Authentication in ECommerce

1
Authentication in E-Commerce
2
Authentication in E-Commerce An Introduction

• In online marketplaces like the Internet, both
  buyers and sellers face high levels of
  uncertainty.
• Traditional authentication mechanisms based on
  physical inspection are not feasible online.
• Simply automating traditional processes used in
  the physical marketplace cannot solve the
  authentication problem in e-commerce.

3
A Conceptual Framework for Online
Authentication

• Authentication has been defined in various ways.
• Definition One Authentication establishes "the
  identity of one party to another" Sandhu 96.
• Definition Two Authentication is "a core set of
  activities used to verify the quality and
  features of the product offered, the authenticity
  of the trading parties, and monitor conformance
  to the contract or agreement among parties"
  Kambil 98.
• Two major dimensions identity and quality (see
  also Basu 03).

4
A conceptual framework for online Authentication

• Online sellers and buyers need to obtain
  authentication information about each other and
  verify the trustworthiness of this authentication
  information.
• A second set of dimensions Information and
  Trust.
• Two set of dimensions, buyer, seller, product
  (service) leads to 3-D Conceptual framework for
  online authentication.

5
Figure 1 Dimensions of Authentication in
E-Commerce
6
Authentication Types

• Buyer Information
• Buyer Identity Information Authentication.
• Buyer Quality Information Authentication.
• Seller Information
• Seller Identity Information Authentication.
• Seller Quality Information authentication.
• Product Information
• Product Identity Information Authentication.
• Product Quality Information Authentication.

7
Authentication Types

• Buyer Trust
• Buyer Identity Trust Authentication.
• Buyer Quality Trust Authentication.
• Seller Trust
• Seller Identity Trust Authentication.
• Seller Quality Trust authentication.
• Product Trust
• Product Identity Trust Authentication.
• Product Quality Trust Authentication.

8
Buyer Identity Information Authentication

• Buyer identity Authentication Seller can learn
  the identity of buyer based on
• Something the buyer knows.
• Something the buyer has.
• Something the buyer is.
• Group affiliation.

9
Buyer Identity Trust Authentication

• Verification and validation of buyer id
  information.
• Directly
• Trusted Third parties.

10
Buyer Quality Information Authentication

• Seller wants to know about the buyers
  creditworthiness, integrity and legitimate
  nature.
• Buyer registration at the seller web site.
• Credit Cards
• Digital certificates and Financial institutions.

11
Buyer Quality Trust Authentication

• Verification and validation of buyer Quality
  information
• Trusted Third parties.
• Collaborating with Financial institutions.

12
Information and Trust

• Trust Based on expectation that a trustee will
  act in the interests of a truster, without a
  guarantee.
• Information and Trust are different and need
  different mechanisms.
• Example
• Product Quality Information Authentication
  Online buyer-seller interface, accuracy
• Product Quality Trust Authentication Tryouts,
  endorsements.

13
Temporal Dimension

• Important temporal dimension to on-line
  authentication.
• Identity Authentication First attempt,
  subsequent attempts
• Product identity Authentication First attempt,
  subsequent attempts..

14
Overall Buyer, Seller, and Product Authentication

• Overall buyer authentication Most reliably
  achieved through
• Credit cards and digital certificates endorsed by
  financial institutions.
• Credit cards are highly portable, as opposed to
  digital certificates that reside on the buyer's
  machine.
• Both rely on trusted third party.
• Most authentication mechanisms used require
  disclosure of identity.
• SET protocol being an exception.

15
Overall Buyer, Seller, and Product Authentication

• Seller Authentication. Although there are a
  variety of robust seller-managed mechanisms such
  as URL advertising and virtual communities for
  overall seller authentication, they are not as
  effective as those that involve third parties.
• Digital signatures can be used.
• Digital signatures do not promote seller quality
  authentication.
• Forging alliances with other third parties
  necessary.
• More than one trusted third party might need to
  get involved

16
Overall Buyer, Seller, and Product Authentication

• A robust means of achieving overall product
  authentication is product try-outs.
• Do not constitute a ubiquitous means of achieving
  overall product authentication.
• High cost of providing product try-outs.
• Motivating opportunistic behaviour
• Does not typically involve trusted third parties

17
Evaluation of On Line Authentication Mechanisms

• Robustness
• Degree of Acceptance
• Cost
• Ease of Use
• Portability
• Security

18
Open Problems in Authentication

• Product Authentication.
• Trustworthiness of the trusted third parties.
• Government involvement.
• Issue of Anonymity.

19
Implementing Authentication

• Message Content Authentication.
• Message Identity authentication.
• General Identity authentication.
• Observations
• (1) Is commonly handled by message authentication
  code (MAC).
• (2) is a subset of (1).
• (3) is based on Claimant actions.
• Note Refer to Woo 92

20
Authentication Requirements

• In the context of E-Commerce based communications
  across a network, the following attacks can be
  identified
• Disclosure.
• Traffic Analysis.
• Masquerade.
• Content Modification.
• Sequence Modification
• Timing Modification
• Repudiation.

21
Authentication Procedure

• There are two levels to authentication
• Lower Level Authentication Function.
• Higher level Authentication Protocol.
• Authentication Function
• Message Encryption Cipher-text.
• Cryptographic checksum Public function of
  message secret key.
• Hash Function A one way hash function.

22
Message Encryption

• Analysis differs for conventional and public key
  encryption techniques.
• Conventional Encryption Assures confidentiality
  using shared secret key.
• Key Question In addition, can we say that B is
  assured that message was generated by A? Maybe
  Yes.

B
K
A
K
M
M
E
D
K(M)
Figure 2 Conventional Encryption
23
Message Encryption

• The key question in the preceding slide needs to
  be qualified.
• X Ciphertext
• DK(X)Y Where YM.
• M Any bit pattern Automatic decryption to
  intelligible plaintext.
• Structure to plaintext example FCS.
• TCP/IP encryption.

24
Public Key Encryption

• Straightforward use provides confidentiality but
  no authentication.

A KpubA KpvtA KpubB
B KpubB KpvtB KpubA
KpubB
KpvtB
CT
PT
PT
User B
User A
Encryption Algorithm
Decryption Algorithm
Figure 3 Public Key Encryption
25
Authentication using Public Key Using Signature
Mechanisms

• Signature using Public key Provides both
  confidentiality and Authentication.
• Protocol
• A ? B KPUBB A, B, MesgKPVTA
• A, B Identities of communicating parties.
• KPUBB Public key of B.
• KPVTA Private key of A.
• MesgKPVTA Indicates signature element
• Note Same reasoning applies here regarding the
  structure of the message.

26
Certificates

• Impersonation of public keys.
• Solution Digital Certificate.
• Certificate Digital passport that offers proof
  from a trusted authority. Of an entitys
  identity.
• Procurement Alice provides a trusted entity
  called Certificate Authority with two pieces of
  information
• Proof of Alices identity.
• Alices Public Key
• CA then generates the digital certificate for
  Alice.

27
Certificate Contents

• Alices identity
• CAs identity
• Certificates identity number.
• Date of Assurance
• Time period for which the certificate is valid
• Alices public key.
• Information encrypted with CAs public key.

28
Version Serial number Algo. Identifier
Algo parameters Issuer Period of
Validity Subject Subjects public key Algo,
parameters, Public key Signature
X.509 certificate
29
Who is a CA?

• An organization that issues public key
  certificates.
• Internal CA
• Outsourced employee CA
• Outsourced Customer CA.
• Trusted Third Party CA

30
Certificate Revocation

• Private key comprised.
• Wrongly issued.
• No authorization to access a service.
• CA systems have been compromised.
• What is certification Practices statement (CPS)?
• Business might be willing to accept certification
  from CAs if
• Minimum certification policies
• Liability issues are adhered to.

31
Cryptographic Checksum

• The sender (say A) calculates the cryptographic
  checksum as a function of the message and and a
  secret key CK(M).
• The message plus checksum transmitted to the
  intended recipient.
• The recipient performs the same operation on the
  received message using the same secret key.
• Received checksumcalculated checksum
  Communication successful.

32
Cryptographic Checksum

• The receiver is assured that the message has not
  been altered.
• The receiver is assured that the message is from
  the alleged sender.
• Receiver can be assured of the proper sequence
  (if message has a sequence number eg TCP).
• TCP encrypted with outer IP header.
• Note Provides authentication but not
  confidentiality.

33
Cryptographic Checksum

• Why use checksum instead of conventional
  encryption?
• Broadcast applications.
• Heavy load scenario.
• Saving of processor resources.
• Other rationales
• For most business applications it may not be of
  concern to keep messages secret, but it is
  important to authenticate messages.
• Separation of authentication and confidentiality
  functions affords architectural flexibility.
• For prolonging the period of protection beyond
  reception.

34
Hash Function

• Accepts a variable size message M as input and
  produces a fixed size hash code sometimes called
  a message digest as output. One way property.
• Hash Code Function of all the bits of the
  message and provides an error detection
  capability.
• How is it different from a checksum??
• One way property important for authentication.

35
Digital Signatures

• Message authentication techniques mentioned
  before protect the two concerned parties from a
  malicious third party but not from each other.
• A simple example.
• Scenario 1 Forging
• Scenario 2 Denying
• Both scenarios are of legitimate concern in
  E-Commerce environment.
• Scenario 1 Electronics fund transfer problem.
• Scenario 2 Stock transaction that turns out
  badly.

36
Properties of Digital Signatures

• Verification of author, date, and time of
  signature.
• Authentication of message contents.
• Verifiable by third parties.
• Observations
• Easy to recognise and verify signatures.
• Computationally infeasible to forge a signature

37
Direct Digital Signature

• Involves only the communicating parties.
• An example of this was discussed before using
  figure.
• Note It is important to perform the signature
  function first and then an outer encrypted
  function.
• Schemes validity depends upon the security of
  senders private key.
• Administrative controls can be deployed.
• Use of timestamps to fool the recipient.

38
Arbitrated Digital Signatures

• Every signed message from the sender to the
  receiver goes to an arbiter A.
• Arbiter A subjects the message and its signature
  to a number of tests to check its origin and
  content.
• The message is dated and then sent to the
  recipient with an indication that it has been
  verified to the satisfaction of the arbiter.
• Arbiter plays a crucial role Trust necessary.

39
Arbitrated Digital Signature Techniques

• Different techniques
• Conventional Encryption, Arbiter sees the
  message.
• Conventional encryption, Arbiter does not see the
  message.
• Public key encryption, Arbiter does not see the
  message.

40
Notations

• In this lecture series we will use the following
  notations in our protocol descriptions
• Symmetric key
• KM Message M encrypted with a shared secret
  key K.
• Public Key Cryptography
• KPUBAM Message M encrypted with public key of
  A.
• MKPVTA Message M signed by A (Encrypted with
  the private key of A).
• Hashing
• H(M) Hash of a message M.
• Certificates
• CertX Certificate of a Principal X.

41
Arbitrated Digital Signature Techniques.

• Conventional Encryption, Arbiter sees message
• X? A M, KXAX, H(M)
• A ?Y KAYX, M, KXAX, H(M), T
• Conventional Encryption Arbiter does not see
  message
• X? A X, KXYM, KXAX, H(KXYM).
• A ?Y KAYX, KXYM, KXAX, H(KXYM), T
• Public Key Encryption, Arbiter does not see
  message
• X? A X, X, KPUBYMKPVTX KPVTX
• A ?Y X, KPUBYMKPVTXKPVTA

42
Physical Devices for Digital Signatures

• Store the key encrypted on the hard disk.
• Store the key encrypted on removable data.
• Store the key in a smart card or other smart
  device.
• Example Veritas Digital signature for physical
  credentials.

43
Principals Involved in Authentication

• Hosts Addressable entities at the level.
• Fully qualified domain name, IP addresses.
• Users Entities ultimately responsible for
  systems activities.
• Users initiate and are accountable for all
  systems activities.
• Processes A system creates processes within the
  system boundary to represent users.
• Client-Server processes.
• Resource consumption.

44
Authentication Exchanges

• Host-Host Involve activities that often require
  cooperation between hosts.
• Link information
• Bootstrapping.
• User-Host A user gains access to a distributed
  system by logging in a host in the system.
• Open access environment, mutual authentication
  may be required.
• Process-Process
• Peer-peer
• Client-server.

45
Authentication Protocols

• Protocol A sequence of communication and
  computation steps.
• Authentication Protocols A means of carrying out
  authentication using a protocol involving message
  exchanges.
• An important application area in e-commerce is
  that of authentication protocols.
• Two categories
• Mutual authentication
• Conventional encryption approach.
• Public key encryption approach.
• One way authentication.

46
Mutual Authentication

• Such protocols enable communicating parties to
  satisfy themselves mutually about each others
  identity and to exchange keys.
• Central to the problem of authenticated key
  exchange arte two issues
• Confidentiality masquerade, key compromise
• Timeliness Replay attack.
• Types of Replay attacks
• Simple replay.
• Repetition that can be logged.
• Repetition that cannot be detected.
• Backward replay without modification

47
Coping with Replay attacks

• Ways to thwart replay attacks
• Sequence numbers
• Timestamps
• Challenge/response.

48
Mutual Authentication Conventional Encryption
Approach

• Two level hierarchy of encryption keys must be
  used to provide confidentiality.
• Use of Trusted Key Distribution centre.
• Master key as secret.
• Session key generation.
• Some popular approaches
• Needham Schroeder Protocol Need 78
• Dennings protocol Denn 82

49
Needham Schroeder Protocol

• A?KDC A, B, N1
• KDC ?A KA-KDCKS, B, N1 KB-KDCKS, A
• A ?B KB-KDCKS, A
• B ?A KSN2
• A ?B KSf(N2)
• Note Susceptible to replay. Denning eliminates
  this by introducing timestamp.

50
Dennings Proposal

• A?KDC A, B,
• KDC ?A KA-KDCKS, B, T KB-KDCKS, A, T
• A ?B KB-KDCKS, A, T
• B ?A KSN1
• A ?B KSf(N1)
• Verifying timeliness
• Clock-Tlt?t1?t2
• Problem Synchronisation of clocks.
  (Supress-replay attacks)

51
Mutual Authentication Public Key Encryption
Approach

• A?AS A, B
• AS ?AA, KPUBA, TKPVTAS, B, KPUBB, TKPVTAS
• A ?B A, KPUBA, TKPVTAS, B, KPUBB, TKPVTAS,
  KPUBBKS, TKPVTA

52
One Way Authentication

• Recipient wants some assurance from the sender
  and not vice versa.
• Example Email SMTP protocol.
• Two approaches
• Conventional Encryption Approach.
• Public Key Encryption Approach.

53
Conventional Encryption Approach

• A?KDC A, B, N1
• KDC ?A KA-KDCKS, B, N1 KB-KDCKS, A
• A ?B KB-KDCKS, A KSM
• Observations
• Only the intended recipient reads the message.
• Provides a level of authentication that the
  sender is A.
• No protection against replays Timestamp

54
Conventional Encryption Approach No Trusted
Third Party

• A?B A
• B?A N
• A ?B KA-BN

55
Public Key Encryption Approach

• A?B A
• B?A N
• A ?B NKPVTA
• B?A M Send me your public key
• A?B KPUBA

56
Public Key Encryption Approach

• Confidentiality
• A ?B KPUBB KS,KSM
• Authentication
• A ?B M, H(M)KPVTA

57
Secure Socket Layer (SSL)

• The most widely used mechanism for insuring
  confidentiality between a Web client and server
  and for providing basic machine-to-machine
  authentication
• Originally developed by Netscape to provide these
  forms of security at an infrastructure level.
• SSL is a protocol
• It operates on top of TCP/IP but below HTTP, FTP,
  IMAP, etc.
• These latter protocols, and the applications they
  support, can use (or not use) SSL transparently,
  once the secure connection is established.

58
Figure 4 SSL Steps
Client Hello Message Negotiate security
parameters
SSL Software on Client Machine
SSL Software on Merchant Server
Server Hello Message Negotiate security
parameters
4. M, h(M)ServerPvtk
Authenticate Client (Optional)
KPubServKS
KS M1
59
SSL Explanation

• Hello (Convey security parameters from Client
  side)
• Hello, I'm Server. (Convey security parameters
  from server side.)
• Servers certificate
• Proving the certificate.Client, This Is Server
  digestClient, This Is Server
  Servers-private-key
• ok server, here is a secret secret Servers
  public-key
• some messagesecret-key
• Note Observation Vulnerable to man in the
  middle attack.

60
Key Management

• The authentication techniques and protocols
  discussed in the previous section rely on key
  being securely distributed between the two
  communicating parties.
• Public key encryption is frequently used to
  address the problem of key distribution.
• Two distinct aspects
• The distribution of public keys.
• The use of public key encryption to distribute
  secret keys.

61
Key Management

• Distribution of public keys
• Public key is publicly available.
• Algorithms are also broadly accepted (example
  RSA).
• Public key can be sent/broadcast to community at
  large.
• Issue Forging.
• Solution to the problem Public key certificate.
• Certificates digitally signed by trusted third
  party (Certification Authority-CA).
• This signature can be verified by every user.

62
Key Management

• Public key Distribution of Secret keys
• Public key encryption introduces latency and
  overheads.
• A powerful alternative is to use public key
  system to exchange secret a symmetric key.
• Then use this symmetric key to encrypt subsequent
  messages.
• Two alternatives
• Public key authority
• Certificates.

63
Figure 5 Use of Public Key Authority
Authority
4. RequestTime 2
1. RequestTime 1
5. KPubARequestTime2KPvtAuth
2. KPubBRequestTime1KPvtAuth
3. KPubBIDAN1
A
B
6. KPubAN1 N2
7. KPubB N2
64
Figure 6 Exchange of Public Key Certificates
Authority
KPubB
CB Time 2, IDB, M, KPubBKPvtAuth
KPubA
CA Time1, IDA, M, KPubAKPvtAuth
CA
A
B
CB
65
References

• Sandhu 96 Sandhu, R., and Samarati, P.
  Authentication, access control, and audit. ACM
  Computing Surveys 28, 1 (Mar. 1996), 241243.
• Kambil 98 Kambil, A., and Van Heck, E.
  Reengineering the Dutch flower auctions A
  framework for analyzing exchange organizations.
  Information Systems Research 9, 1 (Mar. 1998),
  119.
• Basu 03 Basu, A. and Muylle, S. Online
  support for ecommerce processes by Web retailers.
  Decision Support Systems 34, 4 (Mar. 2003),
  379395.
• Woo 92 Thomas Y. C. Woo and Simon S. Lam,
  Authentication for Distributed Systems,''
  Computer, Vol. 25, No. 1, January 1992, and
  Authentication revisited,'' Computer, Vol. 25,
  No. 3, March 1992.

66
References

• Kaufmann 95 Charlie Kaufman, Radia Perlman
  and Mike Speciner, "Network Security Private
  Communication in a Public World", Prentice Hall,
  16 March, 1995.
• SSL http//developer.netscape.com/docs/manuals/s
  ecurity/sslin/contents.htm
• Denn82 D. Denning. Cryptography and Data
  Security. Reading, MA Addison Wesley, 1983.
• Needham 78 R. Needham and M. Schroeder.
  Using Encryption for Authentication in Large
  Networks of Computers. Communications of the
  ACM, December 1978.