SlideShare a Scribd company logo

A proof of concept implementation of a secure e-commerce authentication scheme

Andreas Ruppen
Andreas Ruppen

Presentation of the paper "A PROOF OF CONCEPT IMPLEMENTATION OF A SECURE E-COMMERCE AUTHENTICATION SCHEME" at ISSA, Johannesburg in 2009

Internet
1 of 8
Download to read offline
A proof of concept implementation of a secure e-commerce authentication scheme C. Latze1, A. Ruppen1, U. Ultes-Nitsche1 1University of Fribourg Faculty of Science Departement of Informatics TNS ISSA Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 1 / 17 Structure 1 Introduction 2 Stronger authentication TPM based solutions Mobile Cell Phone based solutions 3 Conclusion Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 2 / 17
Introduction Inroduction Motivation E-commerce application are gaining popularity. Users are not aware of the security risks. Protecting the users from attacks like phishing, pharming or man-in-the-middle is of main importance in online business. However The solution should be simple for the user. The solution should really increase the security. The solution should have a low cost : for the customer and also for the e-commerce provider Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 4 / 17 Introduction Making e-commerce applications more secure What can be considered as secure ? The root of trust Software is not really trustworthy ? So where can we define the ”Root of Trust” ? The only remaining solution is hardware. This can either be some hardware bound to the computer or some hardware bound to the e-commerce application. Computer bound hardware might be the Trusted Platform Module (TPM). Application bound hardware might be a mobile cell phone. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 5 / 17
Introduction Implied hardware Trusted Platform Module (TPM) A TPM is a small trusted chip, build into most of the computers build today. It has been specified by the Trusted Computing Group (TCG). It provides secure storage for keys and hashes and some basic cryptographic functions. It is the root of trust. Mobile phone Enhanced SIM cards like those from SanDisk. Multimedia cards from Gemalto. One-Time-Passwords (OTP) sent by SMS. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 6 / 17 Stronger authentication Architecture PHP C MySQL Gammu C TPM Mobile Phone BrowserClient Server Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 8 / 17
Stronger authentication TPM based solutions Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 9 / 17 Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. 2009-07-06 secure e-commerce authentication Stronger authentication TPM based solutions Solutions • Successor of the Trusted Computing Platform Alliance. • Founded in 2007. • Counts actually 170 members around the world. • Has developed multiple specifications in the trusted computing domain, including specifications for – servers, – storage, – clients and – mobile devices. • The most known specification is the TPM specification. • The TPM is a small chip which guaranties protecting a users secrets (aka private keys). • Each TPM has a unique endorsement key. • The chip is very cheap.
Stronger authentication TPM based solutions Authentication using a TPM 3-way handshake protocol Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 10 / 17 Stronger authentication Mobile Cell Phone based solutions Solutions Authentication using a Trustable Mobile Device Cell phone based solutions The cell phone is the root of trust. One of the solution uses a mutual transaction confirmation over SMS. The other solution is based on a one-time-password received by SMS. Both solutions give the user a second independant channel making the authentiation/confirmation strong. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 11 / 17
Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device Mutual Transaction Confirmation Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 12 / 17 Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device SMS One-Time-Password (OTP) Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 13 / 17
Conclusion Evalution Performance of the system The system is only as good as its perfomance. The mean authentication time using the TPM solution is 4.5 seconds. The mean authentication time for mutual transaction confirmation is 27.1 seconds. The mean authentication time for One-time-passwords over SMS is 19.5 seconds. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 15 / 17 Conclusion Evaluation Security All three protocols behaves well and are secure. The security of the TPM mutual authentication was proven using the AVISPA framework. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 16 / 17
Conclusion Conclusion The presented protocols are usable in practice. The implementation can be done transparent to the user. The protocol introduces a new degree of complexity. The level of security needed depends on the nature of the application. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 17 / 17

Recommended

A Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of ThingsA Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of ThingsAndreas Ruppen
 
Presentation evrythng
Presentation evrythngPresentation evrythng
Presentation evrythngAndreas Ruppen
 
A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...Andreas Ruppen
 
Thesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of ThingsThesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of ThingsAndreas Ruppen
 
A component based architecture for the Web of Things
A component based architecture for the Web of ThingsA component based architecture for the Web of Things
A component based architecture for the Web of ThingsAndreas Ruppen
 
Enabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middlewareEnabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middlewareOlivier Liechti
 
Introduction in Landscape architecture
Introduction in Landscape architectureIntroduction in Landscape architecture
Introduction in Landscape architecturemsourgiad
 
Customer Story: University of Munster
Customer Story: University of MunsterCustomer Story: University of Munster
Customer Story: University of MunsterKim Cook
 

Recommended

A Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of ThingsA Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of ThingsAndreas Ruppen
 
Presentation evrythng
Presentation evrythngPresentation evrythng
Presentation evrythngAndreas Ruppen
 
A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...Andreas Ruppen
 
Thesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of ThingsThesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of ThingsAndreas Ruppen
 
A component based architecture for the Web of Things
A component based architecture for the Web of ThingsA component based architecture for the Web of Things
A component based architecture for the Web of ThingsAndreas Ruppen
 
Enabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middlewareEnabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middlewareOlivier Liechti
 
Introduction in Landscape architecture
Introduction in Landscape architectureIntroduction in Landscape architecture
Introduction in Landscape architecturemsourgiad
 
Customer Story: University of Munster
Customer Story: University of MunsterCustomer Story: University of Munster
Customer Story: University of MunsterKim Cook
 
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...IOSR Journals
 
Ngn sec
Ngn secNgn sec
Ngn secdraacon
 
New Science Transaction Security Journal
New Science Transaction Security JournalNew Science Transaction Security Journal
New Science Transaction Security JournalUL
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyFrancesco Faenzi
 
Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)Samsung SDS America
 
OmniSpotlight 05-2014
OmniSpotlight 05-2014OmniSpotlight 05-2014
OmniSpotlight 05-2014Anita Lösch
 
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseJ.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseDroidcon Berlin
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SecurityGen1
 
Secure Sms
Secure SmsSecure Sms
Secure SmsMadeline Edkins
 
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiRethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiAlan Quayle
 
Heartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseHeartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseMohamed Hisham Ache
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerTELKOMNIKA JOURNAL
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerPutra Wanda
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewStephen Bates
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by AttackersFireEye, Inc.
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 
Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017José Carlos Álvarez
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce SecurityLindsey Landolfi
 
TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNSIMarketing
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 

More Related Content

Similar to A proof of concept implementation of a secure e-commerce authentication scheme

Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...IOSR Journals
 
New Science Transaction Security Journal
New Science Transaction Security JournalNew Science Transaction Security Journal
New Science Transaction Security JournalUL
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyFrancesco Faenzi
 
OmniSpotlight 05-2014
OmniSpotlight 05-2014OmniSpotlight 05-2014
OmniSpotlight 05-2014Anita Lösch
 
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseJ.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseDroidcon Berlin
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SecurityGen1
 
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiRethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiAlan Quayle
 
Heartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseHeartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseMohamed Hisham Ache
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerTELKOMNIKA JOURNAL
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerPutra Wanda
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewStephen Bates
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by AttackersFireEye, Inc.
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 
TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNSIMarketing
 

Similar to A proof of concept implementation of a secure e-commerce authentication scheme (20)

Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
 
Ngn sec
Ngn secNgn sec
Ngn sec
 
New Science Transaction Security Journal
New Science Transaction Security JournalNew Science Transaction Security Journal
New Science Transaction Security Journal
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
 
Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)
 
OmniSpotlight 05-2014
OmniSpotlight 05-2014OmniSpotlight 05-2014
OmniSpotlight 05-2014
 
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseJ.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
 
Secure Sms
Secure SmsSecure Sms
Secure Sms
 
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiRethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
 
Heartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseHeartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverse
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate Overview
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
 
Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
 
TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNS STIME Case Study May 2015
TNS STIME Case Study May 2015
 

Recently uploaded

Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 

Recently uploaded (20)

Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 

A proof of concept implementation of a secure e-commerce authentication scheme

  • 1. A proof of concept implementation of a secure e-commerce authentication scheme C. Latze1, A. Ruppen1, U. Ultes-Nitsche1 1University of Fribourg Faculty of Science Departement of Informatics TNS ISSA Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 1 / 17 Structure 1 Introduction 2 Stronger authentication TPM based solutions Mobile Cell Phone based solutions 3 Conclusion Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 2 / 17
  • 2. Introduction Inroduction Motivation E-commerce application are gaining popularity. Users are not aware of the security risks. Protecting the users from attacks like phishing, pharming or man-in-the-middle is of main importance in online business. However The solution should be simple for the user. The solution should really increase the security. The solution should have a low cost : for the customer and also for the e-commerce provider Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 4 / 17 Introduction Making e-commerce applications more secure What can be considered as secure ? The root of trust Software is not really trustworthy ? So where can we define the ”Root of Trust” ? The only remaining solution is hardware. This can either be some hardware bound to the computer or some hardware bound to the e-commerce application. Computer bound hardware might be the Trusted Platform Module (TPM). Application bound hardware might be a mobile cell phone. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 5 / 17
  • 3. Introduction Implied hardware Trusted Platform Module (TPM) A TPM is a small trusted chip, build into most of the computers build today. It has been specified by the Trusted Computing Group (TCG). It provides secure storage for keys and hashes and some basic cryptographic functions. It is the root of trust. Mobile phone Enhanced SIM cards like those from SanDisk. Multimedia cards from Gemalto. One-Time-Passwords (OTP) sent by SMS. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 6 / 17 Stronger authentication Architecture PHP C MySQL Gammu C TPM Mobile Phone BrowserClient Server Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 8 / 17
  • 4. Stronger authentication TPM based solutions Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 9 / 17 Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. 2009-07-06 secure e-commerce authentication Stronger authentication TPM based solutions Solutions • Successor of the Trusted Computing Platform Alliance. • Founded in 2007. • Counts actually 170 members around the world. • Has developed multiple specifications in the trusted computing domain, including specifications for – servers, – storage, – clients and – mobile devices. • The most known specification is the TPM specification. • The TPM is a small chip which guaranties protecting a users secrets (aka private keys). • Each TPM has a unique endorsement key. • The chip is very cheap.
  • 5. Stronger authentication TPM based solutions Authentication using a TPM 3-way handshake protocol Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 10 / 17 Stronger authentication Mobile Cell Phone based solutions Solutions Authentication using a Trustable Mobile Device Cell phone based solutions The cell phone is the root of trust. One of the solution uses a mutual transaction confirmation over SMS. The other solution is based on a one-time-password received by SMS. Both solutions give the user a second independant channel making the authentiation/confirmation strong. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 11 / 17
  • 6. Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device Mutual Transaction Confirmation Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 12 / 17 Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device SMS One-Time-Password (OTP) Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 13 / 17
  • 7. Conclusion Evalution Performance of the system The system is only as good as its perfomance. The mean authentication time using the TPM solution is 4.5 seconds. The mean authentication time for mutual transaction confirmation is 27.1 seconds. The mean authentication time for One-time-passwords over SMS is 19.5 seconds. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 15 / 17 Conclusion Evaluation Security All three protocols behaves well and are secure. The security of the TPM mutual authentication was proven using the AVISPA framework. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 16 / 17
  • 8. Conclusion Conclusion The presented protocols are usable in practice. The implementation can be done transparent to the user. The protocol introduces a new degree of complexity. The level of security needed depends on the nature of the application. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 17 / 17