1 / 11

Secure Credit Card Transactions on an Untrusted Channel

Secure Credit Card Transactions on an Untrusted Channel. Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24. Outline. Introduction M otivation Scheme Security analysis Performance evaluation Advantage vs. weakness Comment. Introduction.

latham
Download Presentation

Secure Credit Card Transactions on an Untrusted Channel

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun (孫翠鴻) Date: 2010/9/24

  2. Outline • Introduction • Motivation • Scheme • Security analysis • Performance evaluation • Advantage vs. weakness • Comment

  3. Introduction • Credit cards based payment system • Entity: customer, merchant, credit card issuer and bank. • Credit card: credit card number, Card Verification Value (CVV). • Transaction: billing digest, information about the customer.

  4. Introduction • Secure Socket Layer (SSL) • Establish a trusted connection between two parties. • HTTPS (Secure HTTP) • Send messages securely using SSL. • Both two need public keys and certificates, besides, the operations process are complex.

  5. Motivation • SSL and HTTPS are complex because they involve key-management, user credentials and certificates. • Smart cards require extra infrastructure like smart card reader and middleware. • This paper want to let the transaction become more simpler and easy to achieve security.

  6. Scheme Common key KBMi (ex. customer credit card data) Common key KBMi Credit card confidentially

  7. Scheme 1.Request phase 2.Verification phase 3.Authentication Phase 4.Response Phase UI1: customer related non critical data. UI2: importance to the merchant data. h = HCVV(UI1, UCI, T, CVV) T: time stamp. UCI : customer critical information. CVV: Card Verifier Value. TID: transaction id. rc and rm: response values generated by the issuer. TID = H(h,UI1,T)

  8. Scheme • Authentication Phase • Issuer has a database containing customer credit card data. A1 Retrieve CVV and UCI from database. A2 Compute hash value h1. A3 Comparing h and h1 consistency. A4 Generate response values A5 Send acknowledgement to bank. Accept: Reject: : common key between the bank and the merchant i.

  9. Security analysis • Replay Attack • Forgery Attack • Man-in-the-Middle Attack • Guessing Attack

  10. Performance evaluation • Complexity Comparison Request phase:exor operation, hash operation (bank). Verification phase: hash operation (merchant), intersection operation (issuer). Authentication phase: exor operations (issuer).

  11. Advantage vs. weakness • Advantage • Can resist 4 type important attack. • No need complex computing. • No need extra overhead like smart card, reader and middleware. • Just use hash function and a common key. • just use a one round protocol. • Weakness • Common key may be weak.

More Related