Secure credit card transactions on an untrusted channel
Download
1 / 11

Secure Credit Card Transactions on an Untrusted Channel - PowerPoint PPT Presentation


  • 82 Views
  • Uploaded on
  • Presentation posted in: General

Secure Credit Card Transactions on an Untrusted Channel. Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24. Outline. Introduction M otivation Scheme Security analysis Performance evaluation Advantage vs. weakness Comment. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

Secure Credit Card Transactions on an Untrusted Channel

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Secure Credit Card Transactions on an Untrusted Channel

Source: Information Sciences in review

Presenter: Tsuei-Hung Sun (孫翠鴻)

Date: 2010/9/24


Outline

  • Introduction

  • Motivation

  • Scheme

  • Security analysis

  • Performance evaluation

  • Advantage vs. weakness

  • Comment


Introduction

  • Credit cards based payment system

  • Entity: customer, merchant, credit card issuer and bank.

  • Credit card: credit card number, Card Verification Value (CVV).

  • Transaction: billing digest, information about the customer.


Introduction

  • Secure Socket Layer (SSL)

    • Establish a trusted connection between two parties.

  • HTTPS (Secure HTTP)

    • Send messages securely using SSL.

  • Both two need public keys and certificates, besides, the operations process are complex.


Motivation

  • SSL and HTTPS are complex because they involve key-management, user credentials and certificates.

  • Smart cards require extra infrastructure like smart card reader and middleware.

  • This paper want to let the transaction become more simpler and easy to achieve security.


Scheme

Common key KBMi

(ex. customer credit card data)

Common key KBMi

Credit card confidentially


Scheme

1.Request phase

2.Verification phase

3.Authentication Phase

4.Response Phase

UI1: customer related non critical data. UI2: importance to the merchant data. h = HCVV(UI1, UCI, T, CVV)

T: time stamp. UCI : customer critical information. CVV: Card Verifier Value. TID: transaction id.

rc and rm: response values generated by the issuer. TID = H(h,UI1,T)


Scheme

  • Authentication Phase

    • Issuer has a database containing customer credit card data.

      A1 Retrieve CVV and UCI from database.

      A2 Compute hash value h1.

      A3 Comparing h and h1 consistency.

      A4 Generate response values

      A5 Send acknowledgement to bank.

Accept:

Reject:

: common key between the bank and the merchant i.


Security analysis

  • Replay Attack

  • Forgery Attack

  • Man-in-the-Middle Attack

  • Guessing Attack


Performance evaluation

  • Complexity Comparison

Request phase:exor operation, hash operation (bank).

Verification phase: hash operation (merchant), intersection operation (issuer).

Authentication phase: exor operations (issuer).


Advantage vs. weakness

  • Advantage

    • Can resist 4 type important attack.

    • No need complex computing.

    • No need extra overhead like smart card, reader and middleware.

    • Just use hash function and a common key.

    • just use a one round protocol.

  • Weakness

    • Common key may be weak.


ad
  • Login