security fundamentals for e commerce phần 1 ppt

Today, computer andnetwork practitioners are equally interested in computer security, since theyrequire technologies and solutions that can be used to secure applicationsrelated to elect

TE AM

Team-Fly®

For a complete listing of the Artech House Computing Library,

turn to the back of this book

For quite a long time, computer security was a rather narrow field ofstudy that was populated mainly by theoretical computer scientists, electricalengineers, and applied mathematicians With the proliferation of open sys-tems in general, and the Internet and the World Wide Web (WWW) in par-ticular, this situation has changed fundamentally Today, computer andnetwork practitioners are equally interested in computer security, since theyrequire technologies and solutions that can be used to secure applicationsrelated to electronic commerce (e-commerce) Against this background, thefield of computer security has become very broad and includes many topics

of interest The aim of this series is to publish state-of-the-art, high standardtechnical books on topics related to computer security Further informationabout the series can be found on the WWW by the following URL:

http://www.esecurity.ch/serieseditor.html

Also, if you’d like to contribute to the series and write a book about atopic related to computer security, feel free to contact either the Commis-sioning Editor or the Series Editor at Artech House

Recent Titles in the Artech House

Computer Security Series

Rolf Oppliger, Series EditorInformation Hiding Techniques for Steganography and Digital Watermarking, StefanKatzenbeisser and Fabien A P Petitcolas

Security Fundamentals for E-Commerce, Vesna Hassler

Security Technologies for the World Wide Web, Rolf Oppliger

Vesna Hassler

Pedrick MooreTechnical Editor

Artech House Boston • London www.artechhouse.com

Library of Congress Cataloging-in-Publication Data

Hassler, Vesna.

Security fundamentals for E-commerce / Vesna Hassler; Pedrick Moore, technical editor.

p cm — (Artech House computer security series)

Includes bibliographical references and index.

ISBN 1-58053-108-3 (alk paper)

1 Electronic commerce—Security measures 2 Broadband communication systems.

I Moore, Pedrick II Title III Series.

Security fundamentals for e-commerce — (Artech House computer security series)

1 Business enterprises—Computer networks—Security measures 2 Electronic

commerce—Security measures 3 Broadband communication systems

I Title II Moore, Pedrick

005.8

ISBN 1-58053-406-6

Cover design by Wayne McCaul

© 2001 ARTECH HOUSE, INC.

685 Canton Street

Norwood, MA 02062

All rights reserved Printed and bound in the United States of America No part of this book may be reproduced or utilized in any form or by any means, electronic or mechanical, in- cluding photocopying, recording, or by any information storage and retrieval system, with- out permission in writing from the publisher.

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized Artech House cannot attest to the accuracy of this informa- tion Use of a term in this book should not be regarded as affecting the validity of any trade- mark or service mark.

International Standard Book Number: 1-58053-108-3

Library of Congress Catalog Card Number: 00-064278

10 9 8 7 6 5 4 3 2 1

3.2 Public Key Infrastructure 53

Part 2

To my families, Ristic′and Hassler

Is security an obstacle to e-commerce development? xx

2 Security Mechanisms 11

6.2 Payer Anonymity 88

6.5 Nonrepudiation of Payment Transaction Messages 95

Team-Fly®

8.1 Payment Authorization Transfer 119

10.9 Virtual Private Networks (VPN) 158

11.3.2 Challenge-Handshake Authentication Protocol

12.2.2 Filtering Based on IP Addresses and Port Numbers 188

12.5 Network-Based Intrusion Detection 210

13.5 Simple Authentication and Security Layer (SASL) 232

13.6 Internet Security Association and Key Management

14.5.2 Types of Intruders 249

17 Web Client Security 285

19.3 Micropayment Markup 32419.4 Joint Electronic Payments Initiative (JEPI) 324

20.5 Protecting Platforms From Agents Tampered With

21.3 GSM Security 356

21.6 Mobile Station Application Execution

During the last year there has hardly been an issue of a computer or businessmagazine not flooded with buzzwords like “e-commerce,” “Internet,”

“Web,” or “security.” E-commerce (electronic commerce) is a result of ing the economy to a new medium, namely the computer network For themost part, interconnected networks all over the world use a common set ofprotocols (i.e., TCP/IP), thus making up the Internet The World WideWeb (WWW, or simply the Web), which started as a client-server applica-tion, has turned into a new platform providing virtual information centers,shopping malls, marketplaces, stock markets, and the like Recently, theInternet has started to spread “over the air,” or merge with the mobilecommunication network, thus opening up new vistas for a ubiquitous

mov-“e-conomy.”

What is covered in this book

E-commerce can take place between companies and customers customer), between companies (business-to-business), or between custom-ers/companies and public administration (e-government) A typicale-commerce transaction involves information about goods or services, offers,ordering, delivery, and payment Obviously, since these processes take place

(business-to-in a public and therefore, un-trusted network, there are many security issues

xix

involved, such as verification of the identities of the participants, or tion of data in transfer Security issues in e-commerce applications canmostly be found in many other network applications as well Some securityrequirements are, however, specific to e-commerce and demand specially tai-lored security concepts (e.g., electronic payment) The purpose of this book

protec-is to give an in-depth overview of all the basic security problems and tions that can be relevant for an e-commerce application

solu-Is security an obstacle to e-commerce development?

I do not consider IT (Information Technology) security to be the mainobstacle to widespread use of e-commerce Many people do take that view,however, mainly because of the frequent reports on security incidents1anddenial-of-service attacks.2One “positive” consequence of such attacks is thatcertain governments have now recognized the importance of a common net-work security infrastructure, because vulnerabilities at one place on the net-work can create risks for all.3 Security technologies are, for the most part,sufficiently mature for e-commerce To some extent they are also standard-ized to ensure at least minimal interoperability (e.g., X.509 certificate for-mat), although more work on profiling has to be done to ensure trueinteroperability Basic security technologies are, however, not yet backed byappropriate international legislation For example, there is no internationallegal framework for the acceptance of digital signatures This is unfortunatelynot restricted to security, because other aspects of e-commerce transactions,such as taxation, liability, and ownership, are also not regulated in manycountries Another problem is that some countries control or even prohibitthe use and the export of cryptography Many governments now seem tohave realized that this is an obstacle to economic development The U.S.government, for example, finally relaxed export regulations significantly inJanuary 2000 (e.g., Netscape 4.7 can now be exported with 128-bit encryp-tion keys) Furthermore, IT products with security functionality supportingcritical tasks should be carefully evaluated and certified by trusted third par-ties, as is common for products such as elevators or trains, i.e., for safety-critical systems in general Finally, security is an area requiring constant

supervision and upgrading, in view of the steady increase in computingpower and improvement in crackers’ skills.4

Why I wrote this book

My main motivation for writing this book was to support my lecture on work and e-commerce security at the Technical University of Vienna Thereare many useful works on individual aspects of e-commerce security such ascryptography, network or Web security, or electronic payment systems Nev-ertheless, I wanted a book I could recommend to my students that wouldcover (and update) all topics that I considered relevant It can be said thatthis book is the result of my eight years of experience teaching computer andnetwork security at the graduate level The book is also intended for all ITprofessionals and others with some technical background who are interested

net-in e-commerce security

Some disclaimers

This book does not cover all aspects of e-commerce, nor does it discuss cific e-commerce models and their particular security requirements As itsname says, the book deals with the fundamental security issues that one mustconsider when developing an e-commerce application It does not alwaysprovide a detailed discussion of the security topics mentioned, but gives ref-erences instead Whenever possible, I also provide URLs, but unfortunately Icannot guarantee that they will still be valid at the time of reading In addi-tion, draft documents representing work in progress (e.g., by IETF, W3C,and other standardization bodies) may also be expired or no longer available.Throughout the book I have mentioned certain company or product names:their sole purpose is to provide examples, not to give preference over othercompanies or products

spe-How to read this book

The book has five parts Each part can be read individually, but each buildsupon the previous parts For example, the basic security mechanisms are

4 In technical circles, a “hacker” refers to someone who tries to break into a computer tem purely for the challenge, to prove that it can be done A “cracker,” on the other hand, breaks into a system with malicious intent.

sys-explained in Part 1, so they are not sys-explained again when mentioned where It is not necessary to study all of the math in Part 1 to understandother parts of the book It is sufficient, for example, to read the beginning of

else-a section explelse-aining else-a specific security mechelse-anism to get else-an ideelse-a of themechanism’s purpose Part 2 concentrates on the specific security require-ments of electronic payment systems Part 3 addresses communication secu-rity, i.e., security issues in transferring data over an insecure network Part 4gives an overview of Web-related security issues and solutions Finally, Part 5deals with mobility aspects of both the code (mobile agents) and the cus-tomer (mobile devices and smart cards) from the security point of view

Acknowledgements

I am deeply grateful to all those who supported me, directly and indirectly, inwriting this book Here I mention only some of them Special thanks to RolfOppliger for introducing me to Artech House, encouraging me to write thebook, and supporting my proposal until it was accepted He was a greatreviewer and helped me enormously to improve the quality of the content byhis expert advice and many useful and important references Special thanks toPeddie Moore for her friendship and the great moral support from the verybeginning of the project She not only improved the language and the style ofthe text, but also helped me correct many ambiguous or imperfect explana-tions Thanks to Matthew Quirk for supporting Peddie and reviewing ourwork Many thanks to Viki Williams, Susanna Taggart, and Ruth Young ofArtech for their very professional and kind support Thanks to my colleagues,Oliver Fodor and Herbert Leitold, for helping me find several important refer-ences Many thanks to Prof Mehdi Jazayeri, my department head, and my col-leagues from the Distributed Systems Group for their support andunderstanding Thanks to my students who attended the e-commerce securitylecture for their interesting classroom discussions Finally, very special thanks

to my husband Hannes for his support, love, understanding, the many goodtechnical books he bought for our home library, and excellent cooking duringthe numerous weekends I spent working at home

I hope that you will enjoy reading the book, and that you will learnsomething from it I am grateful for any feedback You can reach me athassler@infosys.tuwien.ac.at

Vesna HasslerVienna, October 2000

Information Security

The Internet is a large and convenient network for transferring data andtherefore seems to provide an ideal infrastructure for electronic commerce.Unfortunately, it is also a public and very insecure infrastructure, so data intransfer used for e-commerce must be protected by some form of informa-tion security Part 1 explains basic information security services and crypto-graphic techniques to implement them

1

Introduction to Security

This chapter presents a brief introduction to information security andexplains the fundamental terms It gives an overview of the basic informationsecurity services and security mechanisms that can be used to support a spe-cific security policy

1.1 Security Threats

Why would someone need a special security functionality? What can happen

if he doesn’t have it? Systems can be exposed to many different types ofthreats or attacks The term system here means a service available in a com-munication network, such as the Internet It may be a logon service offered

by a computer running a specific operating system, or a virtual shopping mall

on a merchant’s Web site The users and providers of such services, includinghuman users, computers (hosts), and computer processes, are known asprincipals

Attacks on a system can be classified as several types:

Eavesdropping—intercepting and reading messages intended for otherprincipals;

Masquerading—sending/receiving messages using another principal’sidentity;

3

Message tampering—intercepting and altering messages intended forother principals;

Replaying—using previously sent messages to gain another principal’sprivileges;

Infiltration—abusing a principal’s authority in order to run hostile ormalicious programs;

Traffic analysis—observing the traffic to/from a principal;

Denial-of-service—preventing authorized principals from accessingvarious resources

1.2 Risk Management

The process of enhancing a system with security functionality always beginswith a thorough analysis of the most probable threats and the system’s vul-nerabilities to them Risk analysis [1] evaluates the relationship between theseriousness of a threat, its frequency of occurrence (probability), and the cost

of implementing a suitable protection mechanism Seriousness can bemeasured by the cost of repairing any damage caused by a successful attack.Table 1.1 shows a simplified analysis of the total cost (1 means lowest totalcost, 9 means highest) that could be caused by a particular attack This meas-ure is sometimes referred to as the risk level, and the whole process is calledrisk management Obviously, if an attack is likely to occur often and is veryserious, it will be expensive to recover from Consequently, it will pay off toimplement suitable protection

Risk analysis should be done in the planning phase, before a specificsecurity solution is implemented However, since most systems that needprotection are quite complex, it is impossible to be completely sure that the

Table 1.1 Risk Levels 1-9 Threat probability