AM FL Y TE Team-Fly® Security Fundamentals for E-Commerce For quite a long time, computer security was a rather narrow field of study that was populated mainly by theoretical computer scientists, electrical engineers, and applied mathematicians With the proliferation of open systems in general, and the Internet and the World Wide Web (WWW) in particular, this situation has changed fundamentally Today, computer and network practitioners are equally interested in computer security, since they require technologies and solutions that can be used to secure applications related to electronic commerce (e-commerce) Against this background, the field of computer security has become very broad and includes many topics of interest The aim of this series is to publish state-of-the-art, high standard technical books on topics related to computer security Further information about the series can be found on the WWW by the following URL: http://www.esecurity.ch/serieseditor.html Also, if you’d like to contribute to the series and write a book about a topic related to computer security, feel free to contact either the Commissioning Editor or the Series Editor at Artech House Recent Titles in the Artech House Computer Security Series Rolf Oppliger, Series Editor Information Hiding Techniques for Steganography and Digital Watermarking, Stefan Katzenbeisser and Fabien A P Petitcolas Security Fundamentals for E-Commerce, Vesna Hassler Security Technologies for the World Wide Web, Rolf Oppliger For a complete listing of the Artech House Computing Library, turn to the back of this book Security Fundamentals for E-Commerce Vesna Hassler Pedrick Moore Technical Editor Artech House Boston • London www.artechhouse.com Library of Congress Cataloging-in-Publication Data Hassler, Vesna Security fundamentals for E-commerce / Vesna Hassler; Pedrick Moore, technical editor p cm — (Artech House computer security series) Includes bibliographical references and index ISBN 1-58053-108-3 (alk paper) Electronic commerce—Security measures Broadband communication systems I Moore, Pedrick II Title III Series HF5548.32 H375 2000 658.8’4—dc21 00-064278 CIP British Library Cataloguing in Publication Data Hassler, Vesna Security fundamentals for e-commerce — (Artech House computer security series) Business enterprises—Computer networks—Security measures Electronic commerce—Security measures Broadband communication systems I Title II Moore, Pedrick 005.8 ISBN 1-58053-406-6 Cover design by Wayne McCaul © 2001 ARTECH HOUSE, INC 685 Canton Street Norwood, MA 02062 All rights reserved Printed and bound in the United States of America No part of this book may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the publisher All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized Artech House cannot attest to the accuracy of this information Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark International Standard Book Number: 1-58053-108-3 Library of Congress Catalog Card Number: 00-064278 10 Contents ix 3.2 3.2.1 3.2.2 Public Key Infrastructure X.509 Certificate Format Internet X.509 Public Key Infrastructure 53 54 59 3.3 Encoding Methods 61 Part Electronic Payment Security 65 Electronic Payment Systems 67 4.1 Electronic Commerce 67 4.2 4.2.1 4.2.2 4.2.3 4.2.4 4.2.5 4.2.6 Electronic Payment Systems Off-line Versus Online Debit Versus Credit Macro Versus Micro Payment Instruments Electronic Wallet Smart Cards 68 69 70 70 70 75 75 4.3 Electronic Payment Security 76 Payment Security Services 79 5.1 5.1.1 5.1.2 5.1.3 Payment Security Services Payment Transaction Security Digital Money Security Electronic Check Security 79 81 83 83 5.2 Availability and Reliability 84 Payment Transaction Security 85 6.1 6.1.1 User Anonymity and Location Untraceability Chain of Mixes 85 86 To my families, Ristic′ and Hassler Contents Preface xix What is covered in this book xix Is security an obstacle to e-commerce development? xx Why I wrote this book xxi Some disclaimers xxi How to read this book xxi Acknowledgements xxii Part Information Security 1 Introduction to Security 1.1 Security Threats 1.2 Risk Management 1.3 Security Services 1.4 Security Mechanisms vii viii Security Fundamentals for E-Commerce Security Mechanisms 11 2.1 2.1.1 2.1.2 Data Integrity Mechanisms Cryptographic Hash Functions Message Authentication Code 11 12 14 2.2 2.2.1 2.2.2 Encryption Mechanisms Symmetric Mechanisms Public Key Mechanisms 15 15 24 2.3 2.3.1 2.3.2 2.3.3 2.3.4 Digital Signature Mechanisms RSA Digital Signature Digital Signature Algorithm Elliptic Curve Analog of DSA Public Key Management 36 37 38 40 41 2.4 2.4.1 2.4.2 Access Control Mechanisms Identity-Based Access Control Rule-Based Access Control 41 42 43 2.5 2.5.1 2.5.2 Authentication Exchange Mechanisms Zero-Knowledge Protocols Guillou-Quisquater 43 44 44 2.6 Traffic Padding Mechanisms 45 2.7 Message Freshness 46 2.8 Random Numbers 47 Key Management and Certificates 51 3.1 3.1.1 3.1.2 Key Exchange Protocols Diffie-Hellman Elliptic Curve Analog of Diffie-Hellman 51 52 53 Index prevention of, 237 Web server, 273 DER See Distinguished encoding rules DES See Data encryption standard Description of the order information, 92–93, 99 Design vulnerability, 156 Detection-specific audit record, 249 Dictionary attack, 148, 275 Differential fault analysis, 373 Differential power analysis, 372 Diffie-Hellman protocol, 25, 36, 52–53, 167, 200, 201, 203, 231, 236, 292 Diffusion, data encryption standard, 17, 19 Digest authentication, 258, 264, 265–67, 269 Digital coins, 73–74, 80–81, 83 double spending, 81, 83, 102, 103–9, 115 forging, 81, 83, 110–11 identity-based, 103 stealing, 81, 83, 111–16 Digital envelope, 62 Digital signature, 74, 76, 82, 231 description of, 6, 11–12, 36–37 elliptic curve analog, 40–41 Internet Open Trading Protocol, 127–31 mobile agent, 344 nonrepudiation, 96–98 public key management, 41 RSA system, 37–38 trust models, 299–300 Digital signature algorithm, 36, 38–40, 106, 166, 314 Digital signature standard, 38 Digital watermarking, 280–82 Directive, 265 Directory service, 58–59 DisablePrivilege, 311 Discrete logarithm problem, 31–33, 38, 40, 52–53 Discretionary access control, 42–43 Distinguished encoding rules, 62 Distributed attack, 214 Distributive property, 26 395 DMZ See Demilitarized zone DNS See Domain name service Document type definition, 258 DOI See Domain of interpretation Domain name service, 185, 190, 210 Domain of interpretation, 235–36 Double spending, protection against blind signature, 104 conditional anonymity, 103–4 exchanging coins, 104–5 guardian, 105–9 serial numbers, 115 DSA See Digital signature algorithm DTD See Document type definition Dual-homed gateway, 158 Dual signature, 93–95 Dynamically created code, 344 Dynamic binding, 303 Dynamic checking, 307 Dynamic document, 274 Dynamic key refreshing, 363 Dynamic redundancy, 84 Dynamic signature, 382 Dynamic testing, 252 Dynamic type checking, 305–6 EAP See Extensible authentication protocol Eavesdropping, 3, 53, 77, 83, 150, 174, 178, 288, 293, 358, 372 eCash, 102–3 ECB See Electronic codebook ECDSA See Elliptic curve digital signature algorithm ECML See Electronic commerce modeling language E-commerce See Electronic commerce ECP See Encryption control protocol EDGE See Enhanced data rates for GSM evolution EDI See Electronic data interchange EEPROM See Electrically erasable programmable memory Electrically erasable programmable memory, 370, 373, 376 Electronic banking, 68 Electronic check, 70, 74–75, 81, 83 payment authorization transfer, 119–23 396 Security Fundamentals for E-Commerce Electronic codebook, 21–22 Electronic coin See Digital coins Electronic commerce description of, 67, 321–22, 385–87 Java, 325–28 Joint Electronic Payments Initiative, 324–25 micropayment markup, 324 mobile agents, 333 XML-based concepts, 322–23 Electronic commerce database, 278–80 Electronic commerce modeling language, 323 Electronic data interchange, 67, 322 Electronic Frontier Foundation, 22 Electronic government, 68 Electronic money See Digital coins Electronic payment systems availability and reliability, 84 debit versus credit, 70 electronic wallet, 75 macro versus micro, 70 off-line versus online, 69–70 overview of, 68–69 payment instruments, 70–75 security, 76–78 smart cards, 75–76 Electronic signature, 74 Electronic wallet, 75–76 ElGamal’s signature, 38 Elliptic curve, 31–33 over finite fields, 33–36 security, 36 Elliptic curve analog of Diffie-Hellman, 53 Elliptic curve digital signature algorithm, 36, 40–41 Elliptic curve discrete logarithm problem, 31–33, 38, 40, 52, 53 E-mail, 289–90, 296–97 EME-OAEP See Encoding method for encryption optimal asymmetric encryption EMV specification, 370 EnablePrivilege, 311 Encapsulating security payload, 196–99, 206–9 Encapsulation, 137, 140, 151, 171, 172, 175, 179, 180, 225, 226, 246, 332 Encoding method for encryption optimal asymmetric encryption, 61 Encoding methods, 61–62 Encrypted functions, computing with, 344 Encryption, 6, 11 symmetric mechanisms, 15–24 vulnerabilities in, 155 Encryption control protocol, 179 End entities, 60 End-to-end security, 143, 146, 151, 157, 163, 164, 170 Enhanced data rates for GSM evolution, 355 Entity authentication, 164, 165–66 Environmental key generation, 343–44 ESP See Encapsulating security payload Ethernet, 140, 162 ETSI See European Telecommunications Standards Institute Euler’s Totient Function, 27–28 European Commission, 54 European Telecommunications Standards Institute, 354–55, 365 European Union, 386 Event detection, Exception handling, 305 Exchanging coins, 104–5 Executable content, 149, 287, 289, 302 See also Mobile code Execution history, mobile agent, 340 Expansion permutation, 19 Expensive-to-produce digital coin, 110–11 Extended set of actions, 190 Extensible authentication protocol, 176–78 Extensible authentication protocol TLS, 177 Extensible markup language, 126, 258, 322–23 Face recognition, 381 Facial thermogram, 381 Factoring problem, 25, 30–31 Failure-recovery procedures, 156 False match rate, 378–79, 380, 381 Index False negative, 214 False nonmatch rate, 378–79, 381 False positive, 214 Fault domain, 301 Fault injection, 252 FCS See Frame check sequence FDM See Frequency division multiplexing Feedback, 22 Feistel network, 20, 23, 24 Fermat’s Little Theorem, 27–28 File transfer protocol, 157, 188, 190, 235 problems with, 190–191 Filtering, 215–16, 244–45 See also Packet filtering Final permutation, 19 Financial services markup language, 323 Fingerprinting, 281 Fingerprints, 381 FIPA See Foundation for Intelligent Physical Agents FIPS 188 security label, 168 Firewalls, 157–59, 170, 186, 195, 273, 289 packet filtering, 186–94 Firewall Toolkit, 244 Firewall traversal, 223 FIRST See Forum of Incident Response and Security Teams First Virtual payment transaction, 88–90 Flooding attack, 152, 192–94 FLT See Fermat’s Little Theorem FMR See False match rate FNR See False nonmatch rate Forged message, 77 Forum of Incident Response and Security Teams, 148 Forward certificate, 54 Forward integrity, 342 Foundation for Intelligent Physical Agents, 348 Fragment, 227 Fragmentation, 190 Frame check sequence, 173 Frame relay, 142 Frames, 139, 142, 172, 173, 310–11 Fraud credit card, 72–73 electronic payment systems, 76–77 397 traditional payment systems, 76 Frequency division multiplexing, 142–43 Freshness of payment transaction messages, 80, 82–83, 98–100 FSML See Financial services markup language FTP See File transfer protocol Galois Field, 33–36 Garbage collection, 303, 305 Gateways, 158, 170, 244, 259–60, 302 security association, 197–99 SYNDefender, 193–94 Gateway security model, 326–28 Gbit Ethernet, 142 General packet radio service, 355, 365 German Information and Communication Services Act, 54 Get method, 260–61, 274 GF See Galois Field Global system for mobile communications data and connection confidentiality, 360–61 introduction to, 354–56 security, 356–58 smart cards, 370 standard 02.57, 365 subscriber identity authentication, 359–360 subscriber identity confidentiality, 359 subscriber identity module, 364–65, 377 GPRS See General packet radio service Grantee, 122 Grantor, 122 Group-specific coin, 113 GSM See Gateway security model; Global system for mobile communications Guardian, 105–9, 345 Guillou-Quisquater protocol, 44–45 Hand geometry, 381 Handshake protocols, 165–66, 169, 192 challenge, 174–76 transport layer security, 227–32 wireless, 363 Hardware implementation, 155 398 Security Fundamentals for E-Commerce ICMP See Internet control message protocol ICV See Integrity check value ID See Intrusion detection IDEA See International data encryption algorithm Identifier field, 175 Identity-based access control, 42–43 Identity protection exchange, 238 IDS See Intrusion detection systems IEC, 58, 165, 370 IEEE 802.2 standard, 139, 142 IEEE 802.3 standard, 139, 162 IEEE 802.5 standard, 139 IEEE P1363 standard, 36 IETF See Internet Engineering Task Force IKE See Internet key exchange iKP mechanism, 90, 91–93 IMEI See International mobile equipment identity Implementation vulnerability, 156 IMSI See International mobile subscriber number Inbound connection, 188 Inference, 279–80 Infiltration, 4, 150, 152–53 TE AM FL Y Hash function chain, 114 Hash functions, 12–14, 37, 99, 110, 113, 174, 265, 342–43 one-time password, 177–78 Hash payload, 240 Hashsum, 12 HDLC See High-level data link control Headers, 140, 262–63, 265–66, 270, 287–88 Head method, 260–61 Helper application, 302 High-level data link control, 172–73, 180 High-speed circuit-switched data, 354–55 HLR See Home location register HMAC, 205, 209, 225 Home location register, 358, 359–60 Host anonymity, 85–86 Host authentication, 210 Host-based intrusion detection, 211 audit records, 249 intruder types, 249–50 statistical, 250–51 Host-based keys, 145, 150 Host-host layer See Transport layer Hostile applets, 310 Host-oriented keying, 235 HSCSD See High-speed circuitswitched data HTML See Hypertext markup language HTTP See Hypertext transfer protocol HTTPS See Hypertext transfer protocol with SSL Human factors, 155 Hypertext markup language, 258, 274 Hypertext transfer protocol, 255 cache security, 263–64 client authentication, 264–67 cookies, 287–88 description of, 258–60 headers, 262–63 messages, 260–62 SSL tunneling, 267–68 transaction security, 268–71 Hypertext transfer protocol with SSL, 153, 268 Informational exchange, 238 Information and Communication Services Act, 54 Information flow control, 43 Inheritance, 303–4 Initialization vector, 22, 236 Initial permutation, 19 Instrumentation techniques, 252 Integrated services digital network, 141, 173 Integrity See Data integrity Integrity check value, 205, 208 Intelligent agent, 333 Interbank clearing network, 71–72, 74 International data encryption algorithm, 22–23 International mobile equipment identity, 358 International mobile subscriber number, 358–59 Team-Fly® Index International Organization for Standardization, 5, 6, 7, 54, 58, 61, 165, 370 International Telecommunications Union, 54, 58 Internet control message protocol, 154 Internet Engineering Task Force, 125, 212, 258, 323 Internet Explorer, 312 Internet key exchange, 196–97, 199–204 Internet layer, 139–40, 143–45, 185 Internet model, 138–41, 151 data link layer, 161–62 network access layer, 161–62 See also Network access layer Internet open trading protocol, 125–27, 322 description of, 125–27 with digital signatures, 128–31 security issues, 127–28 Internet protocol, 138, 139–40, 190 Internet Protocol addresses, 140 filtering based on, 186–91 Internet protocol control protocol, 173 Internet protocol packets (messages), 140 Internet protocol security authentication header, 143, 151, 196–99, 202–6, 209 Internet protocol security encapsulating security payload, 196–99, 206–9 Internet protocol security extensions, 150, 158, 162, 185 authentication header, 204–6 combining AH and ESP, 209 description of, 196–97 encapsulating security payload, 143, 152, 206–9 Internet key exchange, 197–204 Internet protocol spoofing, 192 Internet security association and key management protocol, 197, 199, 202, 222, 235–41 anticlogging tokens, 152 description of, 235 domain of interpretation, 235–36 exchange types, 237–38 negotiations, 236–41 399 payload types, 240–41 protocol messages, 237 Internet service digital network connection, 171 Internet worm, 147–49, 274, 331 Interoperability, 146, 153, 236, 322 Interpretation attack, 281 Intranet, 141, 157 Intruder, 152 Intrusion detection, 9, 156, 158 anomaly methods, 213 correlation methods, 213 network-based, 210–16 penetration identification methods, 213 rule-based, 213–14 statistical, 213–14 threshold methods, 213 transition-based method, 213 See also Host-based intrusion detection Intrusion detection system, 211–13 Intrusion prevention, 214 Intrusion response system, 211 Intrusion techniques, 152 IOTP See Internet open trading protocol IP See Internet protocol IPCP See Internet protocol control protocol IPsec See Internet protocol security extensions Iris scanning, 381–82 ISAKMP See Internet security association and key management protocol ISDN See Integrated services digital network ISO See International Organization for Standardization Issuer’s signature, 108–9 Iterated hash function, 15 ITSEC, 247 ITU See International Telecommunications Union IV See Initialization vector JAAS See Java authentication and authorization service Janus function, 296 Janus personalized Web anonymizer, 295 400 Security Fundamentals for E-Commerce Java, 274, 275, 299, 300 applets, 244, 276, 299, 303, 308–10 introduction to, 302–4 protection domains, 312–14 safety, 304–5 security manager and access controller, 301 stack inspection, 310–12 threads and timing attacks, 307 type safety, 305–7 writing secure applications, 314–15 Java authentication and authorization service, 314 JavaBeans, 325 Java Card, 365, 373, 376–77 Java Card Virtual Machine, 376 Java Commerce, 325–28 Java cryptography architecture, 314–15 Java cryptography extension, 314 Java runtime environment, 308 JavaScript, 287, 289, 299, 316–17 Java secure socket extension, 314–15 Java Virtual Machine, 303, 309, 313, 366 Java Wallet, 325 JC See Java Commerce JCA See Java cryptography architecture JCVM See Java Card Virtual Machine JDK 1.1.x, 309, 313 JDK 1.2.x, 310, 312–14 JDK permission architecture, 276 JEPI See Joint Electronic Payments Initiative JIT compiler See Just-in-time compiler Joint Electronic Payments Initiative, 324–25 Jondo process, 292–94 JRE See Java runtime environment JSSE See Java secure socket extension Just-in-time compiler, 303 JVM See Java Virtual Machine Kerberos, 120–21, 122 Key agility, 167 Key agreement, 51, 230–32 Key distribution centers, 53–54 Key exchange payload, 240 Key exchange protocols asynchronous transfer mode, 164, 166–67 description of, 51–52 Diffie-Hellman, 52–53 elliptic curve analog, 53 Key length, 20–21 Key management, 9, 16, 144–45, 150, 292 Keyspace, 15 Keystroke dynamics, 382 Key transport protocols, 51 L2TP See Layer two tunneling protocol LA See Location area Label-based access control, 168 LAI See Location area identifier LAN See Local area network Layering protocols, 135, 141 Layer two forwarding protocol, 179 Layer two tunneling protocol, 162, 179–81 LCP See Link control protocol LDAP See Lightweight directory access protocol Least privilege principal, 300, 313 Lehmann’s primality test, 30 Length field, 175 Lightweight directory access protocol, 59, 233–35 Link control protocol, 171–74 Link dead, 171 Link encryption, 161 Link establishment, 171 Link-level encryption, 143–44 Link termination, 172 LLC sublayer See Logical link control sublayer Local access network emulation, 164 Local area network, 139, 161–62 Location area, 357 Location area identifier, 357 Location untraceability, 80, 81, 85–88 Location update, 357 Log files See Audit trails Logical link control sublayer, 161 Logic bomb, 147 LPWA See Lucent personalized Web assistant Lucent personalized Web assistant, 295–97 Index MAC See Medium access control; Message authentication code Macropayment system, 70 Macro virus, 149 Magic number, 174 Main mode negotiation, 199–202, 238 Malicious applet, 310 Malicious client, 194 Malicious programs, 144, 145, 146–47 executable content, 149 Internet worm, 147–49 macro virus, 149 Malicious user, 249–50 Management plane, 164 Mandatory access control, 43, 246 See also Rule-based access control Mapping, 140, 210 MARS cipher, 23 MASIF See Mobile Agent System Interoperability Facilities Masquerading, 3, 150, 152, 250 Master, 214 Master key, 169, 376 M-commerce See Mobile commerce MD See Message digest Medium access control, 115, 151, 168 Medium access control sublayer, 139, 161–62 Meet-in-the-middle attack, 21 Memory model, 300–1 Merchants, dishonest, 91 Message authentication code, 14–15 application layer, 248 database integrity, 278 hypertext transfer protocol, 270 transport layer security, 227, 228–30 Message confidentiality, 268–69 Message digest protocols, 12–13, 209, 225, 229, 265, 267 Message freshness, 46–47, 268–69 Message integrity, 268–69 Message origin authentication, 268–69 Messages, Internet open trading protocol, 126–27 Message tampering, MExE See Mobile station application execution environment 401 Microbrowser, 361 MicroMint, 110, 113 Micropayment, 70, 324 Microsoft CHAP, 174 Microsoft Word, 299 Millicent system, 114–16 Misfeasor, 250 Mixmaster, 290 Mobile agent protection interval, 344 Mobile agents agent protection, 339–48 benefits of, 332–33 cooperating, 345–46 description of, 331–34 platform protection, 336–39 replicated agents, 346–48 security issues, 334–36 standardization, 348–49 weak and strong mobility, 334, 337 Mobile Agent System Interoperability Facilities, 348–49 Mobile code, 255, 276, 333 development of, 333–34 security, 299–302 Mobile commerce global system for mobile communications, 356–61 introduction to, 353–54 mobile station application execution environment, 365–66 outlook for, 366–67 SIM toolkit, 364–65 technology overview, 354–56 wireless application protocol, 361–64 Mobile cryptography, 344 Mobile station, 357–58, 360 Mobile station application execution environment, 365–66 Mobile switching center, 357, 358, 360 Mobile telephony, 136 Modular arithmetic, 26–30 Modular inverse, 26–27 Moore’s law, 30 Morris worm, 147–49 MS See Mobile station MSC See Mobile switching center Multicast connections, 163, 169 402 Security Fundamentals for E-Commerce Multihomed gateway, 158 Multihop migration, 334, 338 Multilevel security policy, 246 Multiplexing, 142–43 Mutable agent information, 337, 338–39 Mutual authentication, 176 Name field, 175 Namespace, 308 NAPT See Network address port translation NAS See Network access server NAT See Network address translation National Institute of Standards and Technology, 17, 168, 252 N-Code, 215 NCP See Network control protocol Negotiation of security attributes, 153 asynchronous transfer mode, 165–166 hypertext transfer protocol, 271 Internet key exchange, 199–204 ISAKMP, 236–41 layer two tunneling protocol, 181 transport layer security, 232 NetCash, 102–3, 111–13 NetCheque, 119–22 Netscape browser, 302, 312, 315 Network access layer, 161–62, 164 Network access server, 245 Network address port translation, 195 Network address translation, 195 Network-anonymizing technique, 290 Network-based intrusion detection, 210–16 Network control protocol, 171–73 Network file system, 248 Networking technologies, 141–43 Network latency, 332, 333 Network layer, 137–38 Network layer protocol, 171, 172 Network network interface, 170 Network traffic, 332 New group mode negotiation, 199–200 NFS See Network file system NIST See National Institute of Standards and Technology NNI See Network network interface Node, 141 Nonce, 98–99, 241 Nonrepudiation of origin, 82, 95 Internet open trading protocol, 127–28 mobile agent, 338, 340–43 Web transactions, 268–69 Nonrepudiation of payment authorization, 97–98 Nonrepudiation of payment transaction messages, 80, 82, 95–98 Nonrepudiation of submission and delivery, 95 Nonshared cache, 259 Notarization, Notification payload, 241 Number theory, 26–30 Oak programming language, 302–3 OAM See Operation, administration, and maintenance Object linking and embedding control, 315 Object migration, 334 OCSP See Online certificate status protocol OCX See Object linking and embedding control OFB See Output feedback Offer response trading block, 129–30 Off-line payment system, 69–70, 83, 105, 114 1KP payment protocol, 98–100 One-time pad, 16–17 One-time password, 177–78 One-way hash function, 12, 174, 177, 231 Onion routing, 289, 290–91, 297 Online certificate status protocol, 60–61 Online payment system, 69–70, 105 OpenBSD, 248 Open systems interconnection, 136–38, 141 security at layers, 143–46 security services placement, 7–8 X.500 standard, 59 Operating system security, 246–48, 273 Operation, administration, and maintenance, 168, 169 OPSEC/CCI, 212 Index Optimal normal basis representation, 33 Optimized handshake, 363 Options method, 260–61 Order information, 91 Organization for the Advancement of Structured Information Standards, 322 Origin address, 152 Origin server, 259 OSI See Open systems interconnection OTP See One-time password Outbound connection, 188 Output feedback, 21–22 Ownership assertion, 281 P1363 standard, 36 Packet-based protocol, 164 Packet filtering IP addresses, 186–88 IP addresses and port numbers, 188–91 network address translation, 195 TCP problems, 191–94 Packet filtering rules, 186, 188–89, 191 Packets security threats, 150–53 source routing, 156 switching, 141–42 Padding, 17, 207 Paging, 357–58 PAP See Password authentication protocol Partial result authentication code, 342 Partial result chaining, 340, 341–43 Partial security, 279 Passive gateway, 194 Password authentication protocol, 173–74 Password-based authentication, 245 Password file, UNIX, 148–49 Passwords, stealing, 145, 275 Password sniffing, 177 PASV command, 191 Path histories, 337–38 Path key, 294 Payer anonymity, 80, 81–82, 102, 103 pseudonyms, 88–90 Payment authorization transfer, 81, 83 cascaded proxy, 122–23 description of, 119 403 Kerberos, 120–21 proxies, 120–23 restricted proxy, 121–22 Payment instruction, 91 Payment instruments, 70–75 Payment security services, 79–81 Payment-system independence, 126 Payment system participants, dishonest, 77 Payment transaction security, 80–83 Payment transaction untraceability, 80, 82, 90–91, 95, 101–3 PayWord, 114 P-box permutation, 19 PDU See Protocol data unit Peer entity authentication, 5, 225 Penetration identification intrusion detection, 213 PEP See Protocol extension protocol Perfect encryption, 16 Perfect forward entry, 199 Per-fee link, 324 Perl, 274, 275 Permission scoping, 312 Permutation, 19 Persistent connections, 258–59 Personal identification number, 374–76 Personal unblocking key, 374 Pervasive security mechanisms, 6, 8–9 PGP See Pretty good privacy Physical layer, 137, 138, 164 PIN See Personal identification number PKCS See Public key cryptography standard PKIX See Public key infrastructure X.509 Plaintext, 15 Plug-ins, 302, 315 Point-of-sale terminal, 75 Point-to-multipoint connections See Multicast Point-to-point protocol, 136, 138, 139, 162 challenge-handshake authentication protocol, 174–76 description of, 170–73 encryption control protocol, 179 extensible authentication protocol, 176–78 404 Security Fundamentals for E-Commerce Point-to-point protocol (continued) password authentication protocol, 173–74 Point-to-point tunneling protocol, 179–80 Polynomial representation, 33–36 Portability, 303 Port number filtering, 188–91 Ports, communication, 140 POS terminal See Point-of-sale terminal Post method, 261, 263, 274 PostScript, 299 Power supply attack, 374 PPP See Point-to-point protocol PPTP See Point-to-point tunneling protocol PRAC See Partial result authentication code Presentation attack, 281 Presentation header, 137 Presentation layer, 137 Pretty good privacy, 62, 269 Primality test, 29–30 Principal, 3, 82, 91 Priority level, 278–79 Privacy, World Wide Web, 285, 287–88 Private key, 24–25, 279, 344, 375 Probable innocence, 293 Procedural programming language, 316 Process migration, 333–34 Proof-carrying code, 301 Proposal payload, 240 Protection domain, 312–14 Protocol data unit, 136–37, 143, 150–53 Protocol extension protocol, 324 Protocols, network, 82 Protocol selection, layers security, 145–46 Protocol suite, 138 Proxies anonymizing services, 289, 291–92, 295 application gateways, 158, 244 cascaded, 122–23 hypertext transfer protocol, 259 NetCheque, 120–21 restricted, 121–22 security issues, 263–64, 269 transparent and nontransparent, 259 Proxy application, 157 Proxy server, 233–34 Pseudonym, 88–90, 295, 296 Pseudorandom function, 91–93, 99 Pseudorandom sequence generators, 47 Public administration See Electronic government Public key algorithm, multicast, 169 Public key certificates, 41, 97–98, 100, 153 directory service, 58–59 management, 41, 53–54 transport layer security, 228 X.509 format, 54–61 Public key infrastructure X.509, 59–61 Public keys, 15, 61, 62, 74, 93, 95, 232 description of, 24–25 elliptic curves, 31–33, 36 Galois fields, 33–36 RSA, 25–31 Public key pair, 96 Public switched telephone network, 136 Publishing copyright protection, 280–82 World Wide Web, 273–74, 277 PUK See Personal unblocking key Put method, 261 Python, 274 QoS See Quality of Service Quality of Service, 143, 161, 168 Quantity-constrained resource, 301 Quick mode negotiation, 199–200, 202–4, 238 Rabin-Miller primality test, 30 Radicchio, 356 RADIUS, 245 Random access memory, 370 Randomized hashsum, 90–91 Randomized signature, 108–9 Random number, 47 RC See Rivest Cipher Read-only memory, 370, 373 Read-ups, 246 Real-time applications, 332 Real-time database, 278–79 Reason phrase, 261 Index Record, 226 Record protocol, 226–27 Recovery, intrusion detection, 211 Redirector, 291 Redundancy, static and dynamic, 84 Reference monitor, 7, 246 Registration authorities, 59–60 Relay mechanism, 193 Reliability, system, 84 Remailer, 289–90 Remote procedure call, 143 Replay attack, 4, 46–47, 150, 174, 177, 200, 204, 206, 265 Replicated mobile agent, 346–48 Reply block, 290 Repositories, 60 Request line, 260–61, 269 Residue, 26 Resource record, 210 Restricted proxy, 119, 120, 121–22 Restrictive blind signature, 109 Retinal pattern, 381 Reverse address resolution protocol, 140 Reverse certificate, 54 Reverse finger check, 223 RevertPrivilege, 311 Rewebber, 277 Rijndael cipher, 24 RIP See Routing information protocol Risk analysis as process, 4–5 and security policy, 79–80 Risk level, Risk management, 4–5 Rivest Cipher, 23 Robustness attack, 281 Robust watermark, 280 Roles, gateway security model, 326–27 Routing, anonymous, 290–94 Routing control, Routing information protocol, 154 RPC See Remote procedure call RR See Resource record RSA public key, 25–31, 166 RSA signature, 102 RST flag, 151 Rule-based access control, 43 405 Rule-based intrusion detection, 213–14 attack signatures, 215–16 SA See Security agent Safety check, 300–301 SAMP See Security attribute modulation protocol Sandbox model, 309, 377 SASL See Simple authentication and security layer SATMP See Security attribute token mapping protocol S-box, 18–19 SC See Smart cards Scheme name, 257–58 Screening router, 157–58 Scrip, 115–16 SDML See Signed document markup language SDU See Service data unit Secret key, 15–16, 169, 179, 281 See also Symmetric encryption mechanisms Secret splitting (sharing), 104, 346 Secure channel, 151, 269 Secure electronic payment protocol, 92 Secure electronic transaction, 76, 93–95 Secure hash standard one, 14, 209, 343 Secure hypertext transfer protocol, 6, 143, 270–71 Secure/multipurpose Internet mail extension, 62, 143, 269–70 Secure session, 151 Secure sockets layer, 6, 23, 51, 72, 128, 153, 225, 269, 274, 277, 285, 287 Secure sockets layer tunneling, 267–68 Secure sockets layer version 3.0, 225 Secure transaction technology, 92 Security agent, 165 Security association payload, 238 Security associations, 165, 197–99, 235 attributes, 235–236 ISAKMP, 238, 240 transport mode, 197 tunnel mode, 197–98 Security attribute modulation protocol, 247 406 Security Fundamentals for E-Commerce Security attribute token mapping protocol, 247 Security audit, Security audit trail, 8–9 Security domain, 366 Security Dynamics card, 178 Security-enhanced application, 251 Security kernel, 246 Security label, 8, 43 Security level, 279 Security manager, 309 Security mechanisms, Security message exchange, 169 Security parameter index, 197, 203, 236 Security policy, Security recovery, Security services, 5–6 Security testing, 251–52 Security zone, 316 Segment, transport control protocol, 140 Selective field confidentiality service, Selector, security association, 198–99 Semantic transparency, 263 Sendmail, 148 Sensitivity class, 43 Sensitivity, security level, 246 SEPP See Secure electronic payment protocol Sequence number prediction, 194 Serial line Internet protocol, 136, 139, 173 Serpent cipher, 24 Server-side certificate, 285 Service data unit, 168 Service ticket, 120–21 Servlet, 276 Session, 137, 287 Session key, 267 Session layer, 137, 151 SET See Secure Electronic Transactions SGML See Standard generalized markup language SHA-1 See Secure hash standard one Shadow password file, 149 Shared cache, 259 Shell escapes, 274–75 Short message service, 355–56 S-HTTP See Secure hypertext transfer protocol Signature block, 126–27, 129, 130 Signature method, biometrics, 382 Signature payload, 241 Signed document markup language, 323 Signed script policy, 317 Simple authentication and security layer, 221–22, 232–35 Simple mail transfer protocol, 188–90 SIM toolkit See Subscriber identity module toolkit Single-hop mobile agent, 334, 348 SKEME, 199 SLIP See Serial line Internet protocol Smart cards, 71 application security, 374–76 biometrics, 377–82 hardware security, 371–73 introduction to, 369–71 Java Card, 376–77 operating system security, 373–74 protocol runs, 44 subscriber identity module card, 377 uses, 75–76 vulnerabilities, 155 S/MIME See Secure/multipurpose Internet mail extension SMS See Short message service SMTP See Simple mail transfer protocol Social engineering, 155 SOCKS version 4, 223 SOCKS version 5, 221, 223–25 Software fault isolation, 300–1 Software implementation, 155 Source routing, 156 Spam filtering, 297 Specific security mechanisms, 6–7 Speech recognition, 382 SPI See Security parameter index SPIN operating system, 300 Spoofing attack, 192, 210, 286–87, 317 SQL See Structured query language SSH Communications Security, 222 SSL See Secure sockets layer Stack inspection, 310–12 Standard 47, 173 Index Standard generalized markup language, 258, 323 Start line See Request line State appraisal, 338 State-based access control, 374 Stateful inspection, 245 Stateless protocol, 258 Static document, 274 Static redundancy, 84 Static signature, 382 Static testing, 252 Static type checking, 305–6 Stationary agent, 333 Statistical intrusion detection, 213–14, 250–51 Status code, 261 Status line, 261 Stealing coins, 111–16 Steganography, 280–81 Stream cipher, 22–23, 231 Strong forward integrity, 342 Strong mobility, 334, 337 Structured query language, 280, 332 STT See Secure transaction technology Subliminal channel, 39 Subscriber identity authentication, 359–60 Subscriber identity confidentiality, 359 Subscriber identity module card, 360, 377 Subscriber identity module toolkit, 356, 364–65 Substitution, 18–19 Superuser permission, 246 Switching technologies, 141–42 Symmetric encryption mechanisms advanced encryption standard, 23–24 crowds routing, 291 data encryption standard, 17–22 description of, 15–16 IDEA, 22–23 one-time pad, 16–17 Rivest Cipher, 23 Symmetric key, 375–76 Synchronization, data transfer, 191–92 SYNDefender, 193–94, 223 SYN flooding attack, 192–94 System, defined, System resource access control, 300–1 407 System resource consumption control, 301 TACACS, 245 TADMIN See Trusted administration Taint mode, 275 Tampering, control information, 150–51 Tamper-proof (tamper-resistant) device, 105, 109, 345 TANs See Transaction number TAPPS See Trusted application TCP/IP See Transport control protocol/Internet protocol TDM See Time division multiplexing TDMA See Time division multiple access Telescript, 299 TELNET, 138, 143, 157, 188, 235 Temporary mobile subscriber identity, 359, 360 Text line coding, 281 TGS See Ticket granting service Threads, 307, 310 Threats, security, 3–, 150–53 3KP payment protocol, 96–98 Three-way handshake, 165–66, 169, 174–76, 192 Threshold intrusion detection, 213–14, 250 Threshold scheme, 346–48 TIA/EIA-136, 354–55 Ticket granting service, 120–22 Time-constrained resource, 301 Time division multiple access, 354 Time division multiple access ANSI136, 354 Time division multiplexing, 142–43 Time-limited obfuscation, 344–45 Time service, Time stamp, 7, 98–99, 249 Timing attack, 279, 294, 307, 372–73 Timing channel, 279 TLS See Transport layer security TMSI See Temporary mobile subscriber identity TNFS See Trusted network file system TPO block See Trading protocol options block Trace method, 261 408 Security Fundamentals for E-Commerce Tunnel mode security association, 197–98, 205–6, 208–9, 221 T wallet, 105 TWINKLE, 30–31 Twofish cipher, 24 Two-way handshake, 165, 169, 173–74 Type checking, 305–7 Type soundness, 306–7 UDP See User datagram protocol UIM card See User identity module card UMTS See Universal mobile telecommunications system UNI See User network interface Unicode, 61 United Nations, 322 Universal mobile telecommunications system, 355 Universal payment preamble, 324 Universal resource identifier, 257–58, 270, 287, 288 Universal resource locator, 286, 308, 316 Universal resource locator rewriting, 295 Universal subscriber identity module, 377 Universal Wireless Communications Consortium, 354–55 UNIX, 147, 148–49, 222–23 Unstructured supplementary services data, 356, 365 UPP See Universal payment preamble URI See Universal resource identifier URL See Universal resource locator URN See Universal resource name Usage control, 281 User anonymity, 80–81, 85–88 User datagram protocol, 140, 181, 189, 221–23, 235 User identity module card, 377 User key, 281 User network interface, 169 User-oriented keying, 235 User plane, 164 User profile, 288 USIM See Universal subscriber identity module USSD See Unstructured supplementary services data UTMS, 355, 377 TE AM FL Y Tracker attack, 280 Trading block, 126–27, 129 Trading exchange, 126 Trading protocols options block, 128, 130 Trading roles, 125–26 Traffic analysis, 4, 7, 150–52, 206, 207 Traffic flow confidentiality, Traffic padding, 7, 45–46 Trailer, 140 Transaction identifier, 127 Transaction number, 46 Transaction reference block, 126–28 Transactions, Internet open trading protocol, 126 Transfer encoding, 62 Transform payload, 240 Transition-based intrusion detection, 213 Transport control protocol, 140, 191 sequence number prediction, 194 SYN flooding attack, 192–94 Transport control protocol header, 189 Transport control protocol/Internet protocol, 138, 154, 185 Transport control wrapper, 221–23 Transport layer, 137, 140, 145 Transport layer security, 128, 151, 153, 277 description of, 221–22, 225–26 handshake protocol, 227–32 record protocol, 226–27 Transport mode security association, 197, 205, 208, 209 Trapdoor, 147 Tripwire software, 248 Trojan horse, 144, 147, 302, 375 Trusted administration, 248 Trusted application, 248 Trusted functionality, Trusted network file system, 248 Trusted processing environment, 345 Trusted Solaris, 246–47 Trusted Systems Information eXchange, 247–48 Trust model vulnerabilities, 155 TSIX See Trusted Systems Information eXchange Tunneling, 151, 267–68, 259, 260 Team-Fly® Index Value size field, 175 VC See Virtual circuit VCC See Virtual channel connection VCI See Virtual channel identifier VINO, 301 Virtual channel connection, 163, 168 Virtual channel identifier, 163–64 Virtual circuit, 141, 164–65, 167, 170 Virtual credit card, 71 Virtual path connection, 163 Virtual path identifier, 163–64 VirtualPIN, 88–90 Virtual private network, 145, 158–59 asynchronous transfer mode, 169–70 security association, 197–98 Virus, 147 Virus wall, 244 Visa Open Platform, 377 Visitor location register, 358–60 VLR See Visitor location register VMView, 252 Voice over Internet protocol, 136 VPC See Virtual path connection VPI See Virtual path identifier VPIN See VirtualPIN VPN See Virtual private network WAE See Wireless application environment WAN See Wide area network WAP See Wireless application protocol Watermark detection, 280 Watermark extraction, 280 Watermarking, digital, 280–82 WDP See Wireless datagram protocol Weak forward integrity, 342 Weak mobility, 334 Web anonymizer, 295 White-box testing, 251–52 Wide area network, 141 WIM See Wireless application protocol identity module 409 WinNuke filter, 215–16 Wireless application environment, 362 Wireless application protocol, 355, 361–63 Wireless Application Protocol Forum, 356 Wireless application protocol identity module, 364 Wireless datagram protocol, 362 Wireless e-commerce See Mobile commerce Wireless markup language, 361–64 Wireless session protocol, 362 Wireless transaction protocol, 362 Wireless transport layer security, 361, 363 Wireless transport security layer, 362 WML See Wireless markup language WMLScript, 361–62 Word, 14 Word space coding, 281 World Wide Web access control, 273 copyright protection, 280–82 description of, 255, 257–58 publishing issues, 273–74, 277 transaction security, 268–71 World Wide Web client security, 285 anonymizing techniques, 288–97 privacy violations, 287–88 spoofing, 286–87, 317 Wrapper, 275–76 Wrapping mechanism, 270 Write-down, 246 WSP See Wireless session protocol WTLS See Wireless transport layer security WTP See Wireless transaction protocol X.25 standard, 141 X.500 standard, 58–59, 233 X.509 certificate, 54–61, 230 X9.62 standard, 36 XML See Extensible markup language Zero-knowledge protocol, 43–45 ... Hassler, Vesna Security fundamentals for e- commerce — (Artech House computer security series) Business enterprises—Computer networks Security measures Electronic commerce Security measures Broadband... seven-layer reference model Some services may be provided at more than one layer if the effect on security is different (Table 1.2 [4]) 8 Security Fundamentals for E- Commerce Table 1.2 Placement of Security. .. like e- commerce, ” “Internet,” “Web,” or security. ” E- commerce (electronic commerce) is a result of moving the economy to a new medium, namely the computer network For the most part, interconnected