ECT 455E-Commerce Web Site Engineering Electronic Payment Systems Internet Transaction Security ECT 455/HCI 513 Susy Chan Ph.D.
Agenda • Market news • Privacy Issues • Digital payment • Transaction security ECT 455/HCI 513 Susy Chan Ph.D.
Consumer Trust and Privacy • Consumer WebWatch • Only 29% trust Web sites that sell products or services • Sites for commerce: 95% disclosure of all fees; 93% disclosure of the site’s policy on using personal information • News and information sites: 65% disclosure of privacy polices, 59% clear labeling of advertisement • Search engine sites: 60% don’t know about ad sponsorship, 80% want search engines to revel these practices. • 57% read policies about credit cards; 35% privacy policies; 22% “About Us” Consumer WebWatch: “A Matter of Trust: What Users Want From Web Sites” 4/16/02 ECT 455/HCI 513 Susy Chan Ph.D.
Internet and the Right to Privacy • Self-regulated medium: The Internet industry governs itself • Violation of Privacy Right or Better Service? • FTC Study: 97% collected personal information, only 62% informed the users about such practice; 57% contained 3rd party tracking devices • Privacy advocates argue that these efforts violate individuals’ privacy rights • Online marketers and advertisers suggest that online companies can better serve their users by recording the likes and dislikes of online consumers • Financial Services Modernization Act of 1999 • Establishes a set of regulations concerning the management of consumer information ECT 455/HCI 513 Susy Chan Ph.D.
Network Advertising Initiative (NAI) • Approved by the FTC in July 1999 to support self regulation • NAI currently represents 90 percent of Web advertisers • Determines the proper protocols for managing a Web user’s personal information on the Internet • Prohibits the collection of consumer data from medical and financial sites • Allows the combination of Web-collected data and personal information ECT 455/HCI 513 Susy Chan Ph.D.
DoubleClick: Marketing with Personal Information • Regulation of the Internet could limit a company’s efforts to buy and sell advertising • DoubleClick • Advertising network of over 1,500 sites and 11,000 clients • Abacus Direct Corp • Names, addresses, telephone numbers, age, gender, income levels and a history of purchases at retail, catalog and online stores • Digital redlining • Skewing of an individual’s knowledge of available products by basing the advertisements the user sees on past behavior ECT 455/HCI 513 Susy Chan Ph.D.
Electronic Payment Systems • Efficient and effective payment services accepted by consumers and businesses are essential to e-commerce. • Requirements: • Convenient for web purchasing • Transportable over the network • Strong enough to thwart electronic interference • Cost-effective for extremely low-value transactions ECT 455/HCI 513 Susy Chan Ph.D.
Electronic Payment Systems • Banking and Financial Payments • Bank-to-bank transfer (EFT) • Home Banking -- CitiBank, Wells Fargo • Payment through an Intermediary • Open Market * • First Virtual (FirstVirtual Pin) * * Both refer to their earlier business models ECT 455/HCI 513 Susy Chan Ph.D.
Electronic Payment Systems • Electronic Currency Payment Systems • Electronic Cash -- Internetcash.com • Electronic Checks -- NetCheque • e-Wallets • Smart Cards • American Express (blue smart card) • Visa • Micropayments • Echarge, (echarge.com) • paystone.com ECT 455/HCI 513 Susy Chan Ph.D.
More • Retailing Payment Systems • Credit Cards -- Visa or MasterCard • Private Label Credit/Debit Cards • Charge Cards -- American Express; echarge • Peer-to-peer payments (between consumers) • PayPal (billpoint) ECT 455/HCI 513 Susy Chan Ph.D.
Credit-Card Transactions • Popular form of payment for online purchases • Resistance due to security concerns • Many cards offer capabilities for online and offline purchases • Mastercard • American Express Blue ECT 455/HCI 513 Susy Chan Ph.D.
Credit-Card Transaction Enablers • Credit-Card Transaction Enablers • Companies that have established business relationships with financial institutions that will accept online credit-card payments for merchant clients • Trintech • Cybercash (Verisign) ECT 455/HCI 513 Susy Chan Ph.D.
E-Wallets • E-wallets • Keep track of your billing and shipping information so that it can be entered with one click at participating sites • Store e-checks, e-cash and credit-card information • Credit-card companies offer a variety of e-wallets • Visa e-wallets • MBNA e-wallet allows one-click shopping at member sites • A group of e-wallet vendors have standardized technology with Electronic Commerce Modeling Language (ECML) • Yahoo Wallet (wallet.yahoo.com) ECT 455/HCI 513 Susy Chan Ph.D.
Digital Currency • Digital cash • Stored electronically, used to make online electronic payments • Similar to traditional bank accounts • Used with other payment technologies (digital wallets) • Alleviates some security fears online credit-card transactions • Allows those with no credit cards to shop online • Merchants accepting digital-cash payments avoid credit-card transaction fees ECT 455/HCI 513 Susy Chan Ph.D.
Smart Cards • Smart card • Card with computer chip embedded on its face, holds more information than ordinary credit card with magnetic strip • Contact smart cards • To read information on smart cards and update information, contact smart cards need to be placed in a smart card reader • Contactless smart cards • Have both a coiled antenna and a computer chip inside, enabling the cards to transmit information • Can require the user to have a password, giving the smart card a security advantage over credit cards • Information can be designated as "read only" or as "no access" • Possibility of personal identity theft ECT 455/HCI 513 Susy Chan Ph.D.
Security Considerations:E-commerce v.s. Paper-based Commerce • Security attributes of signed paper document • Semi-permanence of ink embedded in paper fibers • Particular printing process • such as letterhead • Watermarks • Biometrics of signature • Time stamp • Obviousness of modifications, interlineations, and deletions ECT 455/HCI 513 Susy Chan Ph.D.
Security Considerations:E-commerce v.s. Paper-based Commerce • Computer-based document do not have such security attributes • Computer-based records can be modified freely and without detection • Certain supplemental control mechanisms must be applied to achieve a level of trustworthiness comparable to that on paper • Paper-based and computer-based documents may not perform equal or exactly analogous function in business and law • Ex. negotiable document of title ECT 455/HCI 513 Susy Chan Ph.D.
Security Issues in E-Commerce • User Authentication, User Authorization and Network Security • Password protection, encrypted data transmission • Firewalls • Data & Transaction Security • Encryption: Private Key vs. Public Key • Privacy • Payment Systems ECT 455/HCI 513 Susy Chan Ph.D.
Introduction to Secure Ecommerce • What is Security? • What are we securing in ecommerce? • Security is heterogeneous concept in general. • All security, including e-commerce, deals with these 2 KEY concepts: • Risk • Trust • Business risk management • Risk analysis • Risk mitigation • Risk transfer ECT 455/HCI 513 Susy Chan Ph.D.
Security Risks to E-commerce • 2004 CSI/FBI Computer Crime and Security Survey • Direct financial loss resulting from fraud • Payment account abuse • Transfer funds without authorization • Destroy or hide financial records • Customer impersonation • Exposure of confidential information • False or malicious websites • Customer Data Exposures • Ex. H&R block erroneously import customers' data into others' tax returns (February 2000) • Data theft ECT 455/HCI 513 Susy Chan Ph.D.
Security Risks to E-commerce • Damage to relations with customer or business partners • An organization that suffers a security-related attack or failure may not publicize it • Unforeseen cost • Legal, public relations, or business resumption cost • Recovering from a security compromise • Public relations damage • Masquerading • Manipulation of web content • Malicious rumor • Uptake failure due to lack of confidence Security is an essential ingredient of any e-commerce solution ECT 455/HCI 513 Susy Chan Ph.D.
Internet security • Consumers entering highly confidential information • Number of security attacks increasing • Four requirements of a secure transaction • Privacy– information not read by third party • Integrity– information not compromised or altered • Authentication– sender and receiver prove identities • Non-repudiation– legally prove message was sent and received • Availability • Computer systems continually accessible ECT 455/HCI 513 Susy Chan Ph.D.
Info source Info destination Security Attacks • Any actions that compromises the security of information systems • Normal flow • Interruption: attack on availability Info source Info destination ECT 455/HCI 513 Susy Chan Ph.D.
Security Attacks (continued) Info source Info destination Interception: Attack on confidentiality Modification: Attack on Integrity Info source Info destination Fabrication: Attack on authenticity Info source Info destination ECT 455/HCI 513 Susy Chan Ph.D.
Passive and Active Attacks • Passive attacks: eavesdropping on, or monitoring of, information transmission • Release of message contents • Traffic analysis • Active Attacks: modification or creation of false information • Masquerade: one entity pretends to be a different entity • Ex. Session Hijacking: taking over an existing active session. It can bypass the authentication process and gain access to a machine ECT 455/HCI 513 Susy Chan Ph.D.
Passive and Active Attacks (continued) • Replay: passive capture of a data, retransmission to produce an unauthorized effect • Modification of message: some portion of a legitimate message is altered, or that message are delayed or reordered, to produce an unauthorized effect • Denial of service (DoS): prevents or inhibits the normal use or management of communication facilities • SYN flooding • Winnuke (Perl code of Winnuke) • Unfortunately, there are NO security mechanisms to counter DoS ECT 455/HCI 513 Susy Chan Ph.D.
Key Solutions to Secure Ecommerce Issues • Firewalls • Encryption • Digital signatures and certificates • Payment Systems ECT 455/HCI 513 Susy Chan Ph.D.
Model for Ecommerce Network Security ECT 455/HCI 513 Susy Chan Ph.D.
Firewalls • A filter between a corporate network and the Internet that keeps the corporate network secure from intruders, but allows authenticated corporate users uninhibited access to the Internet • An access policy, more than hardware and software ECT 455/HCI 513 Susy Chan Ph.D.
Types and Functions of Firewalls • Proxy Application Gateways • An application gateway (proxy service), caching documents (Dual-homed vs. Screened-host gateway) • Simple Traffic Logging Systems • Predominant methods; record traffic flows • IP Packet Screening Routers • Filtering or blocking info packets based on screening rules ECT 455/HCI 513 Susy Chan Ph.D.
Dual Home Gateway: Bastion Host Gateway Bastion Gateway Internet Local Network Proxies: Ftp, Http,… ECT 455/HCI 513 Susy Chan Ph.D.
Screen-host Gateway: Screened subnet gateway Bastion Gateway Web server Internet Local Network Router Router Ftp server Proxies: Ftp, Http,… ECT 455/HCI 513 Susy Chan Ph.D.
Private Key Cryptography • Secret-key cryptography • Same key to encrypt and decrypt message • Sender sends message and key to receiver • Problems with secret-key cryptography • Key must be transmitted to receiver • Different key for every receiver • Key distribution centers used to reduce these problems • Generates session key and sends it to sender and receiver encrypted with the unique key • Encryption algorithms • Dunn Encryption Standard (DES), Triple DES, Advanced Encryption Standard (AES) ECT 455/HCI 513 Susy Chan Ph.D.
Private (Secret)-key Cryptography • Encrypting and decrypting a message using a symmetric key ECT 455/HCI 513 Susy Chan Ph.D.
Public Key Cryptography • Public key cryptography • Asymmetric– two inversely related keys • Private key • Public key • If public key encrypts only private can decrypt and vice versa • Each party has both a public and a private key • Either the public key or the private key can be used to encrypt a message • Encrypted with public key and private key • Proves identity while maintaining security • RSA public key algorithm www.rsasecurity.com ECT 455/HCI 513 Susy Chan Ph.D.
Public Key Encryption and Decryption ECT 455/HCI 513 Susy Chan Ph.D.
Secret-Key Encryption (single key) Symmetric encryption, DES Use a shared secret key for encryption and decryption Key distribution & disclosure fast, for bulk data encryption Public-Key Encryption (Pair of keys) Asymmetric encryption, RSA (Rivest, Shamin, Adlemann) Private/Public keys Need digital certificates and trusted 3rd parties Slower For less demanding applications Encryption & Transaction SecuritySecret vs. Public Key Encryption ECT 455/HCI 513 Susy Chan Ph.D.
The Digital Envelope: “The Best of Both Worlds”: Public Key Encryption Public Key of Recipient Private Key of Recipient Session Key Session Key Digital Envelope Session Key Session Key Private Key Encryption Original Text Cipher Text Original Text Recipient Sender ECT 455/HCI 513 Susy Chan Ph.D.
Digital Signatures • Digital signature • Authenticates sender’s identity • Run plaintext through hash function • Gives message a mathematical value called hash value • Hash value also known as message digest • Collision • Occurs when multiple messages have same hash value • Encrypt message digest with private-key • Send signature, encrypted message (with public-key) and hash function • Timestamping • Binds a time and date to message, solves non-repudiation • Third party, time-stamping agency, timestamps messages ECT 455/HCI 513 Susy Chan Ph.D.
Using a digital signature to validate data integrity ECT 455/HCI 513 Susy Chan Ph.D.
Digital Certificate • A certificate is an electronic document used to identify an individual, a server, a company, or some other entity and to associate that identity with a public key. • Public-key cryptography uses certificates to address the problem of impersonation • Certificate authorities (CAs) are entities that validate identities and issue certificates. They can be either independent third parties or organizations running their own certificate-issuing server software ECT 455/HCI 513 Susy Chan Ph.D.
What is a Certificate Authority? • Trusted third party • Issues and manages certificates • Specific trust domains • Describes relationships between parties • Predefines policies and expectations • Certificates validate memberships in domain • Subscribers agree/depend on practices • Acts as a arbiter of trust in a digital relationship ECT 455/HCI 513 Susy Chan Ph.D.
Digital Certificate • A digital certificate includes: • the public key • the name of the entity it identifies • an expiration date • the name of the CA that issued the certificate • a serial number, and other information. Most importantly, a certificate always includes the digital signature of the issuing CA. • The CA's digital signature allows the certificate to function as a "letter of introduction" for users who know and trust the CA but don't know the entity identified by the certificate. ECT 455/HCI 513 Susy Chan Ph.D.
What is a Digital Certificate? • Cryptographically encoded binary file • Binds public key to individual • Notarized by trusted third party • Used to verify digital signature of owner • Used to safely encrypt messages for owner “Digital ID” ECT 455/HCI 513 Susy Chan Ph.D.
An Illustrative Certificate Name: “Richard” Key-Exchange Key: Signature Key: Serial #: 34569044 Other Data: 469222-002 Expires: 6/19/02 Signed: CA’s signature ECT 455/HCI 513 Susy Chan Ph.D.
Role of Digital Certificates ECT 455/HCI 513 Susy Chan Ph.D.
Digital Certificate Process Description • CA (Certificate Authority) • Creates certificate with applicant’s public key • Uses its private key to encrypt the certificate • Sends signed certificate to applicant Wants to send message and asks for signed certificate. Sends certificate to sender. Sender Recipient (applicant) • Sender • Uses public key of CA to decrypt certificate (this ensures the sender • the true identity of the recipient) • After decrypting the CA certificate, the sender uses the embedded • public key of recipient to encrypt message ECT 455/HCI 513 Susy Chan Ph.D.
Public Key Infrastructure, Certificates and Certification Authorities Public Key Infrastructure (PKI) Integrates public key cryptography with digital certificates and certification authorities Digital certificate Digital document issued by certification authority Includes name of subject, subject’s public key, serial number, expiration date and signature of trusted third party Verisign (www.verisign.com) Leading certificate authority Periodically changing key pairs helps security ECT 455/HCI 513 Susy Chan Ph.D.