Secure payment systems

OUTLINE Why is security such an issue? Physical security IT Security Basics – Firewalls Public Key Cryptography SSL – Secure Socket Layer SET – Secure Electronic Transactions

WHY IS SECURITY AN ISSUE? The Internet lets you travel outside of your network and others travel in – Those travelers are not all friendly! Critical and private information can be snooped — sniffed Information can be deleted or destroyed The Internet provides an opportunity for anonymous and rapid theft of lots of money

AGENDA Electronic Commerce Underlying Technologies Cryptography Network Security Protocols Electronic Payment Systems Credit card-based methods Electronic Cheques Anonymous payment Micropayments SmartCards

E-COMMERCE PROBLEMS Snooper Unreliable Merchant Unknown customer

E-COMMERCE RISKS Customer's risks Stolen credentials or password Dishonest merchant Disputes over transaction Inappropriate use of transaction details Merchant’s risk Forged or copied instruments Disputed charges Insufficient funds in customer’s account Unauthorized redistribution of purchased items Main issue: Secure payment scheme

WHY IS THE INTERNET INSECURE? Host security Client Server (multi-user) Transmission security Passive sniffing Active spoofing and masquerading Denial of service Active content Java, Javascript, ActiveX, DCOM A B C Eavesdropping Denial of service A B C Interception A B C Replay/fabrication A B C S S S C C

FIVE MAJOR REQUIREMENTS OF A SECURE TRANSACTION Privacy – how to ensure information has not been captured by a third party Integrity – how to ensure the information has not been altered in transit Authentication – how to ensure the identity of the sender and receiver Authorization – how to ensure a user has the authority to access / update information Non-repudiation – how do you legally prove that a message was sent or received

E-COMMERCE SECURITY Authorization, Access Control: protect intranet from hordes: Firewalls Confidentiality, Data Integrity: protect contents against snoopers: Encryption Authentication: both parties prove identity before starting transaction: Digital certificates Non-repudiation: proof that the document originated by you & you only: Digital signature

WHAT IS ENCRYPTION? A way to transform a message so that only the sender and recipient can read, see, or understand it Plaintext (cleartext): the message that is being protected Encrypt (encipher): transform a plaintext into ciphertext Encryption: a mathematical procedure that scrambles data so that it is extremely difficult for anyone other than authorized recipients to recover the original message Key: a series of electronic signals stored on a PC’s hard disk or transmitted as blips of data over transmission lines

PUBLIC-KEY INFRASTRUCTURE (PKI) Creates the ability to authenticate users, maintain privacy, ensure data integrity, and process transactions without the risk of repudiation PKI satisfies four security needs Authentication - identifies or verifies that the senders of messages are, in fact, who they claim to be Integrity - verifies that neither the purchase amount not the goods bought are changed or lost during transmission Nonrepudiation - prevents sender and vendor in a transaction of communication activity from later falsely denying that the transaction occurred Privacy - shields communications from unauthorized viewing or access

BASIC ENCRYPTION ALGORITHM Both sender and receiver have to know the rules used to transform the original message or transaction into its coded form A set of rules for encoding and decoding messages is called a cipher (or cyper) A message can be decrypted only if the decryption key matches the encryption key A 6-bit key allows for only 64 possible numeric combinations(2 6 ) The standard 56-bit DES encryption code can be cracked on a high-speed computer in a few hours 100 bit key has 2 100 possible keys

CLASSES OF ALGORITHMS Secret-key (symmetric) encryption : encryption system in which sender and receiver possess the same key; the key used to encrypt a message also can be used to decrypt it Stream cipher : a symmetric algorithm that encrypts a single bit of plaintext at a time Block cipher : a symmetric algorithm that encrypts a number of bits as a single unit Public-key (asymmetric) encryption : encoding/decoding using two mathematically related keys or key-pairs; one public key and one private key Key-pairs can be used in two ways: To provide message confidentiality To prove the authenticity of the message originator

MESSAGE CONFIDENTIALITY USING A KEY-PAIR

AUTHENTICATION AND TRUST Digital Signature is a special signature for signing electronic correspondence, produced by encrypting the message digest with the sender’s private key Authentication is verifying that a message or document, in fact, comes from the claimed sender Hash function is a formula that converts a message of a given length into a string of digits called a message digest Cryptographic hash functions are generally used to construct the message digest

DIGITAL CERTIFICATES Digital certificates are the heart of secure online transactions A digital certificate is a software program that can be installed in a browser Your digital certificate identifies you to Web sites equipped to check it automatically Digital certificate is an electronic document issued by a certificate authority to establish a merchant’s identity Certificate authority (CA) is a trusted entity that issues and revokes public-key certificates and manages key-pairs

FOUR CLASSES OF DIGITAL CERTIFICATES Class 1 certificates contain minimum checks on the user’s background Class 2 certificates check for information like real name, Social Security number, and the date of birth Class 3 certificates are the strongest type Class 4 certificates are the most thorough

ENCRYPTION (SHARED KEY) - Sender and receiver agree on a key K - No one else knows K - K is used to derive encryption key EK & decryption key DK - Sender computes and sends EK (Message) - Receiver computes DK ( EK (Message)) - Example: DES: Data Encryption Standard m : message k : shared key

PUBLIC KEY ENCRYPTION Separate public key pk and private key sk Private key is kept secret by receiver Dsk ( Epk (mesg)) = mesg and vice versa Knowing Ke gives no clue about Kd m : message sk : private secret key pk : public key

DIGITAL SIGNATURE Sign: sign(sk,m) = Dsk (m) Verify: Epk (sign(sk,m)) = m Sign on small hash function to reduce cost

SIGNED AND SECRET MESSAGES sign(sk1, m) Encrypt(pk2) m Decrypt(sk2) Verify-sign Encrypt(pk1) Epk2 ( Dsk1 (m)) pk1 pk2 First sign, then encrypt: order is important.

DIGITAL CERTIFICATES Register public key Download public key How to establish authenticity of public key?

SECURITY AND HTTPS Certificate is an entity’s public key plus other identification (name, CA signature) SSL – Secure Socket Layer Lies between TCP/IP and HTTP and performs encryption HTTPS is the HTTP protocol that employs SSL – it uses a separate server port (default = 443)

SECURITY THROUGH HTTPS Browser Database Server Client 1 Server A URL HTTP TCP/IP HTTP Server App. Server index.html Bank Server Dedicated prog.jsp HTTPS port = 80 port = 443

S-HTTP: SECURE HTTP Application level security (HTTP specific) "Content-Privacy-Domain" header: Allows use of digital signatures &/ encryption Various encryption options Server-Browser negotiate Property: cryptographic scheme to be used Value: specific algorithm to be used Direction: One way/Two way security

SSL: SECURE SOCKET LAYER Application protocol independent Provides connection security as: Connection is private: Encryption is used after an initial handshake to define secret (symmetric) key Peer's identity can be authenticated using public (asymmetric) key Connection is reliable: Message transport includes a message integrity check (hash) SSL Handshake protocol: Allows server and client to authenticate each other and negotiate a encryption key

SSL – SECURE SOCKET LAYER Client makes HTTPS connection to server Server sends back SSL version and certificate Client checks if certificate from CA Client creates session “premaster secret”, encrypts it and sends it to server and creates “master secret” Server uses its private key to decrypt “premaster secret” and create the same “master secret” The master secret is used by both to create session keys for encryption and decryption

SSL HANDSHAKE PROTOCOL 1. Client "Hello": challenge data, cipher specs 2. Server "Hello": connection ID, public key certificate, cipher specs 3. Client "session-key": encrypted with server's public key 4. Client "finish": connection ID signed with client's private key 5. Server "verify": client's challenge data signed with server's private key 6. Server "finish": session ID signed with server's private key Session IDs and encryption options cached to avoid renegotiation for reconnection

MAJOR ARCHITECTURAL COMPONENTS OF THE WEB Internet Browser Database Server Client 1 Server A Server B Bank Server URL HTTP TCP/IP Browser Client 2 HTTP Server App. Server index.html Bank Server prog.jsp

REQUIREMENTS FOR INTERNET-BASED PAYMENTS Electronic payments are financial transactions made without the use of paper documents such as cash or checks Internet-based Payment Systems Models Electronic currency is the network equivalent of cash Credit and debit cards are the electronic equivalent of checks Properties important to an electronic payment system: Acceptability Ease of integration Customer base Ease of use and ease of access

PAYMENT SYSTEM TYPES Electronic Cheques - NetCheque Anonymous payments - Digicash - CAFE Micropayments Credit card-based methods Credit card over SSL - First Virtual -SET SmartCards

ELECTRONIC CHEQUES Leverages the check payments system, a core competency of the banking industry. Fits within current business practices Works like a paper check does but in pure electronic form, with fewer manual steps. Can be used by all bank customers who have checking accounts Different from Electronic fund transfers

HOW DOES ECHECK WORK? Exactly same way as paper Check writer "writes" the echeck using one of many types of electronic devices ” Gives" the echeck to the payee electronically. Payee "deposits" echeck, receives credit, Payee's bank "clears" the echeck to the paying bank. Paying bank validates the echeck and "charges" the check writer's account for the check.

ANONYMOUS PAYMENTS 1. Withdraw money: cyrpographically encoded tokens 2. Transform so merchant can check validity but identity hidden 3. Send token after adding merchant’s identity 4. Check validity and send goods 5. Deposit token at bank. If double spent reveal identity and notify police customer merchant

PROBLEMS WITH THE PROTOCOL Not money atomic: if crash after 3, money lost if money actually sent to merchant: returning to bank will alert police if money not sent: not sending will lead to loss High cost of cryptographic transformations: not suitable for micropayments Examples: Digicash

MICROPAYMENTS ON HYPERLINKS HTML extended to have pricing details with each link: displayed when user around the link On clicking, browser talks to E-Wallet that initiates payment to webserver of the source site Payment for content providers Attempt to reduce overhead per transaction

MICROPAYMENTS: NETBILL Customer & merchant have account with NetBill server Protocol: Customer request quote from merchant, gets quote and accepts Merchant sends goods encrypted by key K Customer prepares & signs Electronic Purchase Order having <price, crypto-checksum of goods> Merchant countersigns EPO, signs K and sends both to NetBill server NetBill verifies signatures and transfers funds, stores K and crypto-checksum and NetBill sends receipt to merchant and K to customer

PAYING WITH CREDIT CARDS A merchant must accept credit cards You must first open a merchant account with your bank Charges the merchant pays for online transactions are equivalent to the charges for phoning in the transaction The Web merchant needs some form of secure and encrypted line, usually (SSL) The merchant needs a shopping cart program that allows users to collect their purchases

ENCRYPTED CREDIT CARD PAYMENT Set secure communication channel between buyer and seller Send credit card number to merchant encrypted using merchant’s public key Problems: merchant fraud, no customer signature Ensures money but no goods atomicity Not suitable for microtransactions

FIRST VIRTUAL Customer assigned virtual PIN by phone Customer uses PIN to make purchases Merchant contacts First virtual First virtual send email to customer If customer confirms, payment made to merchant Not goods atomic since customer can refuse to pay Not suitable for small transactions Flood customer’s mailbox, delay merchant

CYBERCASH Customer opens account with cybercash, gives credit card number and gets a PIN Special software on customer side sends PIN, signature, transaction amount to merchant Merchant forwards to cybercash server that completes credit card transaction Pros: credit card # not shown to server, fast Cons: not for microtransactions

SECURE INTERNET CREDIT CARD PAYMENT

SECURE ELECTRONIC TRANSACTION (SET) PROTOCOL Jointly designed by MasterCard and Visa with backing of Microsoft, Netscape, IBM, GTE, SAIC, and others Designed to provide security for card payments as they travel on the Internet Contrasted with Secure Socket Layers (SSL) protocol, SET validates consumers and merchants in addition to providing secure transmission SET specification Uses public key cryptography and digital certificates for validating both consumers and merchants Provides privacy, data integrity, user and merchant authentication, and consumer nonrepudiation

SET PROTOCOL Extremely secure Fraud reduced since all parties are authenticated Requires all parties to have certificates So far has received lukewarm reception 80 percent of SET activities are in Europe and Asian countries Problems with SET Not easy to implement Not as inexpensive as expected Expensive to integrated with legacy applications Not tried and tested, and often not needed Scalability is still in question

THE SET PROTOCOL The SET protocol coordinates the activities of the customer, merchant, merchant’s bank, and card issuer. [Source: Stein]

SET USES A HIERARCHY OF TRUST All parties hold certificates signed directly or indirectly by a certifying authority. [Source: Stein]

SET PAYMENT TRANSACTIONS SET-protected payments work like this: Consumer makes purchase by sending encrypted financial information along with digital certificate Merchant’s website transfers the information to a payment card processing center while a Certification Authority certifies digital certificate belongs to sender Payment card-processing center routes transaction to credit card issuer for approval Merchant receives approval and credit card is charged Merchant ships merchandise and adds transaction amount for deposit into merchant’s account

CLASSICAL FLOW OF A SET TRANSACTION

SMART CARDS Uses for Smart Cards Provides users with the ability to make a purchase Holds cash, ID information, and a key to a house or an office Three categories of applications Authenticate an individual’s claim of personal identification Authorization for things like drug prescription fulfillment and voting purposes Transaction processing Provides encryption and decryption of messages to ensure security, integrity, and confidentiality Acts as a carrier of value

SMART CARD APPLICATIONS Government Identification Health care Loyalty Telecommunications Transportation Financial

SMART CARDS Magnetic stripe 140 bytes, cost $0.20-0.75 Memory cards 1-4 KB memory, no processor, cost $1.00-2.50 Optical memory cards 4 megabytes read-only (CD-like), cost $7.00-12.00 Microprocessor cards Embedded microprocessor (OLD) 8-bit processor, 16 KB ROM, 512 bytes RAM Equivalent power to IBM XT PC, cost $7.00-15.00 32-bit processors now available

SMART CARDS Plastic card containing an embedded microchip Available for over 10 years So far not successful in U.S., but popular in Europe, Australia, and Japan Unsuccessful in U.S. partly because few card readers available Smart cards gradually reappearing in U.S.; success depends on: Critical mass of smart cards that support applications Compatibility between smart cards, card-reader devices, and applications

SMART CARD APPLICATIONS Ticketless travel Seoul bus system: 4M cards, 1B transactions since 1996 Planned the SF Bay Area system Authentication, ID Medical records Ecash Store loyalty programs Personal profiles Government Licenses Mall parking . . .

ADVANTAGES AND DISADVANTAGES OF SMART CARDS Advantages: Atomic, debt-free transactions Feasible for very small transactions (information commerce) (Potentially) anonymous Security of physical storage (Potentially) currency-neutral Disadvantages: Low maximum transaction limit (not suitable for B2B or most B2C) High Infrastructure costs (not suitable for C2C) Single physical point of failure (the card) Not (yet) widely used

MONDEX SMART CARD Holds and dispenses electronic cash (Smart-card based, stored-value card) Developed by MasterCard International Requires specific card reader, called Mondex terminal, for merchant or customer to use card over Internet Supports micropayments as small as 3c and works both online and off-line at stores or over the telephone Secret chip-to-chip transfer protocol Value is not in strings alone; must be on Mondex card Loaded through ATM ATM does not know transfer protocol; connects with secure device at bank

MONDEX TRANSACTION Here's what happens "behind the scenes" during a Mondex transaction between a consumer and merchant. Placing the card in a Mondex terminal starts the transaction process: Information from the customer's chip is validated by the merchant's chip. Similarly, the merchant's card is validated by the customer's card. The merchant's card requests payment and transmits a "digital signature" with the request. Both cards check the authenticity of each other's message. The customer's card checks the digital signature and, if satisfied, sends acknowledgement, again with a digital signature. Only after the purchase amount has been deducted from the customer's card is the value added to the merchant's card. The digital signature from this card is checked by the customer's card and if confirmed, the transaction is complete.

MONDEX SMART CARD Disadvantages Card carries real cash in electronic form, creating the possibility of theft No deferred payment as with credit cards -cash is dispensed immediately Security Active and dormant security software Security methods constantly changing ITSEC E6 level (military) VTP (Value Transfer Protocol) Globally unique card numbers Globally unique transaction numbers Challenge-response user identification Digital signatures MULTOS operating system firewalls on the chip

DIGICASH, E-CASH AND E-WALLET Digital cash leaves no audit trail From a regulatory point of view, digital cash is not any different from any other kind of electronic financial payment medium PayPal.com combines e-mail and the credit card network to send real cash E-wallet is an electronic payment system that operates like a carrier of e-cash and information in the same way a real-world wallet functions Amazon.com’s 1-Click system, http://www.Amazon.com

Creating a new global standard for online payments 10/07/04

HOW PAYPAL WORKS Senders Visa/MC, Amex, Discover Bank Account Debit Card (e.g., Switch-Solo in UK) Stored Value Account Bank Account PayPal Debit MasterCard Paper Check Another PayPal account Stored Value Account Receivers eCheck

WHY PAYPAL WORKS FOR BUYERS Free to use Pay anyone with a credit card or bank account: “online wallet” Fast, secure payment – 1 week -> 1 minute Stores financial information securely to maintains user privacy Works cross-border eCommerce P2P/remittances Importance PP competitiveness Cost Convenience Rewards/loyalty points Security Network

WHY PAYPAL WORKS FOR SELLERS Enables credit card acceptance Faster payment = faster inventory turn Easy to sign up No setup, monthly or gateway fees Competitive price with no minimum time commitment Fraud protection – 25 bp vs. 110 bp

COMPLEMENTARY MISSIONS The world’s online marketplace The world’s online payments standard Powering Online Commerce

SYMBIOTIC RELATIONSHIP WITH EBAY Increases velocity of trade Enhances trust & safety Enables innovation Provides the aggregation point for small business Drives critical mass of buyers & sellers Solved counter-party problem

CHAPTER SUMMARY Electronic currency, credit cards, debit cards, and smart cards are the four main models for Internet-based payment systems Payment systems via the Internet include CyberCash and First Virtual Secure Electronic Transactions (SET) is a standard for handling transactions on the Internet There are three types of electronic payment media Trusted third party Notational fund transfer-related type Digital cash or electronic money

CHAPTER SUMMARY ( CONT’D ) A smart card is a card with a built-in chip capable of storing information in its memory One alternative method of payment is digital cash EFT is a computer-based system that facilitates the electronic transfer of money or the processing of financial transactions between financial institutions Cryptography is the future of privacy and represents the future of money, banking, and finance

Secure payment systems

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Secure payment systems (20)

Recently uploaded (20)

Secure payment systems

Editor's Notes