Making Commerce Safe D. Crocker Brandenburg Consulting +1 408 246 8253 [email protected] – Preliminary – Not for distribution

Making Commerce SafeMaking Commerce SafeMaking Commerce SafeMaking Commerce Safe

D. CrockerD. CrockerBrandenburg ConsultingBrandenburg Consulting

+1 408 246 8253+1 408 246 [email protected]@mordor.stanford.edu

– Preliminary –Not for distribution

© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 2

Boldly go...Boldly go...Boldly go...Boldly go...

Internet was– Small (sort of)(sort of)– Friendly (very)(very)– Open– Casual

Internet has become– Huge (every body/where)(every body/where)– Competitive – Closed andand open– Casual andand formal

Where no public network has gone before...Where no public network has gone before...

Commerce changes things


Internet for Internet for commerce?commerce?Internet for Internet for commerce?commerce? Strong pressures emerging– Businesses now online– Reduced access costs– Global “reach”


Operating a global Operating a global InternetInternetOperating a global Operating a global InternetInternet Scaling– A chicken in every pot!

Security–Military vs. commercial vs. personal

Management– Interconnection interoperability– Sometimes always


Professional Professional operationsoperationsProfessional Professional operationsoperations

Old news!– Internet commercial since 1990

For professional operation, use professional provider– However, inter-provider management

warrants improvement


Basic algorithmsBasic algorithmsBasic algorithmsBasic algorithms

MsgMsg MsgMsg

MsgMsg

MsgHashMsgHash++ ++ ŸŸ++ KeyKeyPRIV-ORIGPRIV-ORIGKeyKeyPRIV-ORIGPRIV-ORIG

DigitalDigitalSignaturSignaturee

DigitalDigitalSignaturSignaturee

+ + KeyKeyDATADATA+ + KeyKeyDATADATA ŸŸ EncryptEncryptDataDataEncryptEncryptDataData

MsgHashMsgHash

+ + KeyKeyDATADATA+ + KeyKeyDATADATA+ KeyKeyPUB-RECIPPUB-RECIP KeyKeyPUB-RECIPPUB-RECIP

Integrity Authentication (sign)

Privacy (seal)

ŸŸŸŸ EncryptEncryptKeyKeyEncryptEncryptKeyKey

When do you need each? ...not always!When do you need each? ...not always!


Security choicesSecurity choicesSecurity choicesSecurity choices

Trusted paths– Simple fall-back

Symmetric keys– Doesn’t scale

Asymmetric keys– Patent licensing– Computational overhead


Where to put Where to put security?security?Where to put Where to put security?security?

My objectMy objectMy objectMy objectObjectObject TransportTransport

SecureSecure

My objectMy objectMy objectMy object

FTPFTPEMailEMail

Web Web

SecureSecure

My objectMy objectSecureSecure

My objectMy object

EMailEMail

My objectMy objectMy objectMy objectMy objectMy objectMy objectMy object

Web SecurityWeb Security

Web ServerWeb Server

Web ServerWeb Server

MTAMTA

MTAMTA

EMail SecurityEMail Security


Transport security Transport security protocolsprotocolsTransport security Transport security protocolsprotocols

IPSEC IP-level labeling

Kerberos (MIT) Third-party service

S-KEY Pairwise login

S-HTTP (EIT) Negotiate specifical object wrapper security

SSL (Netscape) Client-server link

STT (Microsoft) (TBD)


Object security Object security protocolsprotocolsObject security Object security protocolsprotocols MOSS (was PEM)

– MIME Object Security Service - IETF– RSA + DES– Global, formal key certification hierarchy

PGP– Pretty Good Privacy - Phil Zimmerman– RSA + IDEA– Informal, personal, direct certification

S/MIME– Private, consortium effort– Product “plans”– Specification – http://www.rsa.com


What is business?What is business?What is business?What is business?

R&D– Search, browse– Test– Coordinate

Support– Discuss– Info push

Marketing– Targeted info push– Survey

Sales– Negotiate– Order, bill, payOrder, bill, pay– Deliver


““Commerce” businessCommerce” business““Commerce” businessCommerce” business

Providing infrastructure support for commerce– EDI VAN– Interface to payment/bank service– Digital cash– Electronic notary– Online market/brokerage


Styles of commerceStyles of commerceStyles of commerceStyles of commerce

Receiver pull– Interactive sessions– Individual, foreground refinement

Sender push–Messaging– Bulk, background distribution

(Mark Smith, Intel)(Mark Smith, Intel)


Bilateral vs. globalBilateral vs. globalBilateral vs. globalBilateral vs. global

On-going relationships – Special arrangements ok

(awkward)(awkward) One-time exchange– “Casual” commerce– Needs simple use

(difficult)(difficult)– Needs standard(s) solutions


Human interactionHuman interactionHuman interactionHuman interaction

R&D, marketing, support–Mostly discussion or bulk transfer– Often ok to have no security,

otherwise Mild sign and/or seal is plenty

–Works well today


EComm classic – EDIEComm classic – EDIEComm classic – EDIEComm classic – EDI

Multiple EDI transports already– Internet is one more

EDI/MIME, proposed standard– Use MIME-based security


Payment system Payment system model model Payment system Payment system model model

BuyerBuyer

MerchantMerchant

Issuing Issuing BankBank

Acquiring Acquiring BankBank

ClearingClearingHouseHouse

16+416+4

M. Rose, FV M. Rose, FV


Payment system Payment system issues issues Payment system Payment system issues issues Transaction category “card not

present” – For all bankcard approaches for Internet

Issues– Knowing buyer/merchant authorized– Avoiding third-party interception– Interchange, assessment, fees– Retrievals, chargebacks, etc.

Risk management


Payment system Payment system efforts efforts Payment system Payment system efforts efforts Commercenet http://www.commerce.net

First Virtual Holdings http://www.fv.com

CyberCash http://www.cybercash.com

OpenMarket http://www.openmarket.com

Netmarket http://www.netmarket.com

Netscape http://www.netscape.com

DigiCash http://www.charm.net/~ibc/ibc2/softw_ag.html


Scheme “Clear”Scheme “Clear”Scheme “Clear”Scheme “Clear”


BuyerBuyer

MerchantMerchant

16+416+4in the clear!in the clear!

Just trust the net...Just trust the net...Easy to capture Easy to capture and replay.and replay.


Scheme “ID”Scheme “ID”Scheme “ID”Scheme “ID”


BuyerBuyer

MerchantMerchant

16+416+4

IDID

ID ID

16+416+4

StillStill trust the net, until trust the net, untilthe next statement...the next statement...Easy to capture and replay. Easy to capture and replay.


Scheme “ID confirm”Scheme “ID confirm”Scheme “ID confirm”Scheme “ID confirm”


BuyerBuyer

16+416+4

ID ID ID ID

ConfirmConfirm

ID ID MerchantMerchant

Each transactionconfirmed.Requires mildlyRequires mildlysafe user account.safe user account.


Scheme “Secure link”Scheme “Secure link”Scheme “Secure link”Scheme “Secure link”


BuyerBuyer

MerchantMerchant

Encrypted Encrypted 16+416+4

16+416+4

Same a telephone, Same a telephone, but but encrypt over encrypt over Internet.Internet.Merchant gets Merchant gets number. number. Is merchant safe??Is merchant safe??


Scheme “MediatedScheme “MediatedScheme “MediatedScheme “Mediated


BuyerBuyer

MerchantMerchant

Encrypted Encrypted 16+416+4

Encrypted 16+4

Encrypted 16+4

Only banks sees datain clear.Limited points of Limited points of attack.attack.


Create moneyCreate moneyCreate moneyCreate money

Private buyer and seller transaction – http://www.charm.net/~ibc/ibc2/softw_ag.html

Digicash, Netcash, ...– Use public key cryptography

User generates note for bank to sign Bank debits user account Merchant checks signature Bank redeems note; credits merchant

– Buyers anonymous


SummarySummarySummarySummary

Interesting times ahead Internet commerce is real– but still formative– very fragmented–moving aggressively

Documents

Making Commerce Safe D. Crocker Brandenburg Consulting +1 408 246 8253 [email protected] – Preliminary – Not for distribution