1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review...
-
Upload
lenard-francis -
Category
Documents
-
view
224 -
download
5
Transcript of 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review...
![Page 1: 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.](https://reader030.fdocuments.net/reader030/viewer/2022020111/56649cc95503460f94991327/html5/thumbnails/1.jpg)
1
Secure Credit Card Transactions on an Untrusted Channel
Source: Information Sciences in review
Presenter: Tsuei-Hung Sun (孫翠鴻 )
Date: 2010/9/24
![Page 2: 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.](https://reader030.fdocuments.net/reader030/viewer/2022020111/56649cc95503460f94991327/html5/thumbnails/2.jpg)
2
Outline
• Introduction
• Motivation
• Scheme
• Security analysis
• Performance evaluation
• Advantage vs. weakness
• Comment
![Page 3: 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.](https://reader030.fdocuments.net/reader030/viewer/2022020111/56649cc95503460f94991327/html5/thumbnails/3.jpg)
3
Introduction
• Credit cards based payment system
• Entity: customer, merchant, credit card issuer and bank.
• Credit card: credit card number, Card Verification Value (CVV).
• Transaction: billing digest, information about the customer.
![Page 4: 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.](https://reader030.fdocuments.net/reader030/viewer/2022020111/56649cc95503460f94991327/html5/thumbnails/4.jpg)
4
Introduction
• Secure Socket Layer (SSL)– Establish a trusted connection between two parties.
• HTTPS (Secure HTTP)– Send messages securely using SSL.
• Both two need public keys and certificates, besides, the operations process are complex.
![Page 5: 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.](https://reader030.fdocuments.net/reader030/viewer/2022020111/56649cc95503460f94991327/html5/thumbnails/5.jpg)
5
Motivation
• SSL and HTTPS are complex because they involve key-management, user credentials and certificates.
• Smart cards require extra infrastructure like smart card reader and middleware.
• This paper want to let the transaction become more simpler and easy to achieve security.
![Page 6: 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.](https://reader030.fdocuments.net/reader030/viewer/2022020111/56649cc95503460f94991327/html5/thumbnails/6.jpg)
6
Scheme
(ex. customer credit card data)
Credit card confidentially
Common key KBMi
Common key KBMi
![Page 7: 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.](https://reader030.fdocuments.net/reader030/viewer/2022020111/56649cc95503460f94991327/html5/thumbnails/7.jpg)
7
Scheme
UI1: customer related non critical data. UI2: importance to the merchant data. h = HCVV(UI1, UCI, T, CVV) T: time stamp. UCI : customer critical information. CVV: Card Verifier Value. TID: transaction id. rc and rm: response values generated by the issuer. TID = H(h,UI1,T)
1.Request phase
2.Verification phase
3.Authentication Phase
4.Response Phase
cr
![Page 8: 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.](https://reader030.fdocuments.net/reader030/viewer/2022020111/56649cc95503460f94991327/html5/thumbnails/8.jpg)
8
Scheme
• Authentication Phase– Issuer has a database containing customer credit
card data.
A1 Retrieve CVV and UCI from database.
A2 Compute hash value h1.
A3 Comparing h and h1 consistency.
A4 Generate response values
A5 Send acknowledgement to bank.
).,( YesTEr IDKmiBM
).,( YesTHr IDCVVc
Reject:
Accept:
).,( NoTEr IDKmiBM
).,( NoTHr IDCVVc
: common key between the bank and the merchant i.iBMK
![Page 9: 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.](https://reader030.fdocuments.net/reader030/viewer/2022020111/56649cc95503460f94991327/html5/thumbnails/9.jpg)
9
Security analysis
• Replay Attack
• Forgery Attack
• Man-in-the-Middle Attack
• Guessing Attack
![Page 10: 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.](https://reader030.fdocuments.net/reader030/viewer/2022020111/56649cc95503460f94991327/html5/thumbnails/10.jpg)
10
Performance evaluation
• Complexity Comparison
Request phase: exor operation, hash operation (bank).Verification phase: hash operation (merchant), intersection operation (issuer).Authentication phase: exor operations (issuer).
![Page 11: 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.](https://reader030.fdocuments.net/reader030/viewer/2022020111/56649cc95503460f94991327/html5/thumbnails/11.jpg)
11
Advantage vs. weakness
• Advantage– Can resist 4 type important attack.
– No need complex computing.
– No need extra overhead like smart card, reader and middleware.
– Just use hash function and a common key.
– just use a one round protocol.
• Weakness– Common key may be weak.