Secure credit card transactions on an untrusted channel
This presentation is the property of its rightful owner.
Sponsored Links
1 / 11

Secure Credit Card Transactions on an Untrusted Channel PowerPoint PPT Presentation


  • 64 Views
  • Uploaded on
  • Presentation posted in: General

Secure Credit Card Transactions on an Untrusted Channel. Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24. Outline. Introduction M otivation Scheme Security analysis Performance evaluation Advantage vs. weakness Comment. Introduction.

Download Presentation

Secure Credit Card Transactions on an Untrusted Channel

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Secure credit card transactions on an untrusted channel

Secure Credit Card Transactions on an Untrusted Channel

Source: Information Sciences in review

Presenter: Tsuei-Hung Sun (孫翠鴻)

Date: 2010/9/24


Outline

Outline

  • Introduction

  • Motivation

  • Scheme

  • Security analysis

  • Performance evaluation

  • Advantage vs. weakness

  • Comment


Introduction

Introduction

  • Credit cards based payment system

  • Entity: customer, merchant, credit card issuer and bank.

  • Credit card: credit card number, Card Verification Value (CVV).

  • Transaction: billing digest, information about the customer.


Introduction1

Introduction

  • Secure Socket Layer (SSL)

    • Establish a trusted connection between two parties.

  • HTTPS (Secure HTTP)

    • Send messages securely using SSL.

  • Both two need public keys and certificates, besides, the operations process are complex.


M otivation

Motivation

  • SSL and HTTPS are complex because they involve key-management, user credentials and certificates.

  • Smart cards require extra infrastructure like smart card reader and middleware.

  • This paper want to let the transaction become more simpler and easy to achieve security.


Scheme

Scheme

Common key KBMi

(ex. customer credit card data)

Common key KBMi

Credit card confidentially


Scheme1

Scheme

1.Request phase

2.Verification phase

3.Authentication Phase

4.Response Phase

UI1: customer related non critical data. UI2: importance to the merchant data. h = HCVV(UI1, UCI, T, CVV)

T: time stamp. UCI : customer critical information. CVV: Card Verifier Value. TID: transaction id.

rc and rm: response values generated by the issuer. TID = H(h,UI1,T)


Scheme2

Scheme

  • Authentication Phase

    • Issuer has a database containing customer credit card data.

      A1 Retrieve CVV and UCI from database.

      A2 Compute hash value h1.

      A3 Comparing h and h1 consistency.

      A4 Generate response values

      A5 Send acknowledgement to bank.

Accept:

Reject:

: common key between the bank and the merchant i.


Security analysis

Security analysis

  • Replay Attack

  • Forgery Attack

  • Man-in-the-Middle Attack

  • Guessing Attack


Performance evaluation

Performance evaluation

  • Complexity Comparison

Request phase:exor operation, hash operation (bank).

Verification phase: hash operation (merchant), intersection operation (issuer).

Authentication phase: exor operations (issuer).


Advantage vs weakness

Advantage vs. weakness

  • Advantage

    • Can resist 4 type important attack.

    • No need complex computing.

    • No need extra overhead like smart card, reader and middleware.

    • Just use hash function and a common key.

    • just use a one round protocol.

  • Weakness

    • Common key may be weak.


  • Login