secure end to end protocols
  • 23. E-Payments: Atomicity  Money atomicity: no creation/destruction of money when transferred  Goods atomicity: no payment w/o goods and viceversa. – Eg: pay on delivery of parcel  Certified delivery: the goods delivered is what was promised: – Open the parcel in front of a trusted 3rd party
  • 25. Payment system types  Credit card-based methods – Credit card over SSL - First Virtual -SET  Electronic Cheques – - NetCheque  Anonymous payments – - Digicash - CAFE  Micropayments  SmartCards
  • 26. Encrypted credit card payment  Set secure communication channel between buyer and seller  Send credit card number to merchant encrypted using merchant’s public key  Problems: merchant fraud, no customer signature  Ensures money but no goods atomicity  Not suitable for microtransactions
  • 27. First virtual  Customer assigned virtual PIN by phone  Customer uses PIN to make purchases  Merchant contacts First virtual  First virtual send email to customer  If customer confirms, payment made to merchant  Not goods atomic since customer can refuse to pay  Not suitable for small transactions  Flood customer’s mailbox, delay merchant
  • 28. Cybercash  Customer opens account with cybercash, gives credit card number and gets a PIN  Special software on customer side sends PIN, signature, transaction amount to merchant  Merchant forwards to cybercash server that completes credit card transaction  Pros: credit card # not shown to server, fast  Cons: not for microtransactions
  • 29. SET:Secure Electronic Transactions  Merge of STT, SEPP, iKP  Secure credit card based protocol  Common structure: – Customer digitally signs a purchase along with price and encrypts in bank’s public key – Merchant submits a sales request with price to bank. – Bank compares purchase and sales request. If price match, bank authorizes sales  Avoids merchant fraud, ensures money but no goods atomicity
  • 30. Electronic Cheques  Leverages the check payments system, a core competency of the banking industry.  Fits within current business practices  Works like a paper check does but in pure electronic form, with fewer manual steps.  Can be used by all bank customers who have checking accounts  Different from Electronic fund transfers
  • 31. How does echeck work?  Exactly same way as paper  Check writer "writes" the echeck using one of many types of electronic devices  ”Gives" the echeck to the payee electronically.  Payee "deposits" echeck, receives credit,  Payee's bank "clears" the echeck to the paying bank.  Paying bank validates the echeck and "charges" the check writer's account for the check.
  • 32. Anonymous payments 1. Withdraw money: cyrpographically encoded tokens 2. Transform so merchant can check validity but identity hidden 3. Send token after adding merchant’s identity 4. Check validity and send goods 5. Deposit token at bank. If double spent reveal identity and notify police customer merchant
  • 33. Problems with the protocol  Not money atomic: if crash after 3, money lost – if money actually sent to merchant: returning to bank will alert police – if money not sent: not sending will lead to loss  High cost of cryptographic transformations: not suitable for micropayments  Examples: Digicash
  • 34. Micropayments on hyperlinks  HTML extended to have pricing details with each link: displayed when user around the link  On clicking, browser talks to E-Wallet that initiates payment to webserver of the source site  Payment for content providers  Attempt to reduce overhead per transaction
  • 35. Micropayments: NetBill  Customer & merchant have account with NetBill server  Protocol: – Customer request quote from merchant, gets quote and accepts – Merchant sends goods encrypted by key K – Customer prepares & signs Electronic Purchase Order having <price, crypto-checksum of goods> – Merchant countersigns EPO, signs K and sends both to NetBill server – NetBill verifies signatures and transfers funds, stores K and crypto-checksum and – NetBill sends receipt to merchant and K to customer
  • 36. Recent micropayment systems Company Payment system Unique code Compaq Millicent mcent IBM IBM payment system mpay France Telecom Micrommerce microm
  • 37. Smartcards  8-bit micro, < 5MHz, < 2k RAM, 20k ROM  Download electronic money on a card: wallet on a card  Efficient, secure, paperless, intuitive and speedy  Real and virtual stores accept them  Less susceptible to net attacks since disconnected  Has other uses spanning many industries, from banking to health care
  • 38. Mondex  Smart card based sales and card to card transfers  Money is secured through a password and transactions are logged on the card  Other operation and features similar to traditional debit cards  Card signs transaction: so no anonymity  Need card reader everywhere  Available only in prototypes
  • 39. Summary  Various protocols and software infrastructure for ecommerce  Today: credit card over SSL or S-HTTP  Getting there: – smart cards, – digital certificates  Need: – legal base for the entire ecommerce business – global market place for ecommerce
  • 40. References  State of the art in electronic payment systems, IEEE COMPUTER 30/9 (1997) 28-35  Internet privacy - The quest for anonymity, Communications of the ACM 42/2 (1999) 28-60.  Hyper links: – http://www.javasoft.com/products/commerce/ – http://www.semper.org/ – http://www.echeck.org/ – http://nii-server.isi.edu/info/NetCheque/ – http://www.ec-europe.org/Welcome.html/ – http://www.zdnet.com/icom/e-business/