1 / 13

Understanding TIP - Internet Transaction Protocol

Explore TIP, a proposed Internet standard for secure transactions, supported by Microsoft and Tandem. Understand its security vulnerabilities, transaction models, and implications for Internet security and fraud prevention.

mkahl
Download Presentation

Understanding TIP - Internet Transaction Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TIP: Transaction Internet Protocol • Proposed as an Internet Standard. • Backed by Microsoft and Tandem. • Heterogeneous Transaction Managers can implement TIP to communicate with each other.

  2. Site A Site B Application Program Application Program TIP API TIP API TIP txn manager TIP txn manager TIP: Two-pipe model Pipe 1 Pipe 2 TIP commit protocol

  3. User’s Web Browser Server A Server C Server B A Browsing Transaction (1) Initiate txn (2) txn URL (4) txn URL (3) PUSH txn (5) PULL txn

  4. A C D B PUSH ‘txn1a’ PUSH ‘txn1a’ PUSH ‘txn1b’ PUSH ‘txn1c’ Multiple inclusions of a site

  5. TIP vulnerability • communication is pairwise point-to-point. • Vulnerable to single link failures

  6. TIP Security • Requires Secure-HTTP/SSL/TLS with • encryption and • end-to-end authentication. • Operator intervention is needed when the commit protocol fouls up. • How will this work on the Internet?

  7. Internet Transaction Security • Big value transactions will not be conducted in this way. • Thus any scams will take the form of having a small effect on a large number of tranactions. (Salami scams.)

  8. SSL/TLS does NOT solve all of the problems • TIP with TLS does not ensure non-repudiation. • Various Denial-of-Service attacks are possible. • A rogue participant could block progress by refusing to commit.

  9. Denial-of-Service • PULL-based: • A rogue company that knows the transaction ID sends a PULL to a site then close the connection. • PUSH-based • Flood a sites with PUSHes so that it cannot service legitimate requests.

  10. Broken connection • If a site loses its connection to its superior, the rogue sites sends it a RECONNECT command and tells it the wrong result of the commit.

  11. Repudiation • General point about how to repudiate: • The site that wants to repudiate a transaction can always cause itself to crash and then recover, meanwhile losing all information that was in vulnerable storage.

  12. Repudiation • Interaction of 2PC and authenticated protocol messages • The semantics of the authenticated messages only apply if the txn is committed.

  13. Repudiation • If a message from A to B is part of a 2PC protocol, then B’s possession of the digital signature proves nothing. • A can claim: Yes, that was sent, but the action was rolled back. • B must prove that the action was committed. B must also prove that the message was part of that txn.

More Related