1 70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and Internet security. This is important in e-commerce security because authentication is necessary for verifying the identity of users which is crucial when an organization uses the Internet for its business. Strong authentication mechanisms ensure that persons involved in the transactions are the entities they claim to be. In e-commerce applications, encryption and decryption algorithms are used to secure communications and ensure the privacy of data sent from one customer to merchant vice versa. In this thesis, the proposed extended SGC-PKC algorithm has been used to provide non-repudiation through self signatures which proves that a specific user has performed certain operations at a given time. The extended SGC-PKC algorithm proposed in this work provides a secure and non-breakable environment for deploying e-commerce and also provides a reliable environment for building virtually any type of electronic transactions, from corporate intranets to Internet-based e-commerce applications.
2 71 Based on protocol developed in chapter 3 we will study the enhancements achieved by deploying ESGC-PKC to traditional explicit certificate based application. Traditional public key cryptographic systems use either hierarchical certification or web of trust based certification method to authorize the public key and identity of the certificate holder. SGC can be deployed in both these applications. This chapter explains the deployment of the proposed extended SGC-PKC algorithm in three non-commercial applications namely e-tender systems, online beneficiary system and financial management system. Security analysis has been carried out for each application with respect to authentication, confidentiality and integrity. 4.2 DEPLOYMENT OF ESGC-PKC IN AN E-TENDER SYSTEM Introduction Tendering is a method by which councils acquire goods and services and includes the core activities like the advertising of the requirements for goods or services, preparation of tender documents, registration of suppliers to receive tender documents, pre-qualification of suppliers for a particular tender, delivery of tender documents between the council and bidders, opening of responses to the tender, evaluation of responses to the tender and awarding of the contract. E-tendering is the method of carrying out the tendering process using electronic means such as, Internet and specialist e-tendering software applications. An e-tendering system facilitates the complete tendering process from the advertisement of the requirements through the placing of the contract. This includes the exchange of all relevant documents in electronic format. In order to realize better cost savings and to increase efficiency, replacing the manual paper-based tender procedures by electronic - facilitated
3 72 system has become an essential element in process re-engineering. With a highly automated e-tendering system, tendering works such as tender specification, advertising, tender aggregation as well as the evaluation and placing of the contract can be prepared at ease ESGC-PKC in e-tender By deploying the extended SGC-PKC in the e-tender system, the access control mechanism and also the security audit trails increase the security accountability. In this scenario, all bidders are able to generate their own keys for every tender publishing and they can separately register for a particular tender. In e-tendering, bidding information is to be collected by the system from every supplier for the opening process. Opening of bid is handled by use of a technique called e-chat, where in the bidding price of every bidder in the current tender is shown to others. The bidder opens his tender proposed document with the use of his keys, which is already generated by the bidder itself. By comparing the prices of all bidders, the administrator chooses the level 1 (lowest quoted) bidder at the same time. In the e-tendering application developed in this work, the user key generation module provides the public and private key for the bidder with the use of identity, partial key and secret value (obtained from the bidder). The bidders have been provided with a facility to view the list of tenders and make bidding on the tenders in which (tender) they are interested. The bidder can bid a tender by providing their bidding ID, tender reference number, tender amount quoted by the particular bidder, the tender document. Moreover, another bidder can also bid the same tender by providing their details by using a different web browser which wills multicast it to different bidding companies.
4 Online Meeting for e-tender The final stage of this e-tender system is the online meeting. After the bid documents have been submitted by the bidders, the documents are kept confidential and are maintained in a secured directory, to ensure that no one opens the documents before the due date. Only on the specified date, the documents can be opened as mentioned as bid opening date and time in the tender details. On the day of opening, the bidder has to login and visit the organization s site during the tender opening time period in order to view the opening of the bid documents. This application has been developed to enable the bidders to view the opening of the documents i.e. the server s state, from a remote machine while opening the bid documents. For this purpose, MulticastSockets are used in order to transmit the packets from the server to the bidder s remote system. The multicast datagram socket class has been used in the work for sending and receiving Internet Protocol (IP) multicast packets. Multicast is used here for communication in order to communicate only with a selected set of connected members. MulticastSocket is a User Datagram Packet (UDP), with additional capabilities for implementing joining "groups" of other multicast hosts on the Internet. A multicast group is specified by a class D IP address and by a standard UDP port number. One would join a multicast group by first creating a MulticastSocket with the desired port and then by invoking the joingroup (InetAddress groupaddr) method. When one sends a message to a multicast group, all subscribing recipients to that host and port receive the message. The sender socket needn't be a member of the multicast group to send messages to it. When a socket
5 74 subscribes to a multicast group/port, it receives datagram sent by other hosts to the group/port, as do all other members of the group. On successful decryption of the tender document for each and every bidder on the online chat, it is viewable by all the bidders for a tender. A certificate is created at this time based on the organization s formats and requirements provided during the registration process. This generated certificate will be used for signing the bidder document to ensure the authentication and confidentiality. Every bidder will join the chat and open his document. The corresponding bidder s price will be displayed in the online chat. At last, the lowest price bidder will be chosen as the bid winner which can be viewed by every bidder. Effect on turnaround time depends on number of bidders for existing e-commerce and extended SGC-PKC based e-commerce. The processing delay at the server was kept constant and data sizes for different bidders of 100KB, 200KB, 500KB and 1MB were used. This was done for different scenarios of product discovery from 1 to10 bidders, and the results are shown in Figure 4.1. Figure 4.1 Effect of turnaround time for different bidders
6 Security Analysis In an e-tender, where the consumer and the merchant communicate indirectly via software entities and the Internet, trust must be somehow established between the two parties. In order to achieve trust, the following security functions must be performed Authentication: Each party need to authenticate its counterpart, i.e. to make sure that the counterpart is the one he claimed to be. Integrity: Each party needs to make sure that the received messages are not altered or fabricated by other than their counterpart. Confidentiality: Each party wants to keep the content of their communication secret. Message authentication: Each party wants to make sure that the received messages do really come from his counterpart. In order to achieve these, digital certificates have been generated and used in this research work. The generation of digital certificates for a bidder s happens using a sequence of steps. Once the bidder fills the form and submits it, the data submitted by the bidder is encrypted using the extended SGC-PKC algorithm proposed in this work. The implemented new proposed SGC algorithm has been implemented using the Java Cryptographic Extension (JCE) feature. The encrypted values are sent to the merchant site as byte values. On the merchant site, the byte values are converted back into BigIntegers and are decrypted using their private keys.
7 76 On successful decryption, a directory will be created for that bidder by the name of the unique Tax payer s Identification Number (TIN). In that directory, a unique digital certificate will be created for that bidder organization unit by the name of that TIN. The certificate is created based on the organization details provided during the registration process. This generated certificate is used for signing the bidder document to ensure the authentication, integrity and confidentiality. 4.3 ESGC-PKC FOR ONLINE BENEFICIARIES FUND TRANSFER Introduction The second application considered in this research work is the Online Beneficiaries Fund Transfer, where the newly proposed SGC-PKC algorithm has been deployed and tested. This deployment of extended SGC- PKC algorithm in the online beneficiaries funds transfer applications eliminates the potential threats and vulnerabilities that can occur on this online system Security Model The security model for the online beneficiaries fund transfer application is based on the extended SGC-PKC without pairings. This integration of online transactions and non-pairing based extended SGC-PKC, in the online beneficiary fund transfer system provides an enormous potential in the real time environment. Implementation of this model has been carried out using Java security class methods since they provide methods for generating public key certificates. However, the built-in methods of Java have been extended in this
8 77 research work in order to implement the newly proposed extended SGC-PKC algorithm. The certificate can be used to verify that a public key belongs to an individual. Canonical encoding rules (CER) have been used in this work which is a restricted variant of Basic Encoding Rules for producing unequivocal transfer syntax for data structures. A Personal Information Exchange (PFX) file has been used in this implementation file which contains public and private key information used to securely sign, encrypt or authenticate something. This file is typically used as a means of creating certificates to authenticate Websites, applications or encrypted file systems. The Figure 4.2 shows the extended self-generated-certificate developed in this work. Figure 4.2 Certificate of ESGC
9 Online Beneficiaries Fund Transfer The extended SGC-PKC without pairings proposed in this work can fit in any application, where the user wants to do transactions with multiple users in secure manner i.e., it will be adopted in one-to-many communications. In this application, the users need to register themselves before they perform any transactions. Whenever the user registers all his/her details, the user must accept the terms and conditions so that when they submit it to the key generation module, a certificate will be generated. The online beneficiary fund transfer security model proposed in this work has been implemented as aforesaid online chatting, where every account has its own public key certificate to communicate with the server. So, the customer can communicate with other customers (who are all beneficiaries) via the server and also the customer can do one-to-many transactions by selecting a particular beneficiary who is in the created list. In the current online transaction processing systems, an online fund transfer using a beneficiary happens with one side authentication only where the customer has the beneficiary s account number for transaction. The customer submits the money transfer order to the bank then the bank validates the request and transfers the money to the beneficiary s account. The communication between the customer and the bank is performed using SSL (https), where the customer s request is encrypted and sent to the bank server. In the server, the request is decrypted using the private key of the customer and it is processed. After the successful processing of the request, the amount will be transferred to the beneficiary s account from the customer s account. In this research work, the proposed extended SGC-PKC has been integrated with the beneficiary application for improving the security measures in the online account-to-account fund transfer. The following
10 79 features are provided for registering in our online banking account-to-account fund transfer application. Therefore, the customers are requested to register by providing the information requested in the registration form. Based on the customer s details (information), individual certificates are generated by this application for each and every customer. After registration, the customer can login with use of created username, password and the provided pin number. After login, the customer can view their details and in addition they can perform other operations like checking the balance amount, withdrawing and depositing. In the same page, the customer can include a list of other customers in the beneficiaries list and the customer can have an authenticated transaction with these beneficiaries Beneficiary Module The beneficiary list is created by the customer by providing beneficiary details for their registration. Now, the beneficiary (another customer) is sent with a message with the options Accept and Reject for the confirmation of the list based on their willingness to be a beneficiary. After the beneficiaries are included in the customer list, the facility for transfer of amount to multiple beneficairies will be established by this application. This system contains all the beneficiary names to the particular customer and also shows the balance amount of him/her and ask for transferring amount. Once the transaction is over, the balance amount will be shown to the customer. Figure 4.3 shows the effect on turnaround time depends on number of beneficiaries for existing online beneficiaries fund transfer and extended SGC-PKC based online beneficiaries fund transfer.
11 80 Figure 4.3 Effect of turnaround time for different beneficiaries Security Analysis This non-pairing extended SGC-PKC supported online beneficiary fund transfer has been designed in such a way that it provides the security services like authentication of beneficiaries. This type of security solutions for online payment transactions prevents payments from being manipulated by non-beneficiaries. While making a payment, the extended SGC-based security services prompts the customers to verify the data provided upon entering a beneficiary to whom the customer have not made a funds transfer before using a high profile password. Authentication is not required however for all new beneficiaries. The beneficiaries who are already approved do not require re-verification. It enables the customers to confirm new beneficiaries easily. The online account-to-account fund transfer is based on reliable customers as beneficiaries and hence it ensures integrity. The encryption and decryption are happened by the user generated keys, thus there will be surety on the data transaction between the beneficiaries.
12 FINANCIAL MESSAGING SYSTEM USING ESGC-PKC Introduction Financial Messaging is used word-wide in different countries on various forms for financial message transactions. Financial Messaging System finds maximum utilization is Electronic Fund Transfer Systems. The primary goal of any Electronic Fund Transfer Systems is to enable the circulation of money in its economy. Fund Transfers can happen between inter or intra banks where it is necessary to carry out these transactions securely and efficiently. It is recognised worldwide that an efficient and secure payment system is an enabler of economic activity. It provides the features essential for effecting payments and transmission of monetary policy. Payment systems have encountered many challenges in the past and are constantly adapting. The four broad tenets of any financial messaging system are Safety, Security, Soundness and Efficiency, which are necessary to reduce risk. A security system for financial system must address the issues relating to confidence, with specific reference to the users of these systems. In such systems, soundness will be aimed at ensuring that the systems are built on strong edifices and that they stand the test of time. Efficiency represents the measures aimed at efficiencies in terms of costs so as to provide optimal and cost effective solutions. Most of the current finance systems are built using PKI for securing its transaction. Even though PKI is widely adopted and well known security infrastructure, it has some serious draw back (Ellison and Schneier 2007) Financial Messaging System Application In this thesis, financial messaging system is the third application which has been considered for testing proposes extended SGC-PKC. This
13 82 SGC-PKC can fit in any application, where the user wants to do transactions with multiple users in secure manner i.e., it will adapt to one-to-many communications. In this application, the users must register themselves before performing any transactions. Whenever the user registers all his/her details are given to the system and the user must accept the terms and conditions provided by the system. When the user completes the registration procedure, the system generates a digital certificate to the user Communication Figure 4.4 shows the architecture of Financial Messaging System. Bank A is directly connected to Central Server, the banks C and D are members of the Common Gateway and their branches are connected to Common gateway which in turn is connected to Central Server. In the architecture shown in Figure 4.4 and the message flow for intra and interbank scenarios are explained in subsequent sections. Figure 4.4 FMS architecture
14 Intra-bank Messages The intra-bank message flow has been specially handled by the Bank internal server or using common gateway Inter-bank Messages In general, the Inter-bank Bank messages flow first to parent Gateway, then to Server, and finally to Destination Gateway towards the destination Branch. However, under common gateway, if the message is meant for another bank which is a member of common Gateway, the parent Gateway and destination gateways would be under same server and because of this FMS treats as intra-bank message from and to a member bank under common gateway would be treated as intra and this would be transparent to the users. In view of the Figure 4.4, the messages flow between Bank C to Bank D though inter-bank in nature would be handled as an intra-bank. The Current FMS system uses the traditional PKI system for all communication messages which requires the trusted third party to verify the certificate, which can be replaced with SCG certificates. Figures 4.5 and 4.6 shows the implementation of messages are sending and receiving securely by the extended SGC-PKC based algorithm from user to server. The message has been encrypted with the public key of the certificate created for that user. The encrypted message along with the file attached is sent to the server by means of the Financial Messaging System, which takes care of the encrypted messages which is being sent from client to the server. The message and document are decrypted at the server side by means of the private key from the certificate generated for that user. The main operation carried out by this system is fund transfer.
15 84 Figure 4.5 Sending messages Figure 4.6 Receiving messages
16 85 Figure 4.7 shows the effect on turnaround time depends on number of banks for existing financial messaging system and extended SGC-PKC based financial messaging system. Figure 4.7 Effect of turnaround time for different banks Security Analysis Authentication Authentication is performed easily by verifying the use of destination bank certificate. All the banks that are having the relevant keys are generated by the key generation module which is used for verification. The ESGC binds the bank identity and the public key together. The authentication is greatly achieved because the verification is done only by the sender s public key and its identity. It ensures that the origin of a request message or response message for creating the destination list is correctly identified, with an assurance that the identity is not false.
17 86 Integrity With respect to the newly proposed SGC, if there are any changes in the bank details then the public key, private key and the certificate are made by the respective bank only by creating a new certificate. The transaction is held without loss of data because all the cipher contents are generated by use of the relevant keys. Thus, the keys are generated based on the information given by the bank and also it is purely generated by the bank only. Moreover, the keys for extraction are known only to the banks. Thus, it ensures that only authorized banks are able to access/view the transmitted information. Confidentiality Confidentiality ensures that the transmitted information is accessible only for reading by authorized banks. The encryption and decryption are purely done by the keys involved in the certificate which is generated by the customer itself. So, there is no point on non-privacy on the information which is transmitted on beneficiary based account-to-account fund transfer. This is accomplished by enforcing access control policies. 4.5 RESULTS AND DISCUSSION Table 4.1 shows the comparison of the time consumption of various public key algorithms and key management schemes for three e-commerce applications. It shows that for all three e-commerce applications the ESGC- PKC is consume very low number of seconds compared with the existing algorithms based e-commerce applications.
18 87 Table 4.1 Time consumption of various PKC for secure transactions (in seconds) Applications/ Algorithms E-Tender Online Beneficiary Fund Transfer (in milliseconds) Financial Messaging RSA ELGAMAL ECC SGC-PKC ESGC-PKC Time comparison between the existing non-commercial e-commerce application and SGC based e-commerce applications is shown in Figure 4.8. For the newly proposed SGC based e-commerce applications, the time consumption is very low with the existing cryptosystem based e-commerce applications. The main part of computation is purely depending on the number of secure transactions. Figure 4.8 ESGC transaction performances
19 88 Table 4.2 shows a comparison of the newly proposed SGC-integrated e-commerce system security before and after. The comparison is based on effectiveness of blocking security attacks related to the system. It is focused that the newly proposed SGC algorithm is handled all the attacks. Table 4.2 A comparison of ESGC-integrated e-commerce before and after Security Services Security Attacks Before ESGC After ESGC Authentication Certificate Replacement No Completed IP spoofing Partial Completed Malicious Partial Completed Message Replacement No Completed DoS No Completed Access Control Buffer Overflow Partial Completed DoS No Completed Integrity Message Replacement No Completed Certificate Replacement No Completed Compromised Key Attack No Completed Confidentiality Brute-Force Partial Completed Dictionary Partial Completed Figure 4.9 shows the efficiency comparison between the existing e-commerce applications and the extended SGC-based e-commerce applications algorithms regarding various security services such as confidentiality, authentication, access control and integrity. The efficiency comparison is purely based on the results of the security attacks on various security services as mentioned in the Table 4.2. It is found from the
20 89 comparison only the newly proposed SGC based application is able to employ all the security services. Figure 4.9 Efficiency of security services on deployed e-commerce 4.6 SUMMARY The proposed ESGC-PKC has been deployed in an e-tender system that maintains several bidders. The bidders are bidding for a particular tender, the level 1 bidder is chosen by use of e-chat in the presence of all other bidders in the meeting and the various security analysis will provided. By integrating the ESGC-PKC with FMS based fund transfer, one bank can transact with multiple banks in secure manner. It is proved that the major security services like authentication, integrity and confidentiality are achieved. Non-pairing ESGC-PKC has been deployed on online beneficiary based account-to-account fund transfer and therefore one customer can transact with multiple customers in secure manner. It is proved that the major security services like authentication, integrity and confidentiality is also achieved. Finally, Financial Messaging System has been implemented as the third application. By deploying the proposed extended SGC-PKC in all these applications, the security of these e-commerce systems has been enhanced.