250 likes | 317 Views
b. b. b. b. Securing Transactions: Protocols and Politics. D. Crocker Brandenberg Consulting +1 408 246 8253 dcrocker@brandenburg.com. Brandenburg Consulting. Product & service / planning & design Technical Large-scale systems Internet & interoperability Operations Security
E N D
b b b b Securing Transactions: Protocols and Politics D. Crocker Brandenberg Consulting +1 408 246 8253 dcrocker@brandenburg.com
Brandenburg Consulting • Product & service / planning & design • Technical • Large-scale systems • Internet & interoperability • Operations • Security • Protocols (email, transport, commerce) • Internet development since 1972 • Chair, Silicon Valley - Public Access Link
Secure transactions • Doing business on the Internet • Object- vs. Transport- security • Payment protocols • Standards work
Internet for commerce? • Strong pressures emerging • Businesses now online • Reduced access costs • Global “reach”
A global Internet • Scaling • A chicken in every pot! • Security • Military vs. commercial vs. personal • Management • Interconnection ¹ interoperability • Sometimes ¹ always
Styles of use • Receiver pull • Interactive sessions • Individual, foreground refinement • Sender push • Messaging • Bulk, background distribution (Mark Smith, Intel)
Full(core) Permanent, visible, native Direct(consumer) Native Client User runs Internet applications Mediated Provider runs applications for user Messaging Surprisingly useful To be on the Internet
R&D Search, browse Test Coordinate Support Discuss Info push Marketing Targeted info push Survey Sales Negotiate Order, bill, pay Deliver What is business?
Where to put functions? • Core vs. edges • Place it in the core • Can’t be used until all of the pieces between users adopt it • Place it at the edges • Useful as soon as adopted by two, consenting hosts
Where to put security... My object Object Transport Secure Web Security EMail Security My object Web Server MTA EMail Web FTP Web Server MTA EMail Secure Secure My object My object My object My object
Transport security IPSEC IP-level labeling Kerberos (MIT) Third-party service S-KEY (Bellcore) Pairwise login S-HTTP (EIT) Negotiate specifical object wrapper security SSL (Netscape) Client-server transport link STT (Microsoft) (TBD)
Object security • MOSS (was: PEM) • MIME Object Security Service - IETF • RSA + DES • Global, formal key certification hierarchy • PGP • Pretty Good Privacy - Phil Zimmerman • RSA + IDEA • Informal, personal, direct certification • S/MIME • Secure MIME - RSA & Consortium
Basic algorithms Integrity Authentication (sign) Msg Hash Msg Hash Digital Signature Msg Msg KeyPRIV-ORIG + + + Ÿ Privacy (seal) Encrypt Data Encrypt Key Msg +KeyDATA + KeyDATA KeyPUB-RECIP Ÿ + Ÿ • When do you need each? ...not always!
EDI over Internet • Multiple EDI transports already • Internet is one more • EDI/MIME, proposed standard • Regular EDI objects, encapsulated in MIME • Use MIME-based security
Payment system model Clearing House Buyer Issuing Bank 16+4 Acquiring Bank Merchant (M. Rose, FV )
Payment system issues • Transaction category “card not present” • For all bankcard approaches for Internet • Issues • Knowing buyer/merchant authorized • Avoiding third-party interception • Interchange, assessment, fees • Retrievals, chargebacks, etc. • Risk management
Payment system efforts Commercenet www.commerce.net First Virtual Holdings www.fv.com CyberCash www.cybercash.com Open Market www.openmarket.com NetMarket www.netmarket.com Netscape www.netscape.com DigiCash www.digicash.com
Scheme “Clear” Just trust the net... Easy to capture and replay. Buyer 16+4 in the clear! Clearing House Merchant
Scheme “ID” Still trust the net, until the next statement... Easy to capture and replay. Buyer 16+4 ID Clearing House ID Merchant 16+4
Scheme “ID confirm” 16+4 Buyer ID Clearing House ID Confirm Merchant ID Each transaction confirmed. Requires mildly safe user account.
Scheme “Secure link” Same a telephone, but encrypt over Internet. Merchant gets number. Is merchant safe?? Buyer Encrypted 16+4 Clearing House Merchant 16+4
Scheme “Mediated” Only banks sees data in clear. Limited points of attack. Buyer Encrypted 16+4 Clearing House Encrypted 16+4 Merchant
Open IP labeling Session Security S-HTTP (sort of) MOSS Proprietary SSL STT PGP (sort of) S/MIME The standards debate
Freezing out competition • Non-interoperability • Do it because it’s mine! • Customer lock-in through proprietary extensions • Half-hearted integration • Specialized protocols for each and every need
Is there hope? • Vendor initiatives • Market lead • Folded into public standards • Open access • Open enhancement It all depends on market demand. You are the market; start demanding!