We describe our attack in Section 3. Finally, we conclude in Section 4 by a brief review of the related works.
|
|
- Clement Holmes
- 8 years ago
- Views:
Transcription
1 Information Processing Letters 97 (2006) A flaw in the electronic commerce protocol SET S. Brlek a,2, S. Hamadou b,1, J. Mullins b,,2 a Laboratoire LaCIM, Département d Informatique, Université du Québec à Montréal, Canada b Laboratoire CRAC, Département de Génie Informatique, École Polytechnique de Montréal, Canada Received 27 April 2005; received in revised form 3 September 2005; accepted 6 October 2005 Available online 28 October 2005 Communicated by D. Basin Abstract The Secure Electronic Transaction (SET) protocol has been developed by the major credit card companies in association with some of the top software corporations to secure e-commerce transactions. This paper recalls the basics of the SET protocol and presents a new flaw: a dishonest client may purchase goods from an honest merchant (with the help of another merchant) for which he does not pay. Fortunately, by checking his balance sheet, the merchant may trace with the help of his bank the client and his accomplice. We also propose a modification to fix the flaw Elsevier B.V. All rights reserved. Keywords: Safety/security in digital systems; Electronic payment protocol; Secrecy; Authentication 1. Introduction From the early 90 s, many payment systems on open networks have been proposed. This initial blossoming has lead to the implementation of complex and ambitious systems. SET [9], which stands for Secure Electronic Transaction, is the most complex and challenging payment system. It is sponsored by the major credit card companies Visa and MasterCard in associ- * Corresponding author. Mailing address: B.P. 6079, Succ. Centreville, Montréal (Québec), Canada H3C 3A7. addresses: brlek@lacim.uqam.ca (S. Brlek), sardaouna.hamadou@polymtl.ca (S. Hamadou), john.mullins@polymtl.ca (J. Mullins). 1 Supported by a NATEQ doctoral scholarship (Government of Quebec). 2 Supported by individual NSERC research grants (Government of Canada). ation with some of the top corporations (IBM, GTE, RSA, Microsoft, Netscape, etc.). SET is not a single payment protocol but rather a set of security protocols divided into two different phases: the registration phase and the purchase phase. Such a complex system is likely to contain errors, but its complexity makes it very hard to verify. Based on previous works (see Section 4) on the SET s verification, one could conclude that if the Acquirer, the Certificate Authority and the Payment Gateway are honest, then SET is a secure system. In this paper we present a flaw in SET which proves that even if these users directly linked to the financial system and having more lucrative crimes to commit are honest, an attack against SET is still possible. The attack is against the purchase phase and exploits a lack of verification in the payment authorization process. It may allow a dishonest customer to cheat on the merchant. The rest of the paper is organized as follows. Section 2 describes the purchase phase of the SET protocol /$ see front matter 2005 Elsevier B.V. All rights reserved. doi: /j.ipl
2 S. Brlek et al. / Information Processing Letters 97 (2006) We describe our attack in Section 3. Finally, we conclude in Section 4 by a brief review of the related works. 2. The SET protocol In order to ensure the security of electronic transactions involving credit cards, the major players Visa and MasterCard, in association with some of the top corporations, have implemented a security standard for such transactions: Secure Electronic Transaction (SET) [9]. SET has a global scope and its main security objectives are to ensure the confidentiality and integrity of the transaction s data as well as the authentication of the different involved entities. SET consists of the following five sub-protocols: Cardholder registration: the Cardholder or client (C) transmits to a trusted Certificate Authority (CA) his card number (called the primary account number or PAN), a secret nonce (called CardSecret) and his public signature key. Upon validation, the CA issues a public key certificate (digital ID) including the hash code of the PAN and the PANSecret a secret nonce which is the result of an exclusive-or of the CardSecret and a random nonce chosen by the CA that plays the role of the PIN for the physical card. Merchant and Payment Gateway registration: itis similar to the client registration. They register both their public encryption and signature keys, and obtain two certificates. Purchase request: it enables the client to securely send payment instructions to the Merchant, but the latter does not have access to the client s card data. Payment authorization: it enables the Merchant to check with the Payment Gateway the client s card clearance and to validate the transaction. Transaction payment: the Merchant issues a payment request to the Gateway. The first two protocols constitute the SET s registration phase and its main goal is to provide the customer, Merchant and Payment Gateway with certificates signed by a trusted Certificate Authority that associate their public keys to their identities. The issued certificates are then used for their mutual authentication in any subsequent transaction. The last three protocols, usually called the SET purchase protocols, constitute the electronic transaction itself. Cryptographic notations. The agents are the Cardholder (C), the Merchant (M) and a Payment Gateway (G). A secret session key generated by the principal X is denoted by K X and his public encryption key by PK X. The cryptogram {m} K is obtained by encrypting the message m with the key K, and H(m)is the hashing of m. The signature of a message m by the principal X is denoted by S X (m) and the signature only by SO X (m) (it does not include the message m). We suppose, as stated in SET s specification, that certificates are implicit; that is, a signed message always contains the certificate of the public key needed to verify the signature. Chall X denotes a random fresh challenge (a nonce) generated by X. Finally, CertE X (Y ) and CertS X (Y ) denote, respectively, the certificates of encryption and public signature keys of Y signed by X. The purchase phase is complex and involves three parties: the Cardholder (C), the Merchant (M) and a Payment Gateway (G). SET uses many optional data and, depending on which are taken into account, we may obtain different alternative versions of the purchase phase. The most difficult task is to find a version that is both simple and relatively close to reality. Following an idea in [3] we consider a single transaction involving no optional data. We suppose that when a transaction is authorized, the Merchant does not need to request a payment capture to be paid. Therefore the payment capture is not included in our version. To simplify the analysis, we use public key encryption as an abstraction of digital envelopes. Fig. 1 illustrates SET s purchase protocol where a transaction is processed as follows. Initialization request. Before the purchase begins, the Cardholder and the Merchant agree upon the order description and the purchase amount. This shopping step is out of the SET protocol. The Cardholder then sends to the Merchant his local ID (LID C ) and a fresh random challenge. Initialization response. The Merchant generates a transaction ID (XID), a 20 bytes random number, serving as a unique transaction ID and sends it to the customer together with the Gateway s public encryption key certificate. The purpose of this step is to provide the Cardholder with the Merchant s signature certificate and the Gateway s encryption certificate (recall that certificates are implicit). Order request. After validating both certificates, the Cardholder sends an order request which contains the Payment Instruction (PI), the Order Information (OI) and the Dual Signature (DualSign) to the Merchant. The OI carries information to link the purchase request to prior shopping and ordering dialogue between the Cardholder and the Merchant. PI is the most central and sensitive data structure
3 106 S. Brlek et al. / Information Processing Letters 97 (2006) Initialization (1) InitReq C M: LID C, Chall C (2) InitRes C M: S M (LID M, LID C, XID, Chall C, Chall M, CertE CA (G)) Purchase (3) PurchReq C M: OI,DualSign, {PI} PKG Authorization (4) AuthReq M G: {S M (AuthData, LinkOIPI)} PKG, DualSign, {PI} PKG where AuthReqData = H(OIData), HOD, LID M, LID C, XID, AuthRRTags and LinkOIPI = H(AuthReqData, DualSign, {PI} PKG ) (5) AuthRes M G: {S G (LID M, LID C, XID, AuthRRTags, PurchAmt, AuthCode)} PKM Purchase continued (6) PurchRes C M: S M (LID M, LID C, XID, Chall C, AuthCode) Fig. 1. SET purchase phase. in SET. It is used to pass the data required to authorize a payment card from the Cardholder to the Payment Gateway, which uses the data to initiate a payment card transaction through the traditional payment card financial network. The data is encrypted by the Cardholder using the Gateway s public key and sent via the Merchant so that it is hidden from the Merchant. The purpose of the Dual Signature (DualSign) is to link the two messages OI and PI that are intended for two different recipients. The link ensures the Gateway that the Cardholder and the Merchant agree on the same order and it can be used to resolve disputes. The OI, PI and Dual- Sign are computed as follows. HOD := H(OrderDesc, PurchAmt) PIHead := LID M, LID C, XID, HOD, PurchAmt, MerID, H(XID, CardSecret) OIData := LID M, LID C, XID, Chall M, Chall C, HOD PANData := PAN, PANSecret PIData := PIHead, PANData DualSign := SO C (H (PIData), H (OIData)) PI := PIHead,H(OIData), PANData OI := OIData,H(PIData) where OrderDesc is the description of the customer s detailed order and PurchAmt the total amount of the purchase order. PAN is the Cardholder s primary account number (his credit card number) and PANSecret a secret number known to the Cardholder used to prove his identity when making purchases. MerID is the Merchant ID (assigned by his bank) copied by the Cardholder from the Merchant s certificate. The Merchant verifies the OI and the Dual Signature using the hash code H(PIData) included in the OI. Authorization request. It contains the PI and the DualSign sent by the Cardholder, the hash codes H(OIData) and HOD, which enable the Gateway to verify the Dual Signature, the different IDs involved in the transaction, and the authorization request/response tags (AuthRRTags) that the Gateway must include in the authorization response. The purpose of AuthRRTags is to match the request/response paired messages; it contains (MerID) the Merchant s financial ID and some optional data that may be used by the Merchant s bank to authorize the transaction. Authorization response. If both PI and OI agree, the Gateway proceeds to the transaction authorization with the Acquirer using the existing financial networks. If authorization is allowed, the Gateway sends the authorization response containing AuthRRTags copied from AuthReq, the purchase amount and the transaction status (a boolean value). Purchase response. The Merchant verifies the Gateway s signature and that the IDs and AuthRRTags included in the response match those sent in his request message. Then he forwards to the Cardholder the authorization status combined with the different IDs and challenges involved in the transaction. We analyzed the SET s purchase phases using ASPIC [1], a model-checker for cryptographic protocols under development and discovered a design flaw that can be exploited by dishonest customers to cheat the Merchant.
4 S. Brlek et al. / Information Processing Letters 97 (2006) The attack We exploit now a weakness in the purchase authorization process by the Gateway to develop an attack against SET. The attack is similar to the Lowe s [7] attack against the Needham Schröder protocol and other published attacks such as the Gürgens and Rudolph s attack [5] on the Zhou Gollmann non-repudiation protocol; it involves the deliberate re-use of a supposedly unique session identifier. It is also similar to the attack against SET found by Bella et al. [3]: the attack is possible because signed SET messages contain too little contextual information (so-called explicitness). Both attacks involve a dishonest person re-encrypting received information by using another person s public encryption key. But unlike the attack in [3], requiring the existence of a corrupted Payment Gateway who has more lucrative crimes to commit our attack requires only a collusion between a dishonest merchant and the client. Note that SET defines the local IDs as follows ([9], book 2, p. 267): LID C and LID M are identifiers which are assigned by the Cardholder, Merchant, and/or payment system infrastructure to tag transactions in a manner convenient for each of them; however, other parties may not assume characteristics of these labels. LID M may often be used to hold the Merchant s order number associated with the transaction. Therefore the LID M cannot identify the Merchant and any other Merchant could possibly use the same LID M. Our attack is based on the way the authorization request message (AuthReq) (Fig. 1) is processed by the Gateway. It proceeds as follows. The customer decides to purchase goods but does not want to pay the Merchant. With the help of his accomplice (the Intruder), who must be a Merchant, the customer purchases the same goods from both the honest Merchant and his accomplice using the same supposedly unique transaction IDs (LID M, LID C, XID). This is possible in SET since neither LID M nor XID (a random number) identify the Merchant. The Cardholder sends them the purchase requests (3) PurchReq C M: OI, DualSign, {PI} PKG (3 ) PurchReq C I: OI, DualSign4I, {PI4I} PKG These two messages differ only in the PIHead which appears in both DualSign and PI. In the first message it contains the honest Merchant s ID (MerID) and in the second one the Intruder s one. Both Merchants generate their authorization requests and send them to the Gateway, but the Intruder intercepts the Merchant s request and destroys it. The Gateway proceeds with the Intruder s (4) AuthReq I G: {S I (AuthReqData, ILinkOIPI)} PKG, DualSign4I, {PI4I} PKG where and AuthReqData = H(OIData), HOD, LID M, LID C, XID, AuthRRTags ILinkOIPI = H(AuthReqData, DualSign4I, {PI4I} PKG ) and validates it. Note that the AuthRRTags in the Intruder s authorization request contains MerID, the honest Merchant s ID (not the Intruder s one), but the Gateway does not verify this value ([9], book 3, p. 354). Therefore it is not a real lack of explicitness, but rather a bad verification process. Indeed, the message contains all that is necessary to detect the attack but a weak process verification makes it possible in SET. The Gateway authorizes the transaction and sends the authorization response (5) AuthRes I G: {S G (LID M, LID C, XID, AuthRRTags, PurchAmt, AuthCode)} PKI to the Intruder. As in the Lowe s attack [7], he reencrypts it using the Merchant s public key. When the Merchant receives this authorization response (5 ) AuthRes M I(G): {S G (LID M, LID C, XID, AuthRRTags, PurchAmt, AuthCode)} PKM containing the right transaction IDs and AuthRRTags, signed by the Gateway, he believes that he will receive payment and delivers the goods; so the customer purchased goods from the honest Merchant but pays his accomplice. Fortunately when the Merchant realizes that sales do not balance in his account, he may request the necessary information from his bank in order to trace the faulty transactions and identify the client and his accomplice. It would be sufficient that the Gateway compares the Merchant s ID in the AuthRRTags and the one included in the customer s PI to detect the attack. But a more realistic solution which can guarantee non-repudiation is to bind under the Gateway signature the merchant s and the client s identities. 4. Related works and conclusion Before concluding, let us briefly review some previous works on the verification of SET. In [10] Meadows and Syverson use the temporal language NPATRL to
5 108 S. Brlek et al. / Information Processing Letters 97 (2006) specify many SET requirements, leaving the verification for further research. In [3] the authors prove that the presence of the double signature in the payment authorization request implies that the client is actually the message sender. However, this does not guarantee non-repudiation. Indeed, the analysis carried out by Van Herreweghen [12] reveals some open problems, in particular the fact that SET does not deliver any secure acknowledgment to the client. Also in [3] an attack against SET is described which is similar to our attack involving the presence of a bad Payment Gateway who colludes with a bad Merchant to harm the Cardholder. In [6] Kessler and Neumann propose an authentication logic extending the logic AUTLOG used for modeling the accountability in electronic commerce and then use that logic for formally checking SET and conclude that it is secure. Bolignano [4] describes a verification methodology for analyzing the payment protocols by means of proofs in modal logic. A case study has been done on C-SET, a variant of SET. In [8] Lu and Smolka propose a simplified version of SET checked with FDR, a modelchecker based on the language CSP. Their analysis concludes that the simplified version is secure. However Panti et al. [11] propose two attacks on that version, although these attacks cannot be performed on SET itself. In [2] Bella et al. analyze the registration phase of SET with the help of the Isabelle theorem prover. Their analysis reveals some ambiguities and contradictions in the specification of SET. They also discovered that the verification of properties such as authentication (of messages) and (client merchant) agreement cannot be proved for the whole protocol because of the optional use of nonces. In this paper, we outline the SET protocol and present a flaw in its purchase phase. The attack exploits a weak verification process and allows a dishonest customer to purchase goods for which he does not pay. Our model of SET is more complex than the one in [3], which does not include the AuthRRTags. The flaw could have been discovered in that model [3] but it seems that many authors consider that the supposedly unique IDs (LID M, XID) uniquely identify a given Merchant and a given transaction. This is a plausible explanation for their failure to find the flaw. Acknowledgements The authors wish to thank the anonymous referees for the very careful reading of the paper and their valuable comments. References [1] G. Bastien, J. Mullins, ASPiC: a tool for symbolic analysis of crypto-protocols based on interference checking, in: K. Adi, D. Amyot, L. Logrippo (Eds.), Actes du 5-ième colloque international sur les Nouvelles Technologies de la Répartition (NOTERE2005), 2005, pp [2] G. Bella, F. Massacci, L. Paulson, P. Tramontano, Formal verification of cardholder registration in SET, in: Proc. 6th European Symp. on Research in Comp. Security (ESORICS00), in: Lecture Notes in Comput. Sci., vol. 1895, Springer, Berlin, 2000, pp [3] G. Bella, F. Massacci, L. Paulson, The verification of an industrial payment protocol: the SET purchase phase, in: V. Atluri (Ed.), Proc. 9th ACM Conf. on Computer and Comm. Security, ACM Press, New York, 2002, pp [4] D. Bolignano, Towards the formal verification of electronic commerce protocols, in: Proc. 10th IEEE Computer Security Foundations Workshop, 1997, pp [5] S. Gürgens, C. Rudolph, Security analysis of (un-)fair non-repudiation protocols, in: Lecture Notes in Comput. Sci., vol. 2629, Springer, Berlin, 2003, p. 97. [6] K. Kessler, H. Neumann, A sound logic for analyzing electronic commerce protocol, in: Proc. 5th European Symp. on Research in Comp. Security (ESORICS98), in: Lecture Notes in Comput. Sci., vol. 1485, Springer, Berlin, 1998, pp [7] G. Lowe, Breaking and fixing the Needham Schröder public-key protocol using CSP and FDR, in: Proc. 2nd Internat. Conf. on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 96, in: Lecture Notes in Comput. Sci., vol. 1055, Springer, Berlin, 1996, pp [8] S. Lu, S.A. Smolka, Model checking the secure electronic transaction (SET) protocol, in: Proc. 7th Internat. Symp. on Modeling, Analysis and Simulation of Comp. and Telecom. Systems, 1999, pp [9] MasterCard/Visa, SET Secure Electronic Transaction Specification: Books 1 3, May [10] C. Meadows, P. Syverson, A formal specification of requirements for payment transactions in the SET protocol, in: Proc. 2nd Conf. on Financial Cryptography, in: Lecture Notes in Comput. Sci., vol. 1465, Springer, Berlin, 1998, pp [11] M. Panti, L. Spalazzi, S. Tacconi, S. Valenti, Automatic verification of security in payment protocols for electronic commerce, in: Proc. 4th Internat. Conf. on Enterprise Inform. Systems (ICEIS 02), 2002, pp [12] E. Van Herreweghen, Non-repudiation in SET: open issues, in: Proc. 4th Conf. on Financial Cryptography, in: Lecture Notes in Comput. Sci., vol. 1962, Springer, Berlin, 2001, pp
Verifying the SET Purchase Protocols
Verifying the SET Purchase Protocols Giampaolo Bella Univ. of Cambridge Fabio Massacci Univ. of Trento Lawrence C. Paulson Univ. of Cambridge November 2001 Abstract The Secure Electronic Transaction (SET)
More informationSecure Electronic Transaction (SET protocol) Yang Li & Yun Wang
Secure Electronic Transaction (SET protocol) Yang Li & Yun Wang 1 1. Introduction Electronic commerce, as exemplified by the popularity of the Internet, is going to have an enormous impact on the financial
More informationVisa/MasterCard Secure Electronic Transactions (SET) Scope of SET Protocols
Visa/MasterCard Secure Electronic Transactions (SET) Specification of the Official method of achieving network payment via Credit Cards Announced in February 1996 Supported by Visa, MasterCard, GTE, IBM,
More information10 Secure Electronic Transactions: Overview, Capabilities, and Current Status
10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary
More informationSecurity Analysis of (Un-) Fair Non-repudiation Protocols
Security Analysis of (Un-) Fair Non-repudiation Protocols Sigrid Gürgens and Carsten Rudolph Fraunhofer Institute for Secure Telecooperation SIT Rheinstrasse 75, D-64295 Darmstadt, Germany {guergens,rudolphc}@sit.fraunhofer.de
More informationPayment authorization Payment capture Table 1.3 SET Transaction Types
Table 1.3 lists the transaction types supported by SET. In what follows we look in some detail at the following transactions: Purchase request Payment authorization Payment capture Cardholder registration
More informationMOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES
MOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES Marko Schuba and Konrad Wrona Ericsson Research, Germany ABSTRACT This paper describes the Mobile Chip Electronic Commerce
More informationFormal Modelling of Network Security Properties (Extended Abstract)
Vol.29 (SecTech 2013), pp.25-29 http://dx.doi.org/10.14257/astl.2013.29.05 Formal Modelling of Network Security Properties (Extended Abstract) Gyesik Lee Hankyong National University, Dept. of Computer
More informationStudy for Automatically Analysing Non-repudiation
Study for Automatically Analysing Non-repudiation Judson Santiago and Laurent Vigneron LORIA INRIA-UN2 (UMR 7503) BP 239, 54506 Vandœuvre-lès-Nancy Cedex, France {judson,vigneron}@loria.fr Abstract. While
More informationA Survey on Optimistic Fair Digital Signature Exchange Protocols
A Survey on Optimistic Fair Digital Signature Exchange s Alfin Abraham Vinodh Ewards Harlay Maria Mathew Abstract Security services become crucial to many applications such as e-commerce payment protocols,
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More informationWeb Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn
Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to
More informationLecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005
Lecture 31 Security April 13, 2005 Secure Sockets Layer (Netscape 1994) A Platform independent, application independent protocol to secure TCP based applications Currently the most popular internet crypto-protocol
More informationWEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)
Outline WEB Security & SET (Chapter 19 & Stalling Chapter 7) Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Web Security Considerations
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More information2015-11-02. Electronic Payments Part 1
Electronic Payments Part Card transactions Card-Present Smart Cards Card-Not-Present SET 3D Secure Untraceable E-Cash Micropayments Payword Electronic Lottery Tickets Peppercoin Bitcoin EITN4 - Advanced
More informationQ: Why security protocols?
Security Protocols Q: Why security protocols? Alice Bob A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Confidentiality Authentication Example:
More informationPayment Systems for E-Commerce. Shengyu Jin 4/27/2005
Payment Systems for E-Commerce Shengyu Jin 4/27/2005 Reference Papers 1. Research on electronic payment model,2004 2. An analysis and comparison of different types of electronic payment systems 2001 3.
More informationImprovement of digital signature with message recovery using self-certified public keys and its variants
Applied Mathematics and Computation 159 (2004) 391 399 www.elsevier.com/locate/amc Improvement of digital signature with message recovery using self-certified public keys and its variants Zuhua Shao Department
More informationUsing EMV Cards to Protect E-commerce Transactions
Using EMV Cards to Protect E-commerce Transactions Vorapranee Khu-Smith and Chris J. Mitchell Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, United Kingdom {V.Khu-Smith,
More informationA Digital Signature Scheme in Web-based Negotiation Support System
A Digital Signature Scheme in Web-based Negotiation Support System Yuxuan Meng 1 and Bo Meng 2 1 Department of Computer Science, University of Saskatchewan, Saskatoon, Saskatchewan, S7N 5C9, Canada yxmeng68@yahoo.ca
More informationAn Overview of Common Adversary Models
An Overview of Common Adversary Karl Palmskog palmskog@kth.se 2012-03-29 Introduction Requirements of Software Systems 1 Functional Correctness: partial, termination, liveness, safety,... 2 Nonfunctional
More informationAnalysis of E-Commerce Security Protocols SSL and SET
Analysis of E-Commerce Security Protocols SSL and SET Neetu Kawatra, Vijay Kumar Dept. of Computer Science Guru Nanak Khalsa College Karnal India ABSTRACT Today is the era of information technology. E-commerce
More informationResearch Article. Research of network payment system based on multi-factor authentication
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor
More informationInductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting
Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting Denis Butin 1 / 37 2 / 37 Introduction Network communication sensitive: banking, private correspondence,
More informationMANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS Kanchupati Kondaiah 1, B.Sudhakar 2 1 M.Tech Student, Dept of CSE,
More informationStrengthen RFID Tags Security Using New Data Structure
International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University
More informationSECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS
SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential
More informationAuthentication. Agenda. IT Security course Lecture April 14 th 2003. Niels Christian Juul 2. April 14th, 2003
Authentication IT Security course Lecture April 14 th 2003 Niels Christian Juul Computer Science, building 42.1 Roskilde University Universitetsvej 1 P.O. Box 260 DK-4000 Roskilde Denmark Phone: +45 4674
More informationForging Digital Signatures
Forging Digital Signatures Albert Levi Sabanci University Istanbul, TURKEY levi@sabanciuniv.edu ACSAC 2002 Outline What s a digital signature? How S/MIME handles digital signatures? How to obtain a certificate
More informationThe Advantages of Automatic Protocol Creation
AUTOMATIC PROTOCOL CREATION FOR INFORMATION SECURITY SYSTEM Mr. Arjun Kumar arjunsingh@abes.ac.in ABES Engineering College, Ghaziabad Master of Computer Application ABSTRACT Now a days, security is very
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationSoftware Assignments for a Course in Secure E-Commerce
Software Assignments for a Course in Secure E-Commerce Chris Steketee and Phillip Lock Advanced Computing Research Centre, School of Comp and Info Science University of South Australia, Mawson Lakes, SA
More informationCommon security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon
1 Common security requirements Basic security tools Secret-key cryptography Public-key cryptography Example Online shopping with Amazon 2 Alice credit card # is xxxx Internet What could the hacker possibly
More informationVerifying security protocols using theorem provers
1562 2007 79-86 79 Verifying security protocols using theorem provers Miki Tanaka National Institute of Information and Communications Technology Koganei, Tokyo 184-8795, Japan Email: miki.tanaka@nict.go.jp
More informationWeb Security. Mahalingam Ramkumar
Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationSECURITY IN ELECTRONIC COMMERCE MULTIPLE-CHOICE QUESTIONS
MULTIPLE-CHOICE QUESTIONS Each question has only one correct answer, which ought to be clearly pointed out with an 'X'. Each question incorrectly answered will be evaluated as minus one third of the mark
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationOn Electronic Payment Systems
On Electronic Payment Systems Ronald Cramer, Ivan Damgård and Jesper Buus Nielsen CPT 2009 April 22, 2009 Abstract This note is an introduction to the area of electronic cash (ecash) schemes. The note
More informationElectronic Payments. EITN40 - Advanced Web Security
Electronic Payments EITN40 - Advanced Web Security 1 Card transactions Card-Present Smart Cards Card-Not-Present SET 3D Secure Untraceable E-Cash Micropayments Payword Electronic Lottery Tickets Peppercoin
More informationAPPLYING FORMAL METHODS TO CRYPTOGRAPHIC PROTOCOL ANALYSIS: EMERGING ISSUES AND TRENDS
PPLYING FORML METHODS TO CRYPTOGRPHIC PROTOCOL NLYSIS: EMERGING ISSUES ND TRENDS Catherine Meadows Code 5543 Center for High ssurance Computer Systems US Naval Research Laboratory Washington, DC 20375
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationAdversary Modelling 1
Adversary Modelling 1 Evaluating the Feasibility of a Symbolic Adversary Model on Smart Transport Ticketing Systems Authors Arthur Sheung Chi Chan, MSc (Royal Holloway, 2014) Keith Mayes, ISG, Royal Holloway
More informationAn Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood
An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood One significant impediment to the widespread adoption of public-key cryptography is its dependence on a public-key infrastructure
More informationSECURITY IN ELECTRONIC COMMERCE - SOLUTION MULTIPLE-CHOICE QUESTIONS
MULTIPLE-CHOICE QUESTIONS Each question has only one correct answer, which ought to be clearly pointed out with an 'X'. Each question incorrectly answered will be evaluated as minus one third of the mark
More informationAn Introduction to Cryptography and Digital Signatures
An Introduction to Cryptography and Digital Signatures Author: Ian Curry March 2001 Version 2.0 Copyright 2001-2003 Entrust. All rights reserved. Cryptography The concept of securing messages through
More informationAnalysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud
Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud M.Jayanthi, Assistant Professor, Hod of MCA.E mail: badini_jayanthi@yahoo.co.in MahatmaGandhi University,Nalgonda, INDIA. B.Ranganatha
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationA Study on Secure Electronic Medical DB System in Hospital Environment
A Study on Secure Electronic Medical DB System in Hospital Environment Yvette E. Gelogo 1 and Sungwon Park 2 * 1 Catholic University of Daegu, Daegu, Korea 2 Department of Nursing, Hannam University, 133
More informationA Noval Approach for S/MIME
Volume 1, Issue 7, December 2013 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com A Noval Approach for S/MIME K.Suganya
More informationAn Introduction to Digital Signature Schemes
An Introduction to Digital Signature Schemes Mehran Alidoost Nia #1, Ali Sajedi #2, Aryo Jamshidpey #3 #1 Computer Engineering Department, University of Guilan-Rasht, Iran m.alidoost@hotmail.com #2 Software
More informationA Proposal for Authenticated Key Recovery System 1
A Proposal for Authenticated Key Recovery System 1 Tsuyoshi Nishioka a, Kanta Matsuura a, Yuliang Zheng b,c, and Hideki Imai b a Information & Communication Business Div. ADVANCE Co., Ltd. 5-7 Nihombashi
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationChapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory
There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution
More informationComments on "public integrity auditing for dynamic data sharing with multi-user modification"
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers Faculty of Engineering and Information Sciences 2016 Comments on "public integrity auditing for dynamic
More informationAuthentication applications Kerberos X.509 Authentication services E mail security IP security Web security
UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,
More informationModeling and verification of security protocols
Modeling and verification of security protocols Part I: Basics of cryptography and introduction to security protocols Dresden University of Technology Martin Pitt martin@piware.de Paper and slides available
More informationWhy Cryptosystems Fail. By Ahmed HajYasien
Why Cryptosystems Fail By Ahmed HajYasien CS755 Introduction and Motivation Cryptography was originally a preserve of governments; military and diplomatic organisations used it to keep messages secret.
More informationSecurity/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan
Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan 1 Internet of Things (IoT) CASAGRAS defined that: A global
More informationChapter 3. Network Domain Security
Communication System Security, Chapter 3, Draft, L.D. Chen and G. Gong, 2008 1 Chapter 3. Network Domain Security A network can be considered as the physical resource for a communication system. This chapter
More informationCryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More informationChapter 16: Authentication in Distributed System
Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal
More informationSCADA System Security, Complexity, and Security Proof
SCADA System Security, Complexity, and Security Proof Reda Shbib, Shikun Zhou, Khalil Alkadhimi School of Engineering, University of Portsmouth, Portsmouth, UK {reda.shbib,shikun.zhou,khalil.alkadhimi}@port.ac.uk
More informationUnderstanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions
Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,
More informationPart I System Design Considerations
as of December 10, 1998 Page 1 Overview Part I System Design Considerations Introduction Part I summarizes system design considerations to be used in developing SET toolkits and applications. It provides
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationChapter 6 Electronic Mail Security
Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationInternational Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,
More informationA Simulation Game for Teaching Secure Data Communications Protocols
A Simulation Game for Teaching Secure Data Communications Protocols Leonard G. C. Hamey Department of Computing, Macquarie University, Sydney, Australia ABSTRACT With the widespread commercial use of the
More informationAuthentication Protocols Using Hoover-Kausik s Software Token *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science
More informationKerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk
Kerberos Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Entity Authentication and Key Exchange In the last talk, we discussed key exchange and reviewed some concrete
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationElectronic Contract Signing without Using Trusted Third Party
Electronic Contract Signing without Using Trusted Third Party Zhiguo Wan 1, Robert H. Deng 2 and David Lee 1 Sim Kim Boon Institute for Financial Economics 1, School of Information Science 2, Singapore
More informationUnderstanding Digital Certificates and Secure Sockets Layer (SSL)
Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?
More informationFormal Methods in Security Protocols Analysis
Formal Methods in Security Protocols Analysis Li Zhiwei Aidong Lu Weichao Wang Department of Computer Science Department of Software and Information Systems University of North Carolina at Charlotte Big
More informationEfficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage
Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage Priyanga.R 1, Maheswari.B 2, Karthik.S 3 PG Scholar, Department of CSE, SNS College of technology, Coimbatore-35,
More informationAn Anonymous Fair Exchange E-commerce Protocol
An Anonymous Fair Exchange E-commerce Protocol Indrakshi Ray Indrajit Ray Department of Computer and Information Science University of Michigan-Dearborn 490 Evergreen Road, Dearborn, MI 488 Email: iray,
More informationPaper-based Document Authentication using Digital Signature and QR Code
2012 4T International Conference on Computer Engineering and Technology (ICCET 2012) Paper-based Document Authentication using Digital Signature and QR Code Maykin Warasart and Pramote Kuacharoen Department
More informationThe Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems
The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationA Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA
A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA Mr.Mahesh S.Giri Department of Computer Science & Engineering Technocrats Institute of Technology Bhopal, India
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationDeriving Secure Network Protocols for Enterprise Services Architectures
1 Deriving Secure Network Protocols for Enterprise Services Architectures Matthias Anlauff, Dusko Pavlovic, and Asuman Suenbuel Kestrel Institute SAP Research Labs 3260 Hillview Avenue 3175 Deer Creek
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationEFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE
EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE Reshma Mary Abraham and P. Sriramya Computer Science Engineering, Saveetha University, Chennai, India E-Mail: reshmamaryabraham@gmail.com
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email
CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationCONSEPP: CONvenient and Secure Electronic Payment Protocol Based on X9.59
CONSEPP: CONvenient and Secure Electronic Payment Protocol Based on X9.59 Albert Levi Information Security Lab Electrical and Computer Engineering Dept. Oregon State University, Corvallis, Oregon 97331
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More information15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM
RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM Dhanashri Bamane Vinayak Pottigar Subhash Pingale Department of Computer Science and Engineering SKN
More information