Upload
truongxuyen
View
219
Download
0
Embed Size (px)
Citation preview
UNIVERSITI PUTRA MALAYSIA
AN AUTHENTICATION METHOD FOR SECURE INTERNET TRANSACTION USING SMART CARD AND SECURE
COPROCESSOR
MUSTAFA ABDSALAM AYAD
FK 2002 4
AN AUTHENTICATION METHOD FOR SECURE INTERNET TRANSACTION USING SMART CARD AND SECURE COPROCESSOR
By
MUSTAFA ABDSALAM AYAD
Thesis Submitted in Fulfillment of the Partial Requirement for the Degree of Master of Science in the Faculty of Engineering University Putra Malaysia
July 2002
Abstract of thesis presented to the Senate of University Putra Malaysia in fulfil lment of the partial requirement for the degree of Master of Science
AN AUTHENTICATION METHOD FOR SECURE INTERNET TRANSACTION USING SMART CARD AND SECURE COPROCESSOR
By
MUSTAFA ABDSALAM AYAD
July 2002
Chairman V. Prakash, Ph. D.
Faculty Engineering
Authentication is the process of confirming an identity. In the context of
network interactions, authentication involves the confident identification of one
party by another party. Authentication of users in distributed systems poses
special problems because, users lack the ability to encrypt and , decrypt. In
most systems today, the user is forced to trust the node he wants to use. In a
more satisfactory design , the user carries a smart card with sufficient
computing power to assist him. This thesis deals with relatively new methods
of authentication using a smart card and secure coprocessor. We analyze two
cases to authenticate a client, depending on the smart card usage. The major
attacks that affect the smart card and the server are applied to our proposed
methods of authentication. The result shows that using the proper system
preparation and proper authentication sequence for our methods the effects
could be minimized .
iii
Abstrak tesis yang d ikemukakan kepada Senat Universiti Putra Malaysia untuk memenuhi keperluan ijazah Master Sa ins
KAEDAH AUTENTIKASI BAGI TRANSAKSI INTERNET YANG SELAMAT MENGGUNAKAN KAD PINTAR DAN PROSESOR BERSAMA YANG
SELAMAT
Oleh
MUSTAFA ABDSALAM AYAD
Pengerusi : V. Prakash,Ph.D.
Fakulti : Kejuruteraan.
Julai 2002
Pengesahan adalah suatu proses pemastian identiti . Di dalam konteks
perhubungan menggunakan rangkaian, pengesahan melibatkan pemastian
identiti suatu pihak oleh pihak yang d ihubungi . Pengesahan oleh pengguna
di dalam sistem teragih mempunyai masalah tersendiri disebabkan pengguna
tidak boleh penyulitan dan menyah sulitan. Kebanyakan sistem pada masa
ini terpaksa mempercayai pelayan yang ingin d igunakan. Reka bentuk yang
lebih memuaskan ialah pengguna menggunakan kad pintar untuk membantu
membuat pengluomputan pengesahan. Tesis ini mengemukakan kaedah
baru untuk pengesahan dengan menggunakan kad pintar dan pembantu
pemproses keselamatan. Kami menganalisa dua kes untuk pengesahan
pengguna, bergantung kepada penggunaan kad pintar. Serangan
d ilaksanakan ke atas kaedah ini yang cuba mengkompromi kad pintar dan
pelayan. Keputusan menunjukkan bahawa dengan pengasingan serta
turutan pengesahan yang betul , keberkesanan serangan boleh dikurangkan
ke tahap yang minima.
iv
ACKNOWLEDGEMENTS
I wish to thank my supervisor, Dr. V. Prakash, for the guidance that he
managed to extend to me during my Master study, and for his efforts to
provide a good research environment, which made this thesis possible.
I am no less grateful to the other committee members Puan Wan Azizun,
Puan Norkamariah Nordin, who were kind enough to read and comment on
my work.
I am grateful to the researchers at Wireless Research Group, Department of
Computer and Communication, for their helpful d iscussion
Last but certainly not least, I wish to thank my wife Hasna and my brother
Khaled for having supported me in such a stable and loving environment,
which has enabled me to come so far.
v
I certify that an Examination Committee met on 15th July 2002 to conduct the final examination of Mustafa Abdsalam Ayad on his Master of Science thesis entitled "An Authentication Method for Secure Internet Transaction Using Smart Card and Secure Coprocessor" in accordance with Universiti Pertanian Malaysia (Higher degree) Act 1980 and Universiti Pertanian Malaysia (Higher Degree) Regulations 1981. The Committee recommends that the candidate be awarded the relevant degree. Members of the Examination Committee are as follows:-
ABDUL RAHMAN RAMLI , Ph. D. Faculty of Engineering Universiti Putra Malaysia (Chairman)
V. PRAKASH , Ph.D. Faculty of Engineering, Universiti Putra Malaysia (Member)
WAN AZIZUN WAN ADNAN, Faculty of Engineering , Universiti Putra Malaysia (Member)
NOR KAMARIAH NOORDIN , Faculty of Engineering, Universiti Putra Malaysia (Member)
SHAMSHER MOHAMAD RAMADILI, Ph.D, ProfessorlDeputy Dean School of Graduate Studies, Universiti Putra Malaysia
Date: 3 0 .lUI. 2002
vi
This Thesis submitted to the Senate of Universiti Putra Malaysia has been was accepted as fulfillment of the partial requirements for the degree of Master of Science.
vi
-
AIN I IDERIS, Ph.D, Professor/Dean School of Graduate Studies, Universiti Putra Malaysia
Date: 1 a SEP 2002
DECLARATION FORM
I hereby declare that the thesis is based on my original work except for quotation and citations, which have been duly acknowledged. I also declare that it has not been previously or concurrently submitted for any other degree at UPM or other institutions.
viii
TABLE OF CONTENTS
Page
DEDICATION . . . . . , . . . . . . . . . . . . . , . . . . '" . . . . . . . . . . . , . . . ... . . . . . . . . , . . . . . . . . . . . . . . . . . . , . . . . . . . ii ABSTRACT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i i i ABSTRAK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. iv ACKNOWLEDGEMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v APPROVALSHEETS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi DECLARATION FORM . . . . . . . , . . . . . . . . , . . . . . . . . . , . . . . . . . . . . . . . , . . . . . . . . , . . . . . . . . . , . . . . . . vii i LIST OF TABLES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi LIST OF FIGURES . . . . . . . . . . . . . . . . . , . . . . , . . . . . . . . ,. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv LIST OF ABBREViATIONS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
CHAPTER 1 INTRODUCTION . . . . . , . . . . , . . . . . . . . . . . . . . . . . . , . . . . . . . . , '" . , . . . . . . . . . . . . . . . . . . . . 1
1 . 1 An Overview . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . . . . . . . , . . . . . . . " . . . . . . . . . . . . . . , . 1 1 . 1 . 1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1 .2 Threats in Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1 .2 . 1 Network Security Issues . . . . , . . . . . . . . , . . . . '" . . . . . . . . . . . , . . . . ,. . . . . 5 1 .2.2 Security Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1 .3 Inter-Networks (I nternets) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1 .3. 1 Internet Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 0 1 .3.2 Tasks to Avoid the above Listed Threats. . . . . . . . . . . . . . . . . . . . . . 1 2
1 .4 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 1 .5 Research Objective . . . '" . . . . . . . . . . . . . . . . . , . . . . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . . 1 4 1 .6 Outline of the Thesis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 5
2 LITERATURE REViEW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 6 2. 1 Authentication Systems . . . . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 6
2 . 1 . 1 Authentication Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 6 2.2 Password-Based Authentication. . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . 21
2.2. 1 Storing User Passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.2.2 Address-Based Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 2.2.3 Cryptographic Authentication Protocols . . . . . . . . . . . . '" . . , 24
2.3 Eavesdropping and Server Database Reading . . . . . . . . . . . . . . . . 25 2.4 Trusted I ntermediaries . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.4. 1 Key Distribution Center (KDC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 2.4.2 Certification Authorities (CAs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 2.4.3 Problem with both KDCs and CAs. . . . . . . . . . . . . . . . . . . . . . . . 29 2.4.4 Multiple KDC Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.5 Autt.entication of People. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.5 . 1 Password-Related Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.5 .2 A Login Trojan Horse to Capture Passwords . . . . . . . . . . . , 32 2.5.3 Authentication Tokens . . . . . . . . . . .. . . . . . . . . . . . . . . . .. . . . . . . , . . . . . 33
2.6 Security Handshake Pitfalls . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
ix
2.6. 1 Login Only. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . 34 2.7 Mutual Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2.7. 1 Reflection Attack . . . . . . . . . . . . . .. '" . . . . . . . . . . . . . . . . . . . . . . , . . . . . , 38 2.7.2 Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . . . . . . . . . . . . 39
2.8 Mediated Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 40 2 .8 .1 Needham-Schroeder Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2.9 Smart Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 43 2.9 . 1 Contact vs. Contact-Less I nterfaces . . . . . . . . . . . . . . , . . . . . . 44 2.9.2 Types of Smart Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' " . . . . . 44 2.9.3 Cryptographic Smart Card . . . . . . . . . . . . . . , . . . . . , . . . . . . . . . . . . 45 2 .9.4 Classes of Attacks on Security Modules . .. . . . . . . . . . . . . 49 2.9.5 Tamper Resistance versus Tamper Evidence . . . . . . . . 50 2.9.6 Smart Card Threat . . . . . . . . . . . , . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . 55 2.9.7 Classes of Attack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 2.9.8 Trans-Formation, or Impersonation Attacks. . . . . . . . . . . 58
2. 1 0 Secure Coprocessor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 2. 1 0. 1 Secure Coprocessor Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 2. 10.2 Secure Coprocessors Counteract Threats. . . . . . . . . . . . . 62 2. 1 0.3 Security Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 2. 1 0.4 Some of Secure Coprocessor Applications. . . . . . . . . . . . 64
2. 1 1 Various Authentication Protocols . . . . . . . . . . . . . . . . . , . . . . . , . . . . . . . . . . . 66 2. 1 1 . 1 SSL Protocol. . . . . . . . . . . . . . . . . . . . , . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . 66 2.1 1 .2 SET Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
2. 1 2 Server Security . . . . . . . . . . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . , . . . . . , 88 2. 1 2. 1 Server Attacks . . . . . . . . . . . . . . , . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
3 METHODOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 3. 1 System Preparation . . . . . . . . . . . . . . . . . . . . . . , . . . . . , . . . . . . . . . . . . , . . . . . . . . . . . 91
3. 1 . 1 Central Repository Preparation . . . . . . . . . . . . . . . . . . . . . : . . . . . . 91 3. 1 .2 Smart Card Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 3. 1 .3 Workstations Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 3. 1 .4 Central Repository Contents and Functions . . . . . . . , . . . . 96 3. 1 .5 Workstation Contents . . . . . . . . . . , . . . . . , . . . . . . . . . . . . , . . . . . , . . . . . 97
3.2 The Central Repository Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 3.2 . 1 Authentication of the User to the Central Repository,
Which Issues his Smart Card Case 1 . . . . . . . . . . . . . . . . . . . . 98 3.2.2 Authentication of the User to the CR that Connected
to the Issuer CR Case 2 . . . . . . . . . . . . . . . . . . . . , . . . . . , . . . . . . . . . . . . 1 04 3.3 Method ( 1 ) Using Virtual channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 06 3.4 Method (2) Using Intermediate Central Repository. . . . . . . . . . . . . 1 1 0 3.5 Implementation of Authentication Methods . . . . , . . . . . . . . . . . . . . . . . . 1 1 3
3 .5 .1 Hardware Requirement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 3 3.5.2 Software Requirement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 4 3.5.3 Flow Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 6
3.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . '" . . . . . . . . . 1 1 9
4 RESULTS and DiSCUSSiON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 20 4 . 1 Smart Card and Secure Coprocessor Functions and Usage. . . 1 21 4.2 The Affect of Major Attacks on (Case 1 ) . . . . , . . . . . . , . . . . . , '" . . . . . . . . 1 22
4.2. 1 Micro Probing . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . 1 22
x
4.2.2 Eavesdropping . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . 1 23 4.2.3 Software Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 23 4.2.4 Fault Generation . . . . . . ' " . . . . . . . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 24 4.2.5 Attacks by Card Issuer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 24 4.2.6 Attacks by the Reader Against the Cardholder
or Data owner . . . . . . . . . . . . . , . . . . . . . . . . . . . . . . . . , . . . . . . . . . . . . . . . . . . . . 1 24 4 .2.7 Attacks by the Cardholder Against the Reader . . . . , . . . . . . 1 25 4.2.8 Attacks by the Cardholder Against the Data Owner. . . . . 1 25 4.2.9 Attacks by the Cardholder Against the Issuer. . . . . . . . . . . . . 1 26 4.2. 1 0 Effect of Impersonation Attacks . . . . . . . . . . ,. . . . . . . . . . . . . . . . . . . . 1 26
4.2. 1 0. 1 Attacks by Third Parties Using Stolen Cards 1 26 4.2 . 1 0.2 Compromised Workstation Attacks. .. . . . . . . . . . . . . 1 27
4.2. 1 1 Reflection Attack . . . . . . . . . . . , . . . . . . . . . . . . . . . . . , . . . . . . . . . '" . . . . . . . . 127 4.3 The Affect of Major Attacks on (Case 2) . . . . . . . " . . . . . . . . . . . . . . . . . . . 1 28 4.4 SSL, SET and their Disadvantages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 30
5 CONCLUSION . . . . . . . . . . . . . . . . . . . . . . . . '" . . , . . . . . . . . , . . . . . . . . , '" . , . . . . . . . . . . . . . . . 1 35
5. 1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 35 5.2 Suggestions for Future Work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 36
REFERENCES .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 37 BIODATA OF THE AUTHOR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 43
xi
LIST OF TABLES
Table Page
1 Credit Card Statistics- VISA and MasterCard . . . . . . . . . . . . 4
2 Comparison of MD5, SHA-1 , and RIPEMD-160. . . . .. . . . 20
3 Cryptographic Card Model 330 Performances . . . . . . . . . . . . 49
xi
LIST OF FIGURES
Figure Page
1 . 1 Unclear Network Boundaries . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . 8
2. 1 Encryption and Decryption with a Key. . . . . . . . . . . . . . . . . . . . . . . . 1 7
2.2 Encryption and Decryption with Public and Private Keys. 1 8
2.3 IP ( Internet Protocol) Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.4 Cryptographic Operation . . . . , . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . 25
2.5 Protocol 1 , Fiddlesticks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.6 Protocol 2, Computing Cryptographic Function . . . . . . . . . . . . . . 27
2.7 KDC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.8 Two KDCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.9 Protocol 3. . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2. 1 0 Protocol 4 , A authenticates B Based on his Public key
Signature . . . '" . . . . . . . . . . . . '" . . . . . . . . . . . , . . . . . . . . . . . . . . . . ,. . . . . . . . . . ... . . 35
2 . 1 1 Protocol 4. 1 , Another Variation of Original Protocol . . . . , . . . . 36
2. 1 2 Protocol 5 , Mutual Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2 . 1 3 Protocol 6, Optimized Mutual Authentication . . . . , . '" . . . . . . . . . 37
2 . 1 4 Protocol 7, Beginning of Reflection Attacks . . . . . . . . . . . . . . . . . . . . 38
2. 1 5 Protocol 8, Second Session of Reflection Attack . . . . . . . , . . . . . 38
2. 1 6 Protocol 9 , Mutual Authentication with Public Keys. . . . . . . . . 39
2. 1 7 Protocol 1 0, KDC Operation in Principle. . . . . . . . . . . . . . . . . . . . . . . . 41
2. 1 8 Protocol 1 1 , KDC Operation in Practice . . . . . . . . . . . . . . . . . . . . . . . . . 41
2. 1 9 Protocoi 12 , Needham-Schroeder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
2.20 Block Diagram of a Cryptographic Card, Chip Contents . . . 46
xiii
2.21 Secure Coprocessor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
2.22 SSL runs above TCP/IP and below high-level application . . . 67
2.23 How a Netscape server authenticates a client certificate . . 73
2.24 Netscape server authenticates a client certificate . . . . . . . . ... . 76
2.25 Shows the participants in the SET system. . . . . . . . . . . . . . . . . . . . . 79
2.26 Construction of dual signature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
2.27 Cardholder sends purchase request. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
3 . 1 Loading and Computing Cryptographic Checksum. . . . . . . . . 94
3.2 Server and Workstations Communication . . . . . . . . . . . . . . . . . . . . . 97
3.3 User A Authenticates the Issuer Central Repository. . . . . . . . . 98
3.4 Hashed Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 00
3.5 Key Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 02
3.6 Steps of Authentication of Case 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 04
3.7 Authentication Using Virtual Channel . . . . . . . . . . . . . . . . . . . . . .. . . . . . 1 09
3.8 Method (2) , Using Intermediate Central Repository . . . . . . . . . . 1 1 0
3.9 Flow Chart Case 1 . . . . . . . . . . . ' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 6
3. 1 0 Flow Chart Case 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 7
xi
LIST OF ABBREVIATIONS
ACL Access Control List
ATM Automatic Tal ler machine
CA Certification Authority
CBC Cipher Block Chaining
CC Cryptographic Checksum
CIA Central I ntelligence Agency
CPU Central Processing Unit
DES Data Encryption Standard
ON Distinguished name
DSA Digital Signature Algorithm
DSS Digital Signature Standard
ECB Electronic Code Book
FAT File Allocation Table
F IPS Federal Information ProceSSing Standard
FLs Financial Institutions
H (M) Hash Code for Message M
HTTP Hyper Text Transport Protocol
IMAP Internet Messaging Access Protocol
ISO International Standard Organization
KDC Key Distribution Center
KEA Key-exchange algorithms
KGB Russian Equivalent of the CIA
KLP Key Loader Program
xv
LDAP
MD4
MD5
NCL
01
OIMD
PI
PIMD
PKCS
PKI
ROM
RSA
RSA
SIN
SET
SHA
SSL
TCPIIP
VLSI
Lightweight Directory Access Protocol
Message-Digest Algorithm 4
Message-Digest Algorithm 5
National Consumer's League
Order Information
Order Information Message Digest
Payment Information
Payment Information Message Digest
Public key Cryptography Standard
Public Key Infrastructure Functions
Read only Memory
(Rivest, Shamir and Adleman)
A public key Cryptographic Algorithm Named for its Inventors
Serial Number
Secure Electronic Transaction.
Secure Hash Algorithms
Secure Sockets Layer
Transmission Control Protocolllnternet Protocol
Very Large Scale Integration
xv
1 .1 An Overview
CHAPTER 1
INTRODUCTION
Security in networks of computers is an important issue, although networks
raise new issues in security, famil iar topics appear in the list of solutions to
network security problems. The problems are loss of confidentiality, integrity,
and avai lability. The solutions to these technologies include, encryption,
access controls, strong authentication, and protocols. In fact, networks can be
viewed as more complex example of computing systems. Threats arise at
d ifferent points based on different technologies, so that many program
development and operating system security concepts and controls apply to
networks as well . Computer networks offer several advantages over single
processor systems, such as:
1 . Resource Sharing. Users of a network can access a variety of
resources through the network. Sharing databases, data and program
files, and other resources reduces maintenance and storage costs while
providing each user with improved access.
2. Distributing the Workload. The use of single system varies as users join
and leave a system. The degree of fluctuation of workload for a single user
can be moderated in a network, so the workload can be shifted from a
heavily loaded system to an underused one.
3. Increased Reliability. Because a computing network consists of more
than one computing system, the fai lure of one system or just one
component need not necessarily block users from continuing to compute.
If similar systems exist, users can move their computing to other systems
when one system fails.
4. Expandability. Network system can be expanded easily by adding new
nodes. This expansion of user-base can occur without the manager of any
single system having to take special action {Pfleeger 1 997}.
Computing networks have similar characteristics. The network must ensure
integrity of data, secrecy of data and availabil ity of services. Each user
accesses the network through a single operating system, which also includes
network interface responsibilities. Users sti l l expect the operating systems to
enforce the security pOlicies of the network. However, in a network the
operating systems at the two ends of the communication, as well as the
operating systems of al l computers in between, must cooperate to enforce
security (PfJeeger 1 997) .
1 .1 .1 Motivation
The security of credit card transactions remains the number one concern both
for Internet users who have yet to make an online purchase, and for those
who have performed an online transaction. The US National Consumer 's
League Internet Fraud Watch (NCL) has reported that American consumers
2
lost over $3.2 million to online scams in 1 999, a 38 percent increase over the
previous year. The vast majority of cases reported to the NCL involved
payments by cheque or money order, with credit card transactions accounting
for only three percent of cases. An online survey in January, March 2000
found that 41 percent of regular Internet users had shopped online two to four
times, whi le 22 percent had made one online purchase. Significantly, 1 9
percent had made over 1 0 online transactions. Due to continued strong
growth i n the number of Internet users, it seems likely the total number of
people shopping online and the proportion of frequent shoppers will continue
to i ncrease. Internet-related fraud is certainly a matter for concern, and
authorities around the world are active in combating a range of illegal
activities being conducted over the Internet. One of the most widely publicized
cases of credit card fraud occurred in the US, where a group of web-based
companies made smal l , recurrent charges to hundreds of thousands of credit
cards (Phantom Menace 2001 , Meridien Research 2001 ) .
I mprovements in security and encryption technology will make it more d ifficult
for crim inals to intercept online transactions. Both Netscape Navigator and
Microsoft Internet Explorer use Secure Sockets Layer (SSL) to encrypt data
before sending it over the Internet. SSL scrambles personal data and provides
an unbroken key or lock that appears in the bottom of the browser window.
This technology provides a secure connection that keeps data private during
transmission over the Internet, however it does not authenticate the parties at
either end of the transaction.
3
Table 1: Credit Card Statistics- VISA and MasterCard.
As at Fiscal No. of Cards No. of # Of Cards No. of Cards $ Amount Year Ending in Accounts with Reported Fraudulently of Oct. 31. Circulation balance Lost or used. Fraudulent
(Millions). (Millions). Stolen. Accounts written off (millions).
1 985 1 4.0 7.3 330,380 21 ,026 $1 7.54 1 986 1 5.5 7.9 378,239 22,326 $1 8.61 1 987 1 7.6 8.8 408,239 23,91 3 $1 5.78 1 988 1 9.4 9.5 460,348 25,773 $1 5.63 1 989 20.4 1 0.3 522,204 30,91 9 $1 9.20 1 990 23.2 1 1 . 1 520,716 32,851 $28.90 1 991 24.3 1 1 .8 623,946 53,968 $44.60 1 992 24.4 1 2.2 650,088 61 ,234 $63.50 1 993 25.0 1 2.4 674,988 63,442 $75.20 1 994 27.5 1 3.2 731 ,052 63,635 $70.60 1 995 28.8 1 3.6 648,824 66, 1 09 $72.64 1 996 30.2 14. 1 794,996 77,740 $83.63 1 997 31 .9 15.0 858,625 89,982 $88.08 1 998 35.3 1 6.0 895,81 7 1 26,384 $1 04.80 1 999 37.7 1 7.3 823,934 1 32,836 $1 34. 1 0 2000 40. 1 1 8.5 805,580 1 1 2,070 $156.38 2001 44. 1 1 9.6 81 3,624 1 1 6, 1 39 $1 42.27
VISA International and MasterCard International , with support from many of
the world 's top financial institutions, are presently working to develop a more
advanced encryption process called Secure Electronic Transaction (SET) .
SET involves a system of digital certificates provided by card issuers, and
encryption. It enables the identity of both merchant and cardholder to be
authenticated, and also ensures that neither the merchant or cardholder 's
bank sees the purchaser's credit card number (Konrad et al . 2000).
As shown in Table 1 , the number of cards in circulation, the number of
accounts with balance, the number of cards reported lost or stolen and the
numbers of cards fraudulently used are increased as the years going on from
4
1985-2001. The number of cards fraudulently used at 1985 is 21,026 cards,
while it is 116,139 at 2001 (Canadian Bankers Association 2001).
Enhancement of authentication protocols and encryption technology improved
the security and makes it more difficult for hackers to intercept or tamper with
online transactions. We propose the use of smart card and secure
coprocessor to provide a highly secure environment for the Internet
transactions. Two methods of authentication are proposed in this thesis,
which can provide a secure environment for handshaking and secure
transaction processing .
1 .2 Threats in Networks
I n the fol lowing sections we look to network security issues and reasons for
network security problems, and security threats considering damage to
confidentiality, integrity and availabil ity, and then looking to many ways to
accomplish threats to the network.
1 .2.1 Network Security Issues
Networks have several security problems for several reasons. In the next
sections we wil l explain each of the reasons, which are causing the network
security problems.
5
1 .2.1 .1 Sharing
Because of the resource sharing of networks, more users have the potential
to access networked systems than single computers. Perhaps worse access
is afforded to more systems, therefore access controls for single systems may
be inadequate in the networks.
1 .2.1 .2 Complexity of System
As we know that an operating system is the most complicated piece of
software ever produced. Reliable security is difficult if not possible on large
operating system, especially one not designed for security. A network
combines two or more dissimilar operating systems. Therefore, a network
operating system/control system is l ikely to be more complex than an
operating system for single computer system. This compl�xity l imits
confidence in the security of a network.
1 .2.1 .3 Unknown Perimeter
The expand abil ity of a network also implies uncertainly about the network
boundary. One host may be a node on two different networks, so that
resources on one network are accessible to the users of other networks as
well . Although wide accessibi lity is an advantage, this unknown or
uncontrolled group of possibly malicious users is a security disadvantage. A
similar problem occurs when new hosts can be added to the network. Every
6
network node must be able to react to the possible presence of new,
untrustable hosts. Figure 1 . 1 points out the problems in defining the
boundaries of a network. Notice that, users on a host in network D may be
unaware of the potential connections from users of networks A and B .
1 .2.1 .4 Many Points of Attack
A simple computing system is a self-contained unit. Access controls on one
machine preserve the secrecy of data on that processor. However, when a fi le
is stored in a network host remote from the user, the fi le may pass through
many hosts to get to the user. Although the administrator of one host may
enforce rigorous security policies, that administrator has no control over other
hosts in the network. The user has to depend on the access control
mechanism of al l of these systems.
1 .2.1 .5 Anonymity
An attacker can mount an attack from thousands of miles away and thus
never have to touch the system attacked or come into contact with any of its
administrators or users. The attack can be passed through many other hosts,
in an effort to disguise from where the attack originated . Finally, computer-to
computer authentication is not the same as for humans to computers; secure
d istributed authentication requires thought and attention to detail .
7
1 .2.1 .6 Unknown Path
There may be many paths from one host to another. Suppose that a user on
one host wants to send a message to user on another host, that message
might be routed through different hosts before arriving at destination host.
Source host may provide acceptable security, but not intermediate nodes.
Network users seldom have control over the routing of their messages.
N etwork A
NetworkB
.,,./
--'''- ... - ..... \
I I I I ,
� J \ .'
\, ___ I-!el�� p _____ . r'
Figure 1 .1 : Unclear Network Boundaries
1 .2.2 Security Threats
We looked at al l the parts of a network; considered damage to confidentiality,
integrity, and availabil ity; and hypothesized the kinds of attack that could
cause this damage.
8