Secure Credit Card Transactions on an Untrusted Channel
- Slides: 11
Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun (孫翠鴻) Date: 2010/9/24 1
Outline • • Introduction Motivation Scheme Security analysis Performance evaluation Advantage vs. weakness Comment 2
Introduction • Credit cards based payment system • Entity: customer, merchant, credit card issuer and bank. • Credit card: credit card number, Card Verification Value (CVV). • Transaction: billing digest, information about the customer. 3
Introduction • Secure Socket Layer (SSL) – Establish a trusted connection between two parties. • HTTPS (Secure HTTP) – Send messages securely using SSL. • Both two need public keys and certificates, besides, the operations process are complex. 4
Motivation • SSL and HTTPS are complex because they involve key-management, user credentials and certificates. • Smart cards require extra infrastructure like smart card reader and middleware. • This paper want to let the transaction become more simpler and easy to achieve security. 5
Scheme Common key KBMi (ex. customer credit card data) Common key KBMi Credit card confidentially 6
Scheme 1. Request phase 2. Verification phase 3. Authentication Phase 4. Response Phase UI 1: customer related non critical data. UI 2: importance to the merchant data. h = HCVV(UI 1, UCI, T, CVV) T: time stamp. UCI : customer critical information. CVV: Card Verifier Value. TID: transaction id. 7 rc and rm: response values generated by the issuer. TID = H(h, UI 1, T)
Scheme • Authentication Phase – Issuer has a database containing customer credit card data. A 1 Retrieve CVV and UCI from database. A 2 Compute hash value h 1. A 3 Comparing h and h 1 consistency. A 4 Generate response values Accept: Reject: A 5 Send acknowledgement to bank. 8 : common key between the bank and the merchant i.
Security analysis • • Replay Attack Forgery Attack Man-in-the-Middle Attack Guessing Attack 9
Performance evaluation • Complexity Comparison Request phase: exor operation, hash operation (bank). Verification phase: hash operation (merchant), intersection operation (issuer). Authentication phase: exor operations (issuer). 10
Advantage vs. weakness • Advantage – Can resist 4 type important attack. – No need complex computing. – No need extra overhead like smart card, reader and middleware. – Just use hash function and a common key. – just use a one round protocol. • Weakness – Common key may be weak. 11
- Debit cards advantages and disadvantages
- Checking account and debit card simulation
- Ssl decryption explained
- Secure electronic payment
- Part two analyzing the effect of transactions
- Remote side-channel attacks on anonymous transactions
- Secure communication channel
- This can be avoided by giving credit where credit is due.
- Credit channel example
- Single channel marketing
- Conversion of continuous awgn channel to vector channel
- Jfet self bias configuration