Security Fundamentals for E-Commerce (Artech House Computer Security Series)

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

Author(s): Vesna Hassler
Year: 2002

Language: English
Pages: 432

Contents......Page 8
Information Security......Page 24
Part......Page 26
Part......Page 27
Part......Page 28
1.4 Security Mechanisms......Page 29
2.1 Data Integrity Mechanisms......Page 34
2.1.1 Cryptographic Hash Functions......Page 35
2.1.2 Message Authentication Code......Page 37
2.2.1 Symmetric Mechanisms......Page 38
2.2.2 Public Key Mechanisms......Page 47
2.3 Digital Signature Mechanisms......Page 59
2.3.1 RSA Digital Signature......Page 60
2.3.2 Digital Signature Algorithm......Page 61
2.3.3 Elliptic Curve Analog of DSA......Page 63
2.4 Access Control Mechanisms......Page 64
2.4.1 Identity- Based Access Control......Page 65
2.5 Authentication Exchange Mechanisms......Page 66
2.5.2 Guillou- Quisquater......Page 67
2.6 Traffic Padding Mechanisms......Page 68
2.7 Message Freshness......Page 69
2.8 Random Numbers......Page 70
3.1 Key Exchange Protocols......Page 74
3.1.1 Diffie- Hellman......Page 75
3.2 Public Key Infrastructure......Page 76
3.2.1 X. 509 Certificate Format......Page 77
3.2.2 Internet X. 509 Public Key Infrastructure......Page 82
3.3 Encoding Methods......Page 84
Part......Page 25
Electronic Payment Security......Page 88
4.1 Electronic Commerce......Page 90
4.2 Electronic Payment Systems......Page 91
4.2.1 Off- line Versus Online......Page 92
4.2.4 Payment Instruments......Page 93
4.2.6 Smart Cards......Page 98
4.3 Electronic Payment Security......Page 99
5.1 Payment Security Services......Page 102
5.1.1 Payment Transaction Security......Page 104
5.1.3 Electronic Check Security......Page 106
5.2 Availability and Reliability......Page 107
6.1 User Anonymity and Location Untraceability......Page 108
6.1.1 Chain of Mixes......Page 109
6.2.1 Pseudonyms......Page 111
6.3.2 Randomized Hashsum in SET......Page 113
6.4.1 Pseudorandom Function......Page 114
6.4.2 Dual Signature......Page 116
6.5 Nonrepudiation of Payment Transaction Messages......Page 118
6.5.1 Digital Signature......Page 119
6.6.1 Nonces and Time Stamps......Page 121
7.1 Payment Transaction Untraceability......Page 124
7.1.2 Exchanging Coins......Page 125
7.2.1 Conditional Anonymity by Cut- and- Choose......Page 126
7.2.3 Exchanging Coins......Page 127
7.2.4 Guardian......Page 128
7.3.1 Expensive- to- Produce Coins......Page 133
7.4.1 Customized Coins......Page 134
8.1 Payment Authorization Transfer......Page 142
8.1.1 Proxies......Page 143
9.1 Internet Open Trading Protocol ( IOTP)......Page 148
9.2 Security Issues......Page 150
9.3 An Example With Digital Signatures......Page 151
Communication Security......Page 156
10.1 Introduction......Page 158
10.2 The OSI Reference Model......Page 159
10.3 The Internet Model......Page 161
10.4 Networking Technologies......Page 164
10.5 Security at Different Layers......Page 166
10.5.1 Protocol Selection Criteria......Page 168
10.6 Malicious Programs......Page 169
10.6.1 The Internet Worm......Page 170
10.7 Communication Security Issues......Page 172
10.7.1 Security Threats......Page 173
10.7.2 Security Negotiation......Page 176
10.7.4 Vulnerabilities and Flaws......Page 177
10.8 Firewalls......Page 180
10.9 Virtual Private Networks ( VPN)......Page 181
11.1 Introduction......Page 184
11.2 Asynchronous Transfer Mode ( ATM)......Page 185
11.2.1 ATM Security Services......Page 187
11.2.4 ATM VPN......Page 192
11.3 Point- to- Point Protocol ( PPP)......Page 193
11.3.1 Password Authentication Protocol ( PAP)......Page 196
11.3.2 Challenge- Handshake Authentication Protocol ( CHAP)......Page 197
11.3.3 Extensible Authentication Protocol ( EAP)......Page 199
11.4 Layer Two Tunneling Protocol ( L2TP)......Page 202
12.1 Introduction......Page 208
12.2.1 Filtering Based on IP Addresses......Page 209
12.2.2 Filtering Based on IP Addresses and Port Numbers......Page 211
12.2.3 Problems With TCP......Page 214
12.2.4 Network Address Translation ( NAT)......Page 218
12.3 IP Security ( IPsec)......Page 219
12.3.1 Security Association......Page 220
12.3.2 The Internet Key Exchange ( IKE)......Page 222
12.3.3 IP Security Mechanisms......Page 227
12.5 Network- Based Intrusion Detection......Page 233
12.5.1 Network Intrusion Detection Model......Page 235
12.5.2 Intrusion Detection Methods......Page 236
12.5.3 Attack Signatures......Page 238
13.1 Introduction......Page 244
13.2 TCP Wrapper......Page 245
13.3.1 SOCKS Version 5......Page 246
13.4 Transport Layer Security ( TLS)......Page 248
13.4.1 TLS Record Protocol......Page 249
13.4.2 TLS Handshake Protocol......Page 250
13.5 Simple Authentication and Security Layer ( SASL)......Page 255
13.5.1 An Example: LDAPv3 With SASL......Page 256
13.6.1 Domain of Interpretation ( DOI)......Page 258
13.6.2 ISAKMP Negotiations......Page 259
14.1 Introduction......Page 266
14.2 Application Gateways and Content Filters......Page 267
14.3 Access Control and Authorization......Page 268
14.4 Operating System Security......Page 269
14.5.2 Types of Intruders......Page 272
14.5.3 Statistical Intrusion Detection......Page 273
14.7 Security Testing......Page 274
Web Security......Page 278
15.1 Introduction......Page 280
15.2 Hypertext Transfer Protocol ( HTTP)......Page 281
15.2.1 HTTP Messages......Page 283
15.2.2 Headers Leaking Sensitive Information......Page 285
15.2.3 HTTP Cache Security Issues......Page 286
15.2.4 HTTP Client Authentication......Page 287
15.2.5 SSL Tunneling......Page 290
15.3 Web Transaction Security......Page 291
15.3.1 S- HTTP......Page 293
16 Web Server Security......Page 296
16.1 Common Gateway Interface......Page 297
16.2 Servlets......Page 299
16.4 Database Security......Page 300
16.5 Copyright Protection......Page 303
17 Web Client Security......Page 308
17.1 Web Spoofing......Page 309
17.2 Privacy Violations......Page 310
17.3 Anonymizing Techniques......Page 311
17.3.1 Anonymous Remailers......Page 312
17.3.2 Anonymous Routing: Onion Routing......Page 313
17.3.3 Anonymous Routing: Crowds......Page 314
17.3.5 Lucent Personalized Web Assistant ( LPWA)......Page 318
18.1 Introduction......Page 322
18.3 Java......Page 325
18.3.1 Java Safety......Page 327
18.3.2 Java Type Safety......Page 328
18.3.3 Java Threads and Timing Attacks......Page 330
18.3.4 Java Applets......Page 331
18.3.5 Malicious and Hostile Applets......Page 332
18.3.6 Stack Inspection......Page 333
18.3.7 Protection Domains in JDK 1.2. x......Page 335
18.3.8 Writing Secure Applications in Java......Page 337
18.4 ActiveX Controls and Authenticode......Page 338
18.5 JavaScript......Page 339
19.1 Introduction......Page 344
19.2 XML- Based Concepts......Page 345
19.4 Joint Electronic Payments Initiative ( JEPI)......Page 347
19.5 Java Commerce......Page 348
Mobile Security......Page 352
20.1 Introduction......Page 354
20.2 Mobile Agents......Page 356
20.3 Security Issues......Page 357
20.4 Protecting Platforms From Hostile Agents......Page 359
20.5.1 Path Histories......Page 360
20.5.3 Signing of Mutable Agent Information......Page 361
20.6 Protecting Agents From Hostile Platforms......Page 362
20.6.1 Cryptographic Traces......Page 363
20.6.2 Partial Result Chaining......Page 364
20.6.3 Environmental Key Generation......Page 366
20.6.5 Code Obfuscation......Page 367
20.6.7 Cooperating Agents......Page 368
20.6.8 Replicated Agents......Page 369
20.7 Standardization Efforts......Page 371
21.1 Introduction......Page 376
21.2 Technology Overview......Page 377
21.3 GSM Security......Page 379
21.3.2 Subscriber Identity Authentication......Page 382
21.3.3 Data and Connection Confidentiality......Page 383
21.4 Wireless Application Protocol......Page 384
21.4.1 Wireless Transport Layer Security ( WTLS)......Page 386
21.5 SIM Application Toolkit......Page 387
21.6 Mobile Station Application Execution Environment ( MExE)......Page 388
21.7 Outlook......Page 389
22.1 Introduction......Page 392
22.2 Hardware Security......Page 394
22.3 Card Operating System Security......Page 396
22.4 Card Application Security......Page 397
22.5 Java Card......Page 399
22.7 Biometrics......Page 400
22.7.1 Physiological Characteristics......Page 404
22.7.2 Behavioral Characteristics......Page 405
Afterword......Page 408
About the Authors......Page 412
Index......Page 414