Making Commerce SafeMaking Commerce SafeMaking Commerce SafeMaking Commerce Safe
D. CrockerD. CrockerBrandenburg ConsultingBrandenburg Consulting
+1 408 246 8253+1 408 246 [email protected]@mordor.stanford.edu
– Preliminary –Not for distribution
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 2
Boldly go...Boldly go...Boldly go...Boldly go...
Internet was– Small (sort of)(sort of)– Friendly (very)(very)– Open– Casual
Internet has become– Huge (every body/where)(every body/where)– Competitive – Closed andand open– Casual andand formal
Where no public network has gone before...Where no public network has gone before...
Commerce changes things
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 3
Internet for Internet for commerce?commerce?Internet for Internet for commerce?commerce? Strong pressures emerging– Businesses now online– Reduced access costs– Global “reach”
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 4
Operating a global Operating a global InternetInternetOperating a global Operating a global InternetInternet Scaling– A chicken in every pot!
Security–Military vs. commercial vs. personal
Management– Interconnection interoperability– Sometimes always
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 5
Professional Professional operationsoperationsProfessional Professional operationsoperations
Old news!– Internet commercial since 1990
For professional operation, use professional provider– However, inter-provider management
warrants improvement
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 6
Basic algorithmsBasic algorithmsBasic algorithmsBasic algorithms
MsgMsg MsgMsg
MsgMsg
MsgHashMsgHash++ ++ ŸŸ++ KeyKeyPRIV-ORIGPRIV-ORIGKeyKeyPRIV-ORIGPRIV-ORIG
DigitalDigitalSignaturSignaturee
DigitalDigitalSignaturSignaturee
+ + KeyKeyDATADATA+ + KeyKeyDATADATA ŸŸ EncryptEncryptDataDataEncryptEncryptDataData
MsgHashMsgHash
+ + KeyKeyDATADATA+ + KeyKeyDATADATA+ KeyKeyPUB-RECIPPUB-RECIP KeyKeyPUB-RECIPPUB-RECIP
Integrity Authentication (sign)
Privacy (seal)
ŸŸŸŸ EncryptEncryptKeyKeyEncryptEncryptKeyKey
When do you need each? ...not always!When do you need each? ...not always!
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 7
Security choicesSecurity choicesSecurity choicesSecurity choices
Trusted paths– Simple fall-back
Symmetric keys– Doesn’t scale
Asymmetric keys– Patent licensing– Computational overhead
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 8
Where to put Where to put security?security?Where to put Where to put security?security?
My objectMy objectMy objectMy objectObjectObject TransportTransport
SecureSecure
My objectMy objectMy objectMy object
FTPFTPEMailEMail
Web Web
SecureSecure
My objectMy objectSecureSecure
My objectMy object
EMailEMail
My objectMy objectMy objectMy objectMy objectMy objectMy objectMy object
Web SecurityWeb Security
Web ServerWeb Server
Web ServerWeb Server
MTAMTA
MTAMTA
EMail SecurityEMail Security
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 9
Transport security Transport security protocolsprotocolsTransport security Transport security protocolsprotocols
IPSEC IP-level labeling
Kerberos (MIT) Third-party service
S-KEY Pairwise login
S-HTTP (EIT) Negotiate specifical object wrapper security
SSL (Netscape) Client-server link
STT (Microsoft) (TBD)
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 10
Object security Object security protocolsprotocolsObject security Object security protocolsprotocols MOSS (was PEM)
– MIME Object Security Service - IETF– RSA + DES– Global, formal key certification hierarchy
PGP– Pretty Good Privacy - Phil Zimmerman– RSA + IDEA– Informal, personal, direct certification
S/MIME– Private, consortium effort– Product “plans”– Specification – http://www.rsa.com
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 11
What is business?What is business?What is business?What is business?
R&D– Search, browse– Test– Coordinate
Support– Discuss– Info push
Marketing– Targeted info push– Survey
Sales– Negotiate– Order, bill, payOrder, bill, pay– Deliver
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 12
““Commerce” businessCommerce” business““Commerce” businessCommerce” business
Providing infrastructure support for commerce– EDI VAN– Interface to payment/bank service– Digital cash– Electronic notary– Online market/brokerage
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 13
Styles of commerceStyles of commerceStyles of commerceStyles of commerce
Receiver pull– Interactive sessions– Individual, foreground refinement
Sender push–Messaging– Bulk, background distribution
(Mark Smith, Intel)(Mark Smith, Intel)
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 14
Bilateral vs. globalBilateral vs. globalBilateral vs. globalBilateral vs. global
On-going relationships – Special arrangements ok
(awkward)(awkward) One-time exchange– “Casual” commerce– Needs simple use
(difficult)(difficult)– Needs standard(s) solutions
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 15
Human interactionHuman interactionHuman interactionHuman interaction
R&D, marketing, support–Mostly discussion or bulk transfer– Often ok to have no security,
otherwise Mild sign and/or seal is plenty
–Works well today
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 16
EComm classic – EDIEComm classic – EDIEComm classic – EDIEComm classic – EDI
Multiple EDI transports already– Internet is one more
EDI/MIME, proposed standard– Use MIME-based security
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 17
Payment system Payment system model model Payment system Payment system model model
BuyerBuyer
MerchantMerchant
Issuing Issuing BankBank
Acquiring Acquiring BankBank
ClearingClearingHouseHouse
16+416+4
M. Rose, FV M. Rose, FV
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 18
Payment system Payment system issues issues Payment system Payment system issues issues Transaction category “card not
present” – For all bankcard approaches for Internet
Issues– Knowing buyer/merchant authorized– Avoiding third-party interception– Interchange, assessment, fees– Retrievals, chargebacks, etc.
Risk management
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 19
Payment system Payment system efforts efforts Payment system Payment system efforts efforts Commercenet http://www.commerce.net
First Virtual Holdings http://www.fv.com
CyberCash http://www.cybercash.com
OpenMarket http://www.openmarket.com
Netmarket http://www.netmarket.com
Netscape http://www.netscape.com
DigiCash http://www.charm.net/~ibc/ibc2/softw_ag.html
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 20
Scheme “Clear”Scheme “Clear”Scheme “Clear”Scheme “Clear”
ClearingClearingHouseHouse
BuyerBuyer
MerchantMerchant
16+416+4in the clear!in the clear!
Just trust the net...Just trust the net...Easy to capture Easy to capture and replay.and replay.
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 21
Scheme “ID”Scheme “ID”Scheme “ID”Scheme “ID”
ClearingClearingHouseHouse
BuyerBuyer
MerchantMerchant
16+416+4
IDID
ID ID
16+416+4
StillStill trust the net, until trust the net, untilthe next statement...the next statement...Easy to capture and replay. Easy to capture and replay.
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 22
Scheme “ID confirm”Scheme “ID confirm”Scheme “ID confirm”Scheme “ID confirm”
ClearingClearingHouseHouse
BuyerBuyer
16+416+4
ID ID ID ID
ConfirmConfirm
ID ID MerchantMerchant
Each transactionconfirmed.Requires mildlyRequires mildlysafe user account.safe user account.
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 23
Scheme “Secure link”Scheme “Secure link”Scheme “Secure link”Scheme “Secure link”
ClearingClearingHouseHouse
BuyerBuyer
MerchantMerchant
Encrypted Encrypted 16+416+4
16+416+4
Same a telephone, Same a telephone, but but encrypt over encrypt over Internet.Internet.Merchant gets Merchant gets number. number. Is merchant safe??Is merchant safe??
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 24
Scheme “MediatedScheme “MediatedScheme “MediatedScheme “Mediated
ClearingClearingHouseHouse
BuyerBuyer
MerchantMerchant
Encrypted Encrypted 16+416+4
Encrypted 16+4
Encrypted 16+4
Only banks sees datain clear.Limited points of Limited points of attack.attack.
© D. Crocker, Brandenburg Consulting, 1995 Making Commerce Safe / 25
Create moneyCreate moneyCreate moneyCreate money
Private buyer and seller transaction – http://www.charm.net/~ibc/ibc2/softw_ag.html
Digicash, Netcash, ...– Use public key cryptography
User generates note for bank to sign Bank debits user account Merchant checks signature Bank redeems note; credits merchant
– Buyers anonymous