SlideShare a Scribd company logo

A proof of concept implementation of a secure e-commerce authentication scheme

Andreas Ruppen
Andreas Ruppen

Presentation of the paper "A PROOF OF CONCEPT IMPLEMENTATION OF A SECURE E-COMMERCE AUTHENTICATION SCHEME" at ISSA, Johannesburg in 2009

Internet
1 of 8
Download to read offline
A proof of concept implementation of a secure e-commerce authentication scheme C. Latze1, A. Ruppen1, U. Ultes-Nitsche1 1University of Fribourg Faculty of Science Departement of Informatics TNS ISSA Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 1 / 17 Structure 1 Introduction 2 Stronger authentication TPM based solutions Mobile Cell Phone based solutions 3 Conclusion Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 2 / 17
Introduction Inroduction Motivation E-commerce application are gaining popularity. Users are not aware of the security risks. Protecting the users from attacks like phishing, pharming or man-in-the-middle is of main importance in online business. However The solution should be simple for the user. The solution should really increase the security. The solution should have a low cost : for the customer and also for the e-commerce provider Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 4 / 17 Introduction Making e-commerce applications more secure What can be considered as secure ? The root of trust Software is not really trustworthy ? So where can we define the ”Root of Trust” ? The only remaining solution is hardware. This can either be some hardware bound to the computer or some hardware bound to the e-commerce application. Computer bound hardware might be the Trusted Platform Module (TPM). Application bound hardware might be a mobile cell phone. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 5 / 17
Introduction Implied hardware Trusted Platform Module (TPM) A TPM is a small trusted chip, build into most of the computers build today. It has been specified by the Trusted Computing Group (TCG). It provides secure storage for keys and hashes and some basic cryptographic functions. It is the root of trust. Mobile phone Enhanced SIM cards like those from SanDisk. Multimedia cards from Gemalto. One-Time-Passwords (OTP) sent by SMS. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 6 / 17 Stronger authentication Architecture PHP C MySQL Gammu C TPM Mobile Phone BrowserClient Server Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 8 / 17
Stronger authentication TPM based solutions Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 9 / 17 Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. 2009-07-06 secure e-commerce authentication Stronger authentication TPM based solutions Solutions • Successor of the Trusted Computing Platform Alliance. • Founded in 2007. • Counts actually 170 members around the world. • Has developed multiple specifications in the trusted computing domain, including specifications for – servers, – storage, – clients and – mobile devices. • The most known specification is the TPM specification. • The TPM is a small chip which guaranties protecting a users secrets (aka private keys). • Each TPM has a unique endorsement key. • The chip is very cheap.
Stronger authentication TPM based solutions Authentication using a TPM 3-way handshake protocol Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 10 / 17 Stronger authentication Mobile Cell Phone based solutions Solutions Authentication using a Trustable Mobile Device Cell phone based solutions The cell phone is the root of trust. One of the solution uses a mutual transaction confirmation over SMS. The other solution is based on a one-time-password received by SMS. Both solutions give the user a second independant channel making the authentiation/confirmation strong. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 11 / 17
Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device Mutual Transaction Confirmation Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 12 / 17 Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device SMS One-Time-Password (OTP) Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 13 / 17
Conclusion Evalution Performance of the system The system is only as good as its perfomance. The mean authentication time using the TPM solution is 4.5 seconds. The mean authentication time for mutual transaction confirmation is 27.1 seconds. The mean authentication time for One-time-passwords over SMS is 19.5 seconds. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 15 / 17 Conclusion Evaluation Security All three protocols behaves well and are secure. The security of the TPM mutual authentication was proven using the AVISPA framework. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 16 / 17
Conclusion Conclusion The presented protocols are usable in practice. The implementation can be done transparent to the user. The protocol introduces a new degree of complexity. The level of security needed depends on the nature of the application. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 17 / 17

Recommended

A Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of ThingsA Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of Things
Andreas Ruppen
 
Presentation evrythng
Presentation evrythngPresentation evrythng
Presentation evrythng
Andreas Ruppen
 
A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...
Andreas Ruppen
 
Thesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of ThingsThesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of Things
Andreas Ruppen
 
A component based architecture for the Web of Things
A component based architecture for the Web of ThingsA component based architecture for the Web of Things
A component based architecture for the Web of Things
Andreas Ruppen
 
Enabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middlewareEnabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middleware
Olivier Liechti
 
Introduction in Landscape architecture
Introduction in Landscape architectureIntroduction in Landscape architecture
Introduction in Landscape architecture
msourgiad
 
Customer Story: University of Munster
Customer Story: University of MunsterCustomer Story: University of Munster
Customer Story: University of Munster
Kim Cook
 

Recommended

A Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of ThingsA Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of Things
Andreas Ruppen
 
Presentation evrythng
Presentation evrythngPresentation evrythng
Presentation evrythng
Andreas Ruppen
 
A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...
Andreas Ruppen
 
Thesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of ThingsThesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of Things
Andreas Ruppen
 
A component based architecture for the Web of Things
A component based architecture for the Web of ThingsA component based architecture for the Web of Things
A component based architecture for the Web of Things
Andreas Ruppen
 
Enabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middlewareEnabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middleware
Olivier Liechti
 
Introduction in Landscape architecture
Introduction in Landscape architectureIntroduction in Landscape architecture
Introduction in Landscape architecture
msourgiad
 
Customer Story: University of Munster
Customer Story: University of MunsterCustomer Story: University of Munster
Customer Story: University of Munster
Kim Cook
 
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
IOSR Journals
 
Ngn sec
Ngn secNgn sec
Ngn sec
draacon
 
New Science Transaction Security Journal
New Science Transaction Security JournalNew Science Transaction Security Journal
New Science Transaction Security Journal
UL
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Francesco Faenzi
 
Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)
Samsung SDS America
 
OmniSpotlight 05-2014
OmniSpotlight 05-2014OmniSpotlight 05-2014
OmniSpotlight 05-2014
Anita Lösch
 
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseJ.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
Droidcon Berlin
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
TomParker
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SecurityGen1
 
Secure Sms
Secure SmsSecure Sms
Secure Sms
Madeline Edkins
 
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiRethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
Alan Quayle
 
Heartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseHeartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverse
Mohamed Hisham Ache
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
TELKOMNIKA JOURNAL
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
Putra Wanda
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate Overview
Stephen Bates
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers
FireEye, Inc.
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
ForgeRock
 
Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017
José Carlos Álvarez
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
Lindsey Landolfi
 
TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNS STIME Case Study May 2015
TNS STIME Case Study May 2015
TNSIMarketing
 
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Delhi Call girls
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
SUHANI PANDEY
 

More Related Content

Similar to A proof of concept implementation of a secure e-commerce authentication scheme

New Science Transaction Security Journal
New Science Transaction Security JournalNew Science Transaction Security Journal
New Science Transaction Security Journal
UL
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Francesco Faenzi
 
OmniSpotlight 05-2014
OmniSpotlight 05-2014OmniSpotlight 05-2014
OmniSpotlight 05-2014
Anita Lösch
 
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseJ.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
Droidcon Berlin
 
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiRethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
Alan Quayle
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
TELKOMNIKA JOURNAL
 

Similar to A proof of concept implementation of a secure e-commerce authentication scheme (20)

Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
 
Ngn sec
Ngn secNgn sec
Ngn sec
 
New Science Transaction Security Journal
New Science Transaction Security JournalNew Science Transaction Security Journal
New Science Transaction Security Journal
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
 
Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)
 
OmniSpotlight 05-2014
OmniSpotlight 05-2014OmniSpotlight 05-2014
OmniSpotlight 05-2014
 
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseJ.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
 
Secure Sms
Secure SmsSecure Sms
Secure Sms
 
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiRethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
 
Heartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseHeartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverse
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate Overview
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
 
Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
 
TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNS STIME Case Study May 2015
TNS STIME Case Study May 2015
 

Recently uploaded

Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Delhi Call girls
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
SUHANI PANDEY
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
soniya singh
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
SUHANI PANDEY
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
SUHANI PANDEY
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
SUHANI PANDEY
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
soniya singh
 

Recently uploaded (20)

Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 

A proof of concept implementation of a secure e-commerce authentication scheme

  • 1. A proof of concept implementation of a secure e-commerce authentication scheme C. Latze1, A. Ruppen1, U. Ultes-Nitsche1 1University of Fribourg Faculty of Science Departement of Informatics TNS ISSA Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 1 / 17 Structure 1 Introduction 2 Stronger authentication TPM based solutions Mobile Cell Phone based solutions 3 Conclusion Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 2 / 17
  • 2. Introduction Inroduction Motivation E-commerce application are gaining popularity. Users are not aware of the security risks. Protecting the users from attacks like phishing, pharming or man-in-the-middle is of main importance in online business. However The solution should be simple for the user. The solution should really increase the security. The solution should have a low cost : for the customer and also for the e-commerce provider Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 4 / 17 Introduction Making e-commerce applications more secure What can be considered as secure ? The root of trust Software is not really trustworthy ? So where can we define the ”Root of Trust” ? The only remaining solution is hardware. This can either be some hardware bound to the computer or some hardware bound to the e-commerce application. Computer bound hardware might be the Trusted Platform Module (TPM). Application bound hardware might be a mobile cell phone. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 5 / 17
  • 3. Introduction Implied hardware Trusted Platform Module (TPM) A TPM is a small trusted chip, build into most of the computers build today. It has been specified by the Trusted Computing Group (TCG). It provides secure storage for keys and hashes and some basic cryptographic functions. It is the root of trust. Mobile phone Enhanced SIM cards like those from SanDisk. Multimedia cards from Gemalto. One-Time-Passwords (OTP) sent by SMS. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 6 / 17 Stronger authentication Architecture PHP C MySQL Gammu C TPM Mobile Phone BrowserClient Server Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 8 / 17
  • 4. Stronger authentication TPM based solutions Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 9 / 17 Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. 2009-07-06 secure e-commerce authentication Stronger authentication TPM based solutions Solutions • Successor of the Trusted Computing Platform Alliance. • Founded in 2007. • Counts actually 170 members around the world. • Has developed multiple specifications in the trusted computing domain, including specifications for – servers, – storage, – clients and – mobile devices. • The most known specification is the TPM specification. • The TPM is a small chip which guaranties protecting a users secrets (aka private keys). • Each TPM has a unique endorsement key. • The chip is very cheap.
  • 5. Stronger authentication TPM based solutions Authentication using a TPM 3-way handshake protocol Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 10 / 17 Stronger authentication Mobile Cell Phone based solutions Solutions Authentication using a Trustable Mobile Device Cell phone based solutions The cell phone is the root of trust. One of the solution uses a mutual transaction confirmation over SMS. The other solution is based on a one-time-password received by SMS. Both solutions give the user a second independant channel making the authentiation/confirmation strong. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 11 / 17
  • 6. Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device Mutual Transaction Confirmation Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 12 / 17 Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device SMS One-Time-Password (OTP) Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 13 / 17
  • 7. Conclusion Evalution Performance of the system The system is only as good as its perfomance. The mean authentication time using the TPM solution is 4.5 seconds. The mean authentication time for mutual transaction confirmation is 27.1 seconds. The mean authentication time for One-time-passwords over SMS is 19.5 seconds. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 15 / 17 Conclusion Evaluation Security All three protocols behaves well and are secure. The security of the TPM mutual authentication was proven using the AVISPA framework. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 16 / 17
  • 8. Conclusion Conclusion The presented protocols are usable in practice. The implementation can be done transparent to the user. The protocol introduces a new degree of complexity. The level of security needed depends on the nature of the application. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 17 / 17