E-Commerce and the security problem. Nitsan Avivi Tsila Ben-Moshe SDBI – Fall 2000

Computer Science,

Hebrew University,

Jerusalem

Index:

Introduction - what is e-commerce, how it work, main components, trends

Security - problems and solutions (RSA, HTTPS, SSL, SET)

SDML – Signed Document Markup Language

A Bit Of History The first E-commerce sales were in… 1886! When a telegraph operator, one Sears

sold watches using the “net” :-) 1994 marks the beginning of the “commercial

age” in the internet. July 1995, AMAZON.COM is founded.

Trading Volume On The Net

1996 -3B $ 1998 -17B $ 2000 - 100B $ 2001 - 200-700B $!! Gateway sales for 4M $ a day through the net. In 1999 the # of net consumers was estimated at

130 M. 51% of the net is commercial. AMAZON has 60M customers in 160 states.

E-Commerce - Definition The processes by which organizations

conduct business electronically with their customers, suppliers and other external business partners, using the Internet as an enabling technology

Encompasses both business-to-business and business-to-consumer models

E-commerce VS E-business

E-commerce trading products through the web to private consumers. Unknown consumers in open to public stores.

E-business - transaction between firms, banks such as signing contracts, contract offers, etc. the negotiating sides usually know each other well.

E-Commerce Main “factors”

The main “ingredients”: 1 net(preferably secured), some vendors(with SSL supporting

servers), A lot of consumers(with HTTPS supporting

browsers) For the gravy: a database, forms and orders

handling software.

The paying issue

Since consumer/vendor never really meet, payment has to be made with virtual money. coins and bills just won’t fit through the modem connection...

The most popular way is with credit cards: pros- well known, wide spread, easy to use, internationally supported.

But-

The paying issue (cont.) Cons: Not practical for small payments

(under 5 $) due to the commission that the credit cards companies charge.

No privacy, identifies the payer (not so “hot” if your wife finds the sex site bills in the monthly bill…;-) )

He who has the number, have it all! The security problem is a very serious

one that will be discussed later on.

The Paying Issue (Cont.)

E-money: an electronic wallet that the consumer charge with money. eCash-The “coins” are strings containing value and a code, which the customer buy from the bank. When the payer pays, the strings are transmitted to the payee. The payee then confirms the strings with the bank and get real money.

Paying Issue(Cont.)

Pros-effective for small payments, and allows privacy.But-

Cons: complex and not widely supported. The companies behind the two major

protocols are in big financial problems...

Paying Issue(Cont.)

Smart-cards: an hardware device that stores information about the amount of money charged in it (Mondex).

Pros: easy and safe to use. Cons: has to fight the credit cards. More common in Europe then in the U.S

E-Commerce Security

Secured payment transaction system is critical to E-Commerce

The traditional Electronic Data Interchange (EDI) system has been implemented within trusted network only.

EDI is not good for e-commerce systems over wide-open, insecure Internet.

Business-To-Consumer Security (consumer point of view) While purchasing on an e-commerce website

using their credit cards consumers are jeopardizing, because this information might be stolen.

A team of hackers hacked into several websites and then sent a list of names along with their credit card information, including Bill Gates' credit card information, to a broadcasting station (26 Mar. 2000).

Business-To-Consumer Security(company point of view) The success of an e-commerce web site is

built on the trust of its customers. A customer must believe that their information will be protected

Security is a trade-off between access and protection as well as resources and money

e-commerce companies have an ethical obligation to provide a secure web site.

Major problem: confidiality Solution: encryption

Business-To-Business Security In general the parties are engaged in

business, the web is another media allowing them exchange data electronically.

Signing documents, for example, requires to ensure the other party’s identity.

Major problem: verification Solution: authentication

Security – Encryption Using RSA public-key cryptosystem for both encryption and

authentication, without sharing any private keys. encryption and verification done using only public

keys. decryption and signing possible only by someone

in possession of the correct private key. RSA is more and more popularly used in the

Internet commerce systems.

Security Solutions SSL - Secure Sockets Layer SSL is the secure layer inserted between

TCP and HTTP SSL is a protocol intended for secure

communication between a client and a server. enables the customer (client) to be certain of the vendor (server) but not vice versa. For that reason, the use of SSL is often supplemented by passwords for user authentication.

Solutions(Cont.) HTTPS - HTTP Secure

HTTPS on top of SSL, a secure version of HTTP.

Web browsers access a Web server that supports SSL will be required to use HTTPS protocol in URL that looks like this:

https://iPier.com/SSL.html

Solutions (Cont.)SET Secure Electronic Transactions SET protocol is used by VISA and MasterCard. uses RSA public-key cryptography for encryption and

authentication. Three Participants Cardholder. Credit card user - buyer. Merchant: Seller. Payment Gateway : Server that processes

payment information. Plus Certificate Authority : Authority that issues

certificates to three types of participants.

SET (Cont.)

SET protocol has three important features: 1. All sensitive information sent between the three participants are encrypted. 2. All three participants are required to authenticate themselves with certificates. 3. The merchant doesn't see the customer's card number in plaintext. The three feature actually make Internet commerce

more secure than traditional credit card transactions.

SET (Cont.) Dual Digital Signature digital signature encryption, the process

that "locks" online documents so that they can't be tampered

SET uses dual digital signature for encrypting the message using the sender’s private key, and the recipient can verify the originality of the message received – authentication.

SSL vs. SET

SSL - provides a simple encrypted connection between the client's computer and merchant's server over Internet and authentication for the merchant's server with its digital certificate from a certificate authority

Requires to install a web server support SSL, obtain and assign a digital certificate from a certificate authority.

Fairly easy to be implemented, has been built into major web servers and browsers.

SSL vs. SET (Cont.)

Is SSL really secure? It is more secure than phone and postal

mail delivery. But the security ends at merchant's site. It does not keep the credit-card numbers

out of the merchant's hands!

SSL vs. SET (Cont.)

SET - The last feature (merchant never sees the customer's card number in plaintext) makes Internet commerce more secure than traditional credit card transaction and it is also more secure than SSL.

To implement SET in e-commerce on Internet, it requires the SET special software implemented widely in client's web browser. It is a big challenge to make such software widely available to the Internet community.

Dealing With Security Problems

The online sale sites try to deal with the security problem and the uneasiness that it causes with consumers in various ways-

trying to make security as good and OBVIOUS as possible.

Avoid keeping any consumers’ sensitive data on the web (e.g credit card number)

Dealing With Security Problems(Cont.) Making the sale on the net, but getting the

details off line. Confirming identity with a onetime

password, and acquiring the details from a secured “middle men”.

Examples:

4SALE-OBVIOUS Security

To be able to buy you first have to register as a member with a user name and a password.

A data base saves all the members information-address, phone #, and credit card #.

Privacy policy and the fact that the site uses SSL protocol are underlined and impossible to miss

4SALE(Cont.)

Pros-very easy to use- fast with very little fuss.

Cons-your details are all alone in the big cold web, just waiting for some big bad wolf to offer them a candy...

NETACTION - No Database

No registering or membership- you insert your details just when you want to use the vendors services.

Pros-no details are kept in a long lived database, so no one can steal them.

Cons- very slow and tiring procedure that u have to repeat every time. Data IS kept for some time in the system after all.

OLSALE-2 Stages

You register as a member, but you don’t need to leave any sensitive information. If a purchase is made, the vendor contact you offline to fill up the missing details.

Pros-online procedure is fast and easy. As safe as ordering a pizza.

Cons- demands that you will be accessible. As safe as ordering a pizza...

SHOPY-using OTP

You acquire a one time password system from a “middle man”. And register once with him.

Instead of filling your personal details, you send an OTP generated by the system (in this case- a card). The OTP may include details on the sum of money as well.

SHOPY-using OTP(Cont.)

Pros-easy enough to use. Details are kept offline-less vulnerable.

Cons-you need to get the system first, and the system is not widely supported by vendors. Your details are available to a third party.Just one step behind smartCards (credit cards are still involved)

Still One Basic Problem

All the above methods take care of the basic risk (and common fear) of someone tapping the lines/breaking into the data base.

Not taking care of the case that the vendor himself is the crook.

SDML - Signed Document Markup Language SDML was developed by the Financial

Services Technology Consortium (FSTC). The signatures become part of the SDML

document and can be verified by the recipients as the document travels through the business process.

example of a signed electronic document

SDML (Cont.) SDML enables: Verifiability of Origin - recipient can authenticate

that the document was created by a specific person or institution, and that the signature was not forged or created by an impostor.

Integrity - A document recipient can determine that the document has not been altered in any way since it was signed.

Accountability - recipient can prove to a third party that the document was created by the signer.

SDML Document Structure(Cont.) Each document is comprised of a number of

blocks, each block contains some common field (elements), and also contains fields that are specific to the type of block.

All blocks that must be protected from tampering and all blocks that must be authenticated are signed using a digital signature, contained in a signature block.

The digital signature uses one of the standard digital signature algorithms, such as MD5/RSA

or SHA/DSS.

SDML Document Structure(Cont.) The concept of the SDML electronic document is

that it is a flexible structure. Separating signatures, certificates, actual data, etc., into separate blocks allows a rich, complex document to be built from these "primitives,"

while retaining a standard format which can be parsed and verified according to a standard syntax definition, which allows it to be easily transmitted by a variety of methods (e-mail, file transfer, storage media, etc.).

Electronic Document Definition A document consists of one or more

enclosed documents. Each enclosed document is built inside a

<sdml-doc> tag structure.

Inside a document are one or more blocks <sdml-doc docname="cccccccc"

type="cccccccc">                      </sdml-doc>

Electronic Document Definition(Cont.) docname - document name, assigned by the

software creating the document. If multiple SDML documents are being created at as part of one file or transmission, document names should be unique. This name should contain a maximum of 64 characters.

type - used by the receiving software to ensure that it has received the correct type of document, that it knows how to process. chosen from a list of pre-defined types, or may be types agreed upon by the sending and receiving parties.

Electronic Document Definition(Cont.) except that the latter agreed-upon types may

not conflict with any pre-defined types. To prevent such conflict between pre-

defined, standardized document types, and privately agreed-upon types, all privately agreed-upon document types should be prefixed with the characters "p-" (meaning private).

type="p-autoloan"

Block Definitions Each SDML block starts and ends with one of the

following sets of block tags: <action> </action> describing the action to be

performed by the recipient  <signature> </signature> signatures and hashes

of other blocks  <cert> </cert> public key certificate  <attachment> </attachment> associated

document attached to an SDML document  <message> </message> informational message,

such as an error report 

Block Common Field Definitions

Common fields: Each of the blocks contains some field definitions which are common to all block types, as follows:

    <blkname>ccccccc     <crit>true|false    <vers>nnn.nnn blkname (required) - character string

which assigned creating by software creating. must be unique within a document.

Block Common Field Definitions (Cont.) crit – (optional) boolean flag used to determine if

a block is critical, meaning the receiving software must be able to process the block.. If critical and can not process it, must abort it or handle exception.

vers - (optional) number which indicates the version of the block, used by receiving software to determine if it is capable of parsing/processing a block. If the version number is not specified, it is assumed to be 1.0. 

Action Block Definition action block example function (required) character string chosen

from a set of commands or verbs specific to the application or type of document being sent.

reason (required) the reason that the document is being transmitted to the recipient.

process – original, fully process resend – process only if it’s not duplicate test – don’t fully process

Action Block Definition (Cont.) info - informational only, don’t processed.  return - being sent back to the originator as

a returned item.

the document will usually contain a <message> block indicating the reason for the return. 

Signature Block Definition signature block example contains a digital signature for another block, or

set of block required whenever a block must be authenticated,

or tamper-proofed. contains the reference to the certificate block

containing the public key used to verify the signature

contains many fields, in general the blocks signed, the actual hashing, the ref to the public key, the algoritm used for signing etc.

certificate block example blkname (required) since the <cert> block

is signed by the authority issuing the electronic token, it is not changeable at runtime by SDML-generating software. must be guaranteed to be unique for all subsequent documents.

certtype (required) this field indicates the type of certificate contained in the block

Certificate Block Definition

Certificate Block Definition(Cont.) certissuer (required) the unique

distinguished name of the issuer of the certificate.

certserial (required) The unique certificate serial number assigned by the issuer of the certificate. 

certdata (required) the hexadecimal-encoded binary value

Attachment Block Definition attachment block example This block contains any document that is to be

attached to the SDML electronic document astatus (optional) indicates whether the

attachment is temporary (stripped of when transmitted to third party) or permanent. If omitted, it defaults to temporary.

adata (required) any data may be contained in the Attachment block, between the <adata> and </adata> tags. 

Message Block Definition message block example block contains error messages and return

information that indicates the reason that the attached SDML document was not processed successfully.

retcode  (required) reason why the attached document was returned. 

msgtext (required) a textual message explaining why the document was returned. 

msgdata (optional) any other data that may be associated with the message, e.g., a report or bank statement. 

References

http://www.w3.org/ W3C - SDML http://www.ipier.com e-commerce

online course