Vorapranee Khu-smith (2003) Enhancing the security of electronic commerce transactions .
Full text access: Open
This thesis looks at the security of electronic commerce transaction process- ing. It begins with an introduction to security terminology used in the thesis. Security requirements for card payments via the Internet are then described, as are possible protocols for electronic transaction processing. It appears that currently the Secure Socket Layer (SSL) protocol together with its standardised version Transport Layer Security (TLS) are the most widely used means to se- cure electronic transactions made over the Internet. Therefore, the analysis and discussions presented in the remainder of the thesis are based on the assumption that this protocol provides a `baseline' level of security, against which any novel means of security should be measured. The SSL and TLS protocols are analysed with respect to how well they satisfy the outlined security requirements. As SSL and TLS provide transport layer security, and some of the security requirements are at the application level, it is not surprising that they do not address all the identi¯ed security requirements. As a result, in this thesis, we propose four protocols that can be used to build upon the security features provided by SSL/TLS. The main goal is to design schemes that enhance the security of electronic transaction processing whilst imposing minimal overheads on the involved parties. In each case, a description of the new scheme is given, together with its advantages and limitations. In the ¯rst protocol, we propose a way to use an EMV card to improve the security of online transactions. The second protocol involves the use of the GSM subscriber authentication service to provide user authentication over the Internet. Thirdly, we propose the use of GSM data con¯dentiality service to protect sensitive information as well as to ensure user authentication. Regardless of the protection scheme employed for the transactions, there exist threats to all PCs used to conduct electronic commerce transactions. These residual threats are examined, and motivate the design of the fourth protocol, proposed speci¯cally to address cookie threats.
This is a Published version This version's date is: 06/2003 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/e42a99f4-78e1-69a3-87fd-6ac743f828ca/1/
Deposited by () on 14-Jul-2010 in Royal Holloway Research Online.Last modified on 10-Dec-2010
[1] 3rd Generation Partnership Project (3GPP). 3GPP TS 33.102: Securityarchitecture, December 2002.
[2] V. Anupam and A. Mayer. Security of web browser scripting languages:Vulnerabilities, attacks and remedies. In Proceedings of the seventhUSENIX Security Symposium, pages 187{200. USENIX, January 1998.[3] H. Berghel. Caustic cookies. Communications of the ACM, 44(5):19{22,May 2001.[4] C. W. Blanchard. Wireless security. In R. Temple and J. Regnault, editors,Internet and Wireless Security, pages 147{162. The Institution of ElectricalEngineers, London, 2002.[5] K. Boman, G. Horn, P. Howard, and V. Niemi. UMTS security. ElectronicsCommunication Engineering Journal, 14(5):191{204, October 2002.[6] Bureau of Export Administration, Department of Commerce. Revisions toencryption items. Federal Register, 65(203), October 2000.[7] The CERT Coordination Center. Malicious HTML tags em-bedded in client web requests, February 2000. Available athttp://www.cert.org/advisories/CA-2000-02.html.[8] The CERT Coordination Center. Netscape Navigator improperly validatesSSL sessions, May 2000. Available at http://www.cert.org/advisories/CA-2000-05.html.[9] J. Claessens, B. Preneel, and J. Vandewalle. Combining World Wide Weband wireless security. In B. De Decker, F. Piessens, J. Smits, and E. VanHerreweghen, editors, Advances in Network and Distributed Systems Secu-rity, Proceedings of IFIP TC11 WG11.4 First Annual Working Conferenceon Network Security, pages 153{171. Kluwer Academic Publishers, Boston,2001.[10] D. D. Clark and D. R. Wilson. A comparison of commercial and militarycomputer security policies. In Proceedings of the 1987 IEEE Symposium onSecurity and Privacy, pages 184{194. IEEE Computer Society Press, 1987.[11] T. Dierks and C. Allen. The TLS protocol version 1.0 | RFC 2246. IETF,January 1999.[12] W. Di®e and M. Hellman. New directions in cryptography. IEEE Trans-actions on Information Theory, IT-22:644{654, 1976.[13] EMVCo. EMV 2000 Integrated Circuit Card Speci¯cation for Payment Sys-tems Version 4.0 | Book 1: Application Independent IC Card to TerminalInterface Requirements, December 2000.[14] EMVCo. EMV 2000 Integrated Circuit Card Speci¯cation for PaymentSystems Version 4.0 | Book 2: Security and Key Management, December2000.[15] EMVCo. EMV 2000 Integrated Circuit Card Speci¯cation for PaymentSystems Version 4.0 | Book 3: Application Speci¯cation, December 2000.[16] EMVCo. EMV 2000 Integrated Circuit Card Speci¯cation for PaymentSystems Version 4.0 | Book 4: CardHolder, Attendant, and Acquirer In-terface Requirements, December 2000.[17] ETSI. Digital cellular telecommunications system (Phase 2+); Security as-pects (GSM 02.09 version 8.0.1). European Telecommunications StandardsInstitution (ETSI), June 2001.[18] ETSI. Digital cellular telecommunications system (Phase 2+); Securityrelated network functions (GSM 03.20 version 8.1.0). European Telecom-munications Standards Institution (ETSI), July 2001.[19] E. Felten, D. Balfanz, D. Dean, and S. Wallach. Web spoo¯ng: An Internetcon game. In Proceedings of the twentieth National Information System Se-curity Conference, Baltimore, Maryland, pages 95{104. Computer SecurityResource Center, October 1997.[20] Federal Information Processing Standards (FIPS). FIPS PUB 186-2: Dig-ital Signature Standard. Gaithersburg, MD, January 2000.[21] D. Flanagan. Java in a nutshell. O'Reilly, 1999.[22] W. Ford. Computer communications security: Principles, standard proto-cols and techniques. Prentice Hall, 1994.[23] W. Ford and M. S. Baum. Secure Electronic Commerce: Building theinfrastructure for digital signatures and encryption. Prentice Hall PTR,second edition, 2001.[24] Electronic Frontier Foundation. Cracking DES: Secrets of Encryption Re-search, Wiretap Politics, and Chip Design. O'Reilly, Sebastopol, CA, 1998.[25] A. O. Freier, P. Karlton, and P. C. Kocher. The SSL protocol version 3.0.Netscape, 1996.[26] S. Gar¯nkel and G. Spa®ord. Web Security & Commerce. O'Reilly, 1997.[27] A. Ghosh. E-Commerce Security. John Wiley and Sons, Inc., Third Avenue,New York, 1998.[28] D. Gollmann. What do we mean by entity authentication? In Proceedingsof the 1996 IEEE Symposium on Security and Privacy, pages 46{54. IEEEComputer Society Press, 1996.[29] D. Gollmann. Computer security. John Wiley and Sons, 1999.[30] L. Gong. Inside JavaTM2 Platform Security: Architecture, API design,and implementation. Addison-Wesley, 1999.[31] B. Hancock. Security views: Some cookies are not tasty. Computers &Security, 17(5):374{376, 1998.[32] B. Haselton and J. McCarthy. Internet Explorer open cookie jar. Availableat http://www.peace¯re.org/security/iecookies/, May 2000.[33] V. Hassler. Security Fundamentals for E-commerce. Artech House Pub-lishers, 2001.[34] V. Hassler and O. Then. Controlling applets' behaviour in a browser. InProceedings of the 14th Annual Computer Security Applications Conference(ACSAC'98, Dec 7-11, 1998, Scottsdale, Arizona, USA), pages 120{128.IEEE Computer Society Press, 1998.[35] Institute of Electrical and Electronics Engineers (IEEE). IEEE P1363:Standard speci¯cations for public key cryptography, 2000.[36] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC 11770-1: Infor-mation technology | Security techniques | Key management | Part 1:Framework, 1996.[37] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC 10118-3: Infor-mation technology | Security techniques | Hash Functions | Part 3:Dedicated hash functions, 1998.[38] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC 10118-4: Infor-mation technology | Security techniques | Hash Functions | Part 4:Hash-functions using modular arithmetic, 1998.[39] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC 14888-1: Informa-tion technology | Security techniques | Digital signatures with appendix| Part 1: General, 1998.[40] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC 14888-2: Informa-tion technology | Security techniques | Digital signatures with appendix| Part 2: Identity-based mechanisms, 1999.[41] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC 9797-1: Informa-tion technology | Security techniques | Message Authentication Codes(MACs) | Part 1: Mechanisms using a block cipher, 1999.[42] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC 10118-1: Infor-mation technology | Security techniques | Hash Functions | Part 1:General, 2000.[43] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC 10118-2: Infor-mation technology | Security techniques | Hash Functions | Part 2:Hash-functions using an n-bit block cipher, 2000.[44] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC). ISO/IEC 9796-2: Information tech-nology | Security techniques | Digital signature schemes giving messagerecovery | Part 2: Mechanisms using a hash-function, 2002.[45] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC). ISO/IEC 9797-2: Information tech-nology | Security techniques | Message Authentication Codes (MACs)| Part 2: Mechanisms using a dedicated hash-function, 2002.[46] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC FCD 18033-1: In-formation technology | Security techniques | Encryption algorithms |Part 1: General, March 2003.[47] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC FCD 18033-2: In-formation technology | Security techniques | Encryption algorithms |Part 2: Asymmetric ciphers, March 2003.[48] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC FCD 18033-3: In-formation technology | Security techniques | Encryption algorithms |Part 3: Block ciphers, March 2003.[49] International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC), Geneva. ISO/IEC FCD 18033-4: In-formation technology | Security techniques | Encryption algorithms |Part 4: Stream ciphers, March 2003.[50] ITU-T. X.800 Data Communication Networks: Open System Interconnec-tion (OSI); Security, structure and Applications | Security architecturefor Open Systems Interconnection for CCITT Applications. Geneva, 1991.Also published as ISO 7498-2.[51] ITU-T. Recommendation X.509, Information technology | Open Sys-tems Interconnection | The Directory: Public-key and attribute certi¯cateframeworks. Geneva, March 2000.[52] R. Keller, G. Zavagli, J. Hartmann, and F. Williams. Mobile electroniccommerce: Research investigations into loading and payment functionalityin wireless wallets, 1998. Available at http://citeseer.nj.nec.com/cs.[53] V. Khu-smith. An implementation °aw concerning Netscape Navigatorand cookies. Internal Report, Information Security Group, Royal Holloway,University of London, June 2000.[54] V. Khu-smith. User's security risks: a comparison of SSL and SET. In-ternal Report, Information Security Group, Royal Holloway, University ofLondon, June 2000.[55] V. Khu-smith and C. J. Mitchell. Enhancing the security of cookies. InK. Kim, editor, Proceedings of the 4th International Conference on Infor-mation Security and Cryptology { ICISC 2001, Seoul, Korea, Lecture Notesin Computer Science 2288, pages 132{145. Springer-Verlag, December 2001.[56] V. Khu-smith and C. J. Mitchell. Electronic transaction security: An anal-ysis of the e®ectiveness of SSL and TLS. In Proceedings of InternationalConference on Security and Management (SAM '02), Las Vegas, Nevada,USA, pages 425{429. CSREA Press, June 2002.[57] V. Khu-smith and C. J. Mitchell. Enhancing e-commerce security usingGSM authentication. Technical Report RHUL-MA-2002-3, MathematicsDepartment, Royal Holloway, University of London, December 2002. Avail-able at http://www.ma.rhul.ac.uk/techreports.[58] V. Khu-smith and C. J. Mitchell. Using EMV cards to protect e-commercetransactions. In K. Bauknecht, A. Min Tjoa, and G. Quirchmayr, edi-tors, Proceedings of EC-Web 2002, 3rd International Conference on Elec-tronic Commerce and Web Technologies, Aix-en-Provence, France, LectureNotes in Computer Science 2455, pages 388{399. Springer-Verlag, Septem-ber 2002.[59] V. Khu-smith and C. J. Mitchell. Using GSM to enhance e-commercesecurity. In Proceedings of the Second ACM International Workshop onMobile Commerce, Atlanta, Georgia, USA (WMC '02), pages 75{81. ACMPress, September 2002.[60] H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing forMessage Authentication | RFC 2104. IETF, February 1997.[61] D. Kristol and L. Montulli. HTTP State Management Mechanism | RFC2109. IETF, 1997.[62] S. Laurent. Cookies. McGraw-Hill, 1998.[63] MasterCard International Incorporated. A White Paper: Using EMV forRemote Authentication, December 2001.[64] G. McGraw and E. Felten. Java Security: hostile applets, holes, and anti-dotes. John Wiley and Sons, 1996.[65] G. McGraw and E. W. Felten. Securing Java: getting down to businesswith mobile code. John Wiley and Sons, Inc., New York, 1999.[66] A. F. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook ofapplied cryptography. CRC Press, 1997.[67] C. J. Mitchell. The security of the GSM air interface proto-col. Technical Report RHUL-MA-2001-3, Mathematics Department,Royal Holloway, University of London, August 2001. Available athttp://www.ma.rhul.ac.uk/techreports.[68] Netscape. Persistent Client State HTTP Cookies. Netscape, 1996.[69] S. Oaks. Java Security. O'Reilly, 1999.[70] D. O'Mahony, M. Peirce, and H. Tewari. Electronic Payment System forE-Commerce. Artech House Publishers, 2001.[71] J. Park and R. Sandhu. Secure cookies on the web. IEEE Internet Com-puting, 4(4):36{44, July/August 2000.[72] C. P. P°eeger. Security in computing. Prentice Hall International, Inc.,1997.[73] E. Rescorla. SSL and TLS | Building and Designing Secure Systems.Addison Wesley, 2000.[74] R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digitalsignatures and public key cryptosystem. Communications of the ACM,21:120{126, February 1978.[75] D. Ross, I. Brugiolo, J. Coates, and M. Roe. Cross-site scripting overview.http://www.microsoft.com/technet/security/, February 2000.[76] SETCo. Secure Electronic Transaction Standard | Book 1: Business De-scription, 1997. Available at http://www.setco.org.[77] SETCo. Secure Electronic Transaction Standard | Book 2: Programmer'sGuide, 1997. Available at http://www.setco.org.[78] SETCo. Secure Electronic Transaction Standard | Book 3: Formal Pro-tocol De¯nitions, 1997. Available at http://www.setco.org.[79] SETCo. Secure Electronic Transaction Standard | Glossary, 1997. Avail-able at http://www.setco.org.[80] E. Sit and K. Fu. Web cookies: Not just a privacy risk. Communicationsof the ACM, 44(9):120, September 2001.[81] W. Stallings. Cryptography and network security: Principles and practice.Prentice Hall, 1999.[82] D. Stein. Web Security. Addison-Wesley, Boston, 1998.[83] D. R. Stinson. Cryptography: Theory and practice. CRC Press, 1995.[84] S. G. Stubblebine, P. F. Syverson, and D. M. Goldschlag. Unlinkable serialtransactions: protocols and applications. ACM Transactions on Informa-tion and System Security, 2(4):354{389, 1999.[85] S. Thomas. SSL and TLS Essentials | Securing the Web. John Wiley andSons, New York, 2000.[86] E. Turban, J. Lee, D. King, and H. M. Chung. Electronic Commerce: Amanagerial perspective. Prentice Hall, 2000.[87] J. D. Tygar and A. Whitten. WWW electronic commerce and Java tro-jan horses. In Proceedings of the second USENIX Workshop on ElectronicCommerce, pages 243{250. USENIX, November 1996.[88] K. Vedder. GSM: Security, services, and the SIM. In B. Preneel andV. Rijmen, editors, State of the Art in Applied Cryptography, Lecture Notesin Computer Science 1528, pages 224{240. Springer-Verlag, 1998.[89] Visa International Service Association. 3-D Secure Protocol Speci¯cation:Extension for mobile Internet devices version 1.0.1, November 2001.[90] Visa International Service Association. 3-D Secure Protocol Speci¯cation:Core functions version 1.0.2, July 2002.[91] Visa International Service Association. 3-D Secure Protocol Speci¯cation:System overview version 1.0.2, July 2002.[92] M. Walker and T. Wright. Security. In F. Hillebrand, editor, GSM andUMTS: The Creation of Global Mobile Communication, pages 385{406.John Wiley & Sons Ltd., 2002.[93] K. Woodsend. Technical Speci¯cation Group Terminals; USIM ApplicationToolkit (USAT). 3rd Generation Partnership Project, June 2002.[94] J. P. Yang and K. H. Rhee. The design and implementation of improvedsecure cookies based on certi¯cate. In A. Menezes and P. Sarkar, editors,Progress in Cryptology | INDOCRYPT 2002, Lecture Notes in ComputerScience 2551, pages 314{325. Springer-Verlag, 2002.[95] E. Z. Ye, Y. Yuan, and S. Smith. Web spoo¯ng revisited: SSL and be-yond. Technical Report TR2002-417, Department of Computer Science,Dartmouth College, February 2002.