SlideShare a Scribd company logo

A proof of concept implementation of a secure e-commerce authentication scheme

Andreas Ruppen
Andreas Ruppen

Presentation of the paper "A PROOF OF CONCEPT IMPLEMENTATION OF A SECURE E-COMMERCE AUTHENTICATION SCHEME" at ISSA, Johannesburg in 2009

Internet
1 of 8
Download to read offline
A proof of concept implementation of a secure e-commerce authentication scheme C. Latze1, A. Ruppen1, U. Ultes-Nitsche1 1University of Fribourg Faculty of Science Departement of Informatics TNS ISSA Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 1 / 17 Structure 1 Introduction 2 Stronger authentication TPM based solutions Mobile Cell Phone based solutions 3 Conclusion Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 2 / 17
Introduction Inroduction Motivation E-commerce application are gaining popularity. Users are not aware of the security risks. Protecting the users from attacks like phishing, pharming or man-in-the-middle is of main importance in online business. However The solution should be simple for the user. The solution should really increase the security. The solution should have a low cost : for the customer and also for the e-commerce provider Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 4 / 17 Introduction Making e-commerce applications more secure What can be considered as secure ? The root of trust Software is not really trustworthy ? So where can we define the ”Root of Trust” ? The only remaining solution is hardware. This can either be some hardware bound to the computer or some hardware bound to the e-commerce application. Computer bound hardware might be the Trusted Platform Module (TPM). Application bound hardware might be a mobile cell phone. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 5 / 17
Introduction Implied hardware Trusted Platform Module (TPM) A TPM is a small trusted chip, build into most of the computers build today. It has been specified by the Trusted Computing Group (TCG). It provides secure storage for keys and hashes and some basic cryptographic functions. It is the root of trust. Mobile phone Enhanced SIM cards like those from SanDisk. Multimedia cards from Gemalto. One-Time-Passwords (OTP) sent by SMS. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 6 / 17 Stronger authentication Architecture PHP C MySQL Gammu C TPM Mobile Phone BrowserClient Server Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 8 / 17
Stronger authentication TPM based solutions Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 9 / 17 Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. 2009-07-06 secure e-commerce authentication Stronger authentication TPM based solutions Solutions • Successor of the Trusted Computing Platform Alliance. • Founded in 2007. • Counts actually 170 members around the world. • Has developed multiple specifications in the trusted computing domain, including specifications for – servers, – storage, – clients and – mobile devices. • The most known specification is the TPM specification. • The TPM is a small chip which guaranties protecting a users secrets (aka private keys). • Each TPM has a unique endorsement key. • The chip is very cheap.
Stronger authentication TPM based solutions Authentication using a TPM 3-way handshake protocol Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 10 / 17 Stronger authentication Mobile Cell Phone based solutions Solutions Authentication using a Trustable Mobile Device Cell phone based solutions The cell phone is the root of trust. One of the solution uses a mutual transaction confirmation over SMS. The other solution is based on a one-time-password received by SMS. Both solutions give the user a second independant channel making the authentiation/confirmation strong. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 11 / 17
Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device Mutual Transaction Confirmation Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 12 / 17 Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device SMS One-Time-Password (OTP) Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 13 / 17
Conclusion Evalution Performance of the system The system is only as good as its perfomance. The mean authentication time using the TPM solution is 4.5 seconds. The mean authentication time for mutual transaction confirmation is 27.1 seconds. The mean authentication time for One-time-passwords over SMS is 19.5 seconds. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 15 / 17 Conclusion Evaluation Security All three protocols behaves well and are secure. The security of the TPM mutual authentication was proven using the AVISPA framework. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 16 / 17
Conclusion Conclusion The presented protocols are usable in practice. The implementation can be done transparent to the user. The protocol introduces a new degree of complexity. The level of security needed depends on the nature of the application. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 17 / 17

Recommended

A Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of ThingsA Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of ThingsAndreas Ruppen
 
Presentation evrythng
Presentation evrythngPresentation evrythng
Presentation evrythngAndreas Ruppen
 
A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...Andreas Ruppen
 
Thesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of ThingsThesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of ThingsAndreas Ruppen
 
A component based architecture for the Web of Things
A component based architecture for the Web of ThingsA component based architecture for the Web of Things
A component based architecture for the Web of ThingsAndreas Ruppen
 
Enabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middlewareEnabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middlewareOlivier Liechti
 
Introduction in Landscape architecture
Introduction in Landscape architectureIntroduction in Landscape architecture
Introduction in Landscape architecturemsourgiad
 
Customer Story: University of Munster
Customer Story: University of MunsterCustomer Story: University of Munster
Customer Story: University of MunsterKim Cook
 

Recommended

A Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of ThingsA Model-Driven, Component Generation Approach for the Web of Things
A Model-Driven, Component Generation Approach for the Web of ThingsAndreas Ruppen
 
Presentation evrythng
Presentation evrythngPresentation evrythng
Presentation evrythngAndreas Ruppen
 
A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...Andreas Ruppen
 
Thesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of ThingsThesis Defence: A Model Driven Architecture for the Web of Things
Thesis Defence: A Model Driven Architecture for the Web of ThingsAndreas Ruppen
 
A component based architecture for the Web of Things
A component based architecture for the Web of ThingsA component based architecture for the Web of Things
A component based architecture for the Web of ThingsAndreas Ruppen
 
Enabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middlewareEnabling reactive cities with the iFLUX middleware
Enabling reactive cities with the iFLUX middlewareOlivier Liechti
 
Introduction in Landscape architecture
Introduction in Landscape architectureIntroduction in Landscape architecture
Introduction in Landscape architecturemsourgiad
 
Customer Story: University of Munster
Customer Story: University of MunsterCustomer Story: University of Munster
Customer Story: University of MunsterKim Cook
 
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...IOSR Journals
 
Ngn sec
Ngn secNgn sec
Ngn secdraacon
 
New Science Transaction Security Journal
New Science Transaction Security JournalNew Science Transaction Security Journal
New Science Transaction Security JournalUL
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyFrancesco Faenzi
 
Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)Samsung SDS America
 
OmniSpotlight 05-2014
OmniSpotlight 05-2014OmniSpotlight 05-2014
OmniSpotlight 05-2014Anita Lösch
 
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseJ.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseDroidcon Berlin
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SecurityGen1
 
Secure Sms
Secure SmsSecure Sms
Secure SmsMadeline Edkins
 
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiRethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiAlan Quayle
 
Heartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseHeartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseMohamed Hisham Ache
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerTELKOMNIKA JOURNAL
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerPutra Wanda
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewStephen Bates
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by AttackersFireEye, Inc.
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 
Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017José Carlos Álvarez
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce SecurityLindsey Landolfi
 
TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNSIMarketing
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 

More Related Content

Similar to A proof of concept implementation of a secure e-commerce authentication scheme

Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...IOSR Journals
 
New Science Transaction Security Journal
New Science Transaction Security JournalNew Science Transaction Security Journal
New Science Transaction Security JournalUL
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyFrancesco Faenzi
 
OmniSpotlight 05-2014
OmniSpotlight 05-2014OmniSpotlight 05-2014
OmniSpotlight 05-2014Anita Lösch
 
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseJ.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseDroidcon Berlin
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SecurityGen1
 
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiRethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiAlan Quayle
 
Heartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseHeartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseMohamed Hisham Ache
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerTELKOMNIKA JOURNAL
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerPutra Wanda
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewStephen Bates
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by AttackersFireEye, Inc.
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 
TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNSIMarketing
 

Similar to A proof of concept implementation of a secure e-commerce authentication scheme (20)

Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
 
Ngn sec
Ngn secNgn sec
Ngn sec
 
New Science Transaction Security Journal
New Science Transaction Security JournalNew Science Transaction Security Journal
New Science Transaction Security Journal
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
 
Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)Mobile Voice Recording (MVR)
Mobile Voice Recording (MVR)
 
OmniSpotlight 05-2014
OmniSpotlight 05-2014OmniSpotlight 05-2014
OmniSpotlight 05-2014
 
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseJ.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
 
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
SMS Security Unleashed: Your Toolkit for Bulletproof Fraud Detection!
 
Secure Sms
Secure SmsSecure Sms
Secure Sms
 
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap GeminiRethinking the telecom networks, Patrice Crutel, Cap Gemini
Rethinking the telecom networks, Patrice Crutel, Cap Gemini
 
Heartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverseHeartbleed Bug Flaw in Servers and its reverse
Heartbleed Bug Flaw in Servers and its reverse
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate Overview
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
 
Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
 
TNS STIME Case Study May 2015
TNS STIME Case Study May 2015TNS STIME Case Study May 2015
TNS STIME Case Study May 2015
 

Recently uploaded

Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Onlineanilsa9823
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 

Recently uploaded (20)

Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 

A proof of concept implementation of a secure e-commerce authentication scheme

  • 1. A proof of concept implementation of a secure e-commerce authentication scheme C. Latze1, A. Ruppen1, U. Ultes-Nitsche1 1University of Fribourg Faculty of Science Departement of Informatics TNS ISSA Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 1 / 17 Structure 1 Introduction 2 Stronger authentication TPM based solutions Mobile Cell Phone based solutions 3 Conclusion Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 2 / 17
  • 2. Introduction Inroduction Motivation E-commerce application are gaining popularity. Users are not aware of the security risks. Protecting the users from attacks like phishing, pharming or man-in-the-middle is of main importance in online business. However The solution should be simple for the user. The solution should really increase the security. The solution should have a low cost : for the customer and also for the e-commerce provider Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 4 / 17 Introduction Making e-commerce applications more secure What can be considered as secure ? The root of trust Software is not really trustworthy ? So where can we define the ”Root of Trust” ? The only remaining solution is hardware. This can either be some hardware bound to the computer or some hardware bound to the e-commerce application. Computer bound hardware might be the Trusted Platform Module (TPM). Application bound hardware might be a mobile cell phone. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 5 / 17
  • 3. Introduction Implied hardware Trusted Platform Module (TPM) A TPM is a small trusted chip, build into most of the computers build today. It has been specified by the Trusted Computing Group (TCG). It provides secure storage for keys and hashes and some basic cryptographic functions. It is the root of trust. Mobile phone Enhanced SIM cards like those from SanDisk. Multimedia cards from Gemalto. One-Time-Passwords (OTP) sent by SMS. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 6 / 17 Stronger authentication Architecture PHP C MySQL Gammu C TPM Mobile Phone BrowserClient Server Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 8 / 17
  • 4. Stronger authentication TPM based solutions Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 9 / 17 Solutions Authentication using a TPM A TPM based solution The TPM is the root of trust. The TPM based solution secures the line between the user and the e-commerce application. It is based on a three way handshake protocol. Later (not implemented) the keys for the SSL session-keys should be exchanged over this secure line. 2009-07-06 secure e-commerce authentication Stronger authentication TPM based solutions Solutions • Successor of the Trusted Computing Platform Alliance. • Founded in 2007. • Counts actually 170 members around the world. • Has developed multiple specifications in the trusted computing domain, including specifications for – servers, – storage, – clients and – mobile devices. • The most known specification is the TPM specification. • The TPM is a small chip which guaranties protecting a users secrets (aka private keys). • Each TPM has a unique endorsement key. • The chip is very cheap.
  • 5. Stronger authentication TPM based solutions Authentication using a TPM 3-way handshake protocol Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 10 / 17 Stronger authentication Mobile Cell Phone based solutions Solutions Authentication using a Trustable Mobile Device Cell phone based solutions The cell phone is the root of trust. One of the solution uses a mutual transaction confirmation over SMS. The other solution is based on a one-time-password received by SMS. Both solutions give the user a second independant channel making the authentiation/confirmation strong. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 11 / 17
  • 6. Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device Mutual Transaction Confirmation Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 12 / 17 Stronger authentication Mobile Cell Phone based solutions Authentication using a Trustable Mobile Device SMS One-Time-Password (OTP) Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 13 / 17
  • 7. Conclusion Evalution Performance of the system The system is only as good as its perfomance. The mean authentication time using the TPM solution is 4.5 seconds. The mean authentication time for mutual transaction confirmation is 27.1 seconds. The mean authentication time for One-time-passwords over SMS is 19.5 seconds. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 15 / 17 Conclusion Evaluation Security All three protocols behaves well and are secure. The security of the TPM mutual authentication was proven using the AVISPA framework. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 16 / 17
  • 8. Conclusion Conclusion The presented protocols are usable in practice. The implementation can be done transparent to the user. The protocol introduces a new degree of complexity. The level of security needed depends on the nature of the application. Latze,Ruppen,Ultes-Nitsche (University of Fribourg)secure e-commerce authentication Jul 09 17 / 17