Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.

Published byPierce Casey Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Security Lecture 26 Presented by: Dr. Munam Ali Shah."— Presentation transcript:

1 Network Security Lecture 26 Presented by: Dr. Munam Ali Shah

2 Part – 2 (e): Incorporating security in other parts of the network

3 Summary of the Previous Lecture In previous lecture we continued our discussion on Authentication Applications and more precisely we talked about Kerberos in detail Kerberos versions, threats and vulnerabilities were explored We also talked about X.509 which makes use of certificates Issued by a Certification Authority (CA), containing: version, serial number, signature algorithm identifier, issuer X.500 name (CA), name of the CA that created and singed this certificate and period of validity etc. We also talked about one way, two way and three way authentication in X.509

4 Summary of the Previous Lecture

5 Outlines of today’s lecture We will talk about SET (Secure Electronic Transaction) SET  Participants  Requirements  Features Dual Signature Signature verification

6 Objectives You would be able to present an understanding of transaction that is carried out over the Internet. You would be able demonstrate knowledge about different entities and their role in a SET

7 Secure Electronic Transactions (SET) Open encryption & security specification To protect Internet credit card transactions Developed in 1996 by Mastercard, Visa Not a payment system Rather a set of security protocols & formats secure communications amongst parties Provides trust by the use of X.509v3 certificates Privacy by restricted info to those who need it

8 SET Participants Interface b/w SET and bankcard payment network e.g. a Bank Provides authorization to merchant that given card account is active and purchase does not exceed card limit Must have relationship with acquirer issue X.509v3 public-key certificates for cardholders, merchants, and payment gateways

9 SET Requirements Provide confidentiality of payment and ordering data. (SET uses encryption to provide confidentiality) Ensure the integrity of all transmitted data: (DS are used to provide integrity) Provides authentication that card holder is a legitimate user of a card and account: (A mechanism that links the card holder to a specific account no. reduces the incident of fraud. Uses DS and certificate for verification) Facilitate and encourage interoperability among software and hardware providers

10 Cont. Provides authentication that a merchant can accept credit card transactions through its relationship with a financial institution: cardholders should be able to identify merchant. DS and certificates can be used. Ensure the best security practices and system design techniques to protect all legitimate parties Create a protocol that neither depends upon the transport security mechanism nor prevents their uses

11 SET Key features Confidentiality of information Integrity of data Card holder account authentication Merchant authentication

12 SET Transaction 1. Customer opens account such as MasterCard or Visa 2. Customer receives a certificate a) After verification receive an X.509v3 certificate sign by bank b) Establish relation between the customer's key pair and his or her credit card 3. Merchants have their own certificates a) Two certificates, for signing message and for key exchange b) Also has the payment gateway's public-key certificate 4. Customer places an order a) Browsing Merchant's Web site to select items and determine price b) customer then sends a list of the items to be purchased to the merchant c) Merchant returns an order form containing the list of items, their price, a total price, and an order number

13 Cont. 5. Merchant is verified (by customer) a) With Order form, merchant sends a copy of its certificate b)Customer can verify that he/she is dealing with a valid store through that certificate 6. Order and payment are sent (with customer’s certificate) a) Customer sends both order and payment information to the merchant with the customer's certificate b) Order confirms the purchase of the items in the order form and payment contains credit card details. c) The payment information is encrypted, cannot be read by the merchant. d) Customer's certificate enables merchant to verify customer. 7. Merchant requests payment authorization a) Merchant sends the payment information to the payment gateway requesting for authorization

14 Cont. 5. Merchant confirms order a) Merchant sends confirmation of the order to the customer 6. Merchant provides goods or service 7. Merchant requests payment

15 Dual Signature Customer creates dual messages order information (OI) for merchant payment information (PI) for bank Neither party needs details of other But must know they are linked Use a dual signature for this signed concatenated hashes of OI & PI DS=E(PR c, [H(H(PI)||H(OI))]) where PR c Customer Private Key

16 Why dual signature Suppose that the customers send the merchant two messages a signed OI and a signed PI, The merchant passes the PI on to the bank. If the merchant can capture another OI’ from this customer, the merchant could claim that this OI’ goes with the PI rather than the original OI. The linkage in dual signature prevents this

17 Construction of Dual Signature

18 Signature verification Merchant possess DS, OI, message digest of PI (PIMD) and public key of customer, can compare the following two quantities H(PIMS||H[OI]) and D(PUc, DS) If both are equal merchant has verified the signature Bank possess DS, PI, message digest of OI (OIMD) and customer public key, can compute H(H[OI]||OIMD) and D(PUc, DS) DS=E(PR c, [H(H(PI)||H(OI))])

19 Payment Processing A. Purchase request B. Payment authorization C. Payment capture

20 Summary In today’s lecture, we talked about SET (Secure Electronic Transaction) We have seen its functionality and how different entities are involved to make a transaction secure and successful.

21 Next lecture topics Our discussion on SET will continue and we will discuss A. Purchase request B. Payment authorization C. Payment capture

22 The End

Download ppt "Network Security Lecture 26 Presented by: Dr. Munam Ali Shah."

Similar presentations

Internet payment systems

Internet payment systems
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-

SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-
Chapter 8 Web Security.

Chapter 8 Web Security.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
Supporting Technologies III: Security 11/16 Lecture Notes.

Supporting Technologies III: Security 11/16 Lecture Notes.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.

BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET)
1 Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats –integrity –confidentiality.

1 Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats –integrity –confidentiality.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Similar presentations

Ads by Google