TLS, SSL, and SET

2008 ◽  
pp. 300-333
Author(s):  
Manuel Mogollon
Keyword(s):  
Credit Card ◽  
Web Server ◽  
Point Of View ◽  
Transport Layer ◽  
The Internet ◽  
Secure Socket Layer ◽  
End User ◽  
Credit Card Number ◽  
Transport Layer Security ◽  
Commercial Transaction

In an Internet commercial transaction, the secure Web server and the buyer’s computer authenticate each other and encipher the data transmitted using transport layer security (TLS) or secure socket layer (SSL) protocols. When a purchase is made online using a credit card, does the customer’s bank need to know what was purchased? Not really. Does the seller need to know the customer’s credit card number? Actually, the answer is no. The responses to these questions were the main premises of the secure electronic transaction (SET). In the late 1990’s, SET was approved as the credit card standard, but it failed to be accepted because of its cost and the problems regarding distribution of end-user certificates. However, SET is explained in this chapter as an ideal protocol, from the point of view of certificates, digital signatures, and cryptography for securing credit card transactions over the Internet.

Leak in OpenSSL

2021 ◽  
Vol 7 (1) ◽  
pp. 1-6
Author(s):  
Jason Yapri ◽  
Rinkel Hananto
Keyword(s):  
Unethical Behavior ◽  
Credit Card ◽  
Transport Layer ◽  
The Internet ◽  
Secure Socket Layer ◽  
Collaborative Project ◽  
Low Level ◽  
Transport Layer Security ◽  
Confidential Data ◽  
The World

The term “hacker” has been spread around the world and has always been considered as a threat when we use the internet. We often hear hackers deface websites’ contents and break into system to steal private and confidential information, such as account’s username and password, credit card numbers and others. This is definitely an unethical behavior of irresponsible people who mostly aims to gain profit. However the term hacker, on the contrary actually originates from an expert computer technicians who tries to access the system to debug and fix security problems of the system. Nowadays there are dozens of websites out there and some of those websites have low level of security. Hacker can easily break through their system and steal their private confidential data but just because these websites have low level security, that doesn’t mean that it is ethical to break into someone’s system and read their data. It goes the same when someone entering other people’s house because the door was left open by the owner. As web development grows rapidly, security has become an essential part to make the website more secure and reliable. This is when a group of people decided to make a collaborative project on the implementation of SSL (Secure Socket Layer) and TLS (Transport Layer Security) that is available to be used by everyone. This project is called as OpenSSl and has been used by most of the websites in the internet today. What if this OpenSSL, which has been trusted and implemented by 2/3rd of the websites all around the world can be breached? Definitely it will attract dozens of hackers all around the world to do something unimaginably dangerous.

Deception in Electronic Goods and Services

2011 ◽  
pp. 177-182
Author(s):  
Neil C. Rowe
Keyword(s):  
Credit Card ◽  
Major Obstacle ◽  
The Internet ◽  
Human Society ◽  
Limited Information ◽  
Credit Card Number ◽  
The Public ◽  
Online Transactions ◽  
Goods And Services ◽  
Card Number

Deception is a frequent but under appreciated aspect of human society (Eckman, 2001). Deception in electronic goods and services is facilitated by the difficulty of verifying details in the limited information available in cyberspace (Mintz, 2002). Fear of being deceived (often unjustified) is in fact a major obstacle to wider use of e-commerce and e-government by the public. One survey reported consumers thought fraud on the Internet was 12 times more common than offline fraud, and 3 out of 5 people thought their credit card number could be stolen in most online transactions (Allen, 2001); both are overestimates. We assess here the nature of the deception threat, how deception can be detected, and what can be done about it.

scholarly journals The Arithmetic Of elliptic Curve for Prime Curve Secp-384r1 Using One Variable Polynomial Division for Security of Transport Layer Protocol

2019 ◽  
Vol 8 (2) ◽  
pp. 4770-4774
Keyword(s):  
Elliptic Curve ◽  
Transport Layer ◽  
Mathematical Function ◽  
Secure Socket Layer ◽  
Prime Field ◽  
Security Services ◽  
Transport Layer Security ◽  
Digital Signature Algorithm ◽  
Ssl Protocol ◽  
Transport Layer Protocol

In this paper, we present a new method for solving multivariate polynomial elliptic curve equations over a finite field. The arithmetic of elliptic curve is implemented using the mathematical function trace of finite fields. We explain the approach which is based on one variable polynomial division. This is achieved by identifying the plane p with the extension of and transforming elliptic curve equations as well as line equations arising in point addition or point doubling into one variable polynomial. Hence the intersection of the line with the curve is analogous to the roots of the division between these polynomials. Hence this is the different way of computing arithmetic of elliptic curve.Transport layer security provides endto-end security services for applications that use a reliable transport layer protocol such as TCP. Two Protocols are dominant today for providing security at the transport layer, the secure socket layer (SSL) protocol and transport layer security (TLS) protocol. One of the goals of these protocols is to provide server and client authentication, data confidentiality and data integrity. The above goals are achieved by establishing the keys between server and client, the algorithm is called elliptic curve digital signature algorithm (ECDSA) and elliptic curve DiffieHellman (ECDH). These algorithms are implemented using standard for efficient cryptography(SEC) prime field elliptic curve secp-384r1 currently specified in NSA Suite B Cryptography. The algorithm is verified on elliptic curve secp384r1and is shown to be adaptable to perform computation

Ancaman Keamanan pada Transport Layer Security

2016 ◽  
Vol 7 (2) ◽  
pp. 70-75
Author(s):  
Muhamad Fadhli ◽  
Fityan Ali Munshi ◽  
Taufik Adi Wicaksono
Keyword(s):  
Web Security ◽  
Transport Layer ◽  
Secure Socket Layer ◽  
Transfer Layer ◽  
The Public ◽  
Transport Layer Security ◽  
Public Networks ◽  
Index Terms ◽  
In Transit

Secure Socket Layer (SSL) also known as Transfer Layer Security (TLS) is de facto standard for web security. It provides confidentiality and integrity of information in transit across the public networks using their powerful cipher suites but it still contains some loopholes or flaws in its foundation. In this paper we discuss TLS standard along with various attacks found in recent years, such as BEAST, CRIME, BREACH, Lucky 13, and their proposed mitigation. Index Terms— Attack, Compression, Mitigation, Security, TLS.

Introduction to OpenFlow

2018 ◽  
pp. 52-71 ◽  
Author(s):  
Mohit Kumar Jaiswal
Keyword(s):  
Control Mechanism ◽  
Internal Flow ◽  
Transport Layer ◽  
Secure Socket Layer ◽  
Transport Layer Security ◽  
Flow Table ◽  
Network Switch ◽  
Sdn Controller ◽  
Ethernet Switch

The SDN controller is interfaced with the hardware of the network (i.e., with switches and routers) using OpenFlow. Basically, OpenFlow is an open interface used for configuring the forwarding tables of network switch according to the desired path derived by the SDN controller. OpenFlow enables more innovation in controller platforms and applications, and describes a solution for each frame or packet flow. OpenFlow is based on an ethernet switch with an internal flow-table and a standardized interface to add and remove flow entries of forwarding table of the system. The control mechanism from each one of the switch and router up to SDN controller are encrypted with the transport layer security (TLS) and secure socket layer (SSL) OpenFlow protocols to provide the additional security inside the network.

Comparative Shopping on Agent Web Sites

2011 ◽  
pp. 124-128
Author(s):  
Ming Wang
Keyword(s):  
Web Sites ◽  
Credit Card ◽  
Information Overload ◽  
Relevant Information ◽  
Point Of View ◽  
The Internet ◽  
Purchase Order ◽  
Customer Reviews ◽  
Online Shoppers ◽  
The Individual

The enormous amount of commercial information available on the Internet makes online shoppers overwhelmed and it difficult to find relevant information. The recent development of shopping agents (bots) has offered a practical solution for this information overload problem. From the customer’s point of view, a shopping agent reduces search complexity, increases search efficiency, and supports user mobility. It has been proposed that the availability of agent Web sites is one of the reasons why e-markets should be more efficient (Mougayar, 1998). Shopping bots are created with agent software that assists online shoppers by automatically gathering shopping information from the Internet. In this comparative shopping environment, shopping agents can provide the customer with comparative prices for a searched product, customer reviews of the product, and reviews of the corresponding merchants. The agent will first locate the merchants’ Web sites selling the searched product. Then, the agent will collect information about the prices of the product and its features from these merchants. Once a customer selects a product with a merchant, the individual merchant Web site will process the purchase order and the delivery details. The shopping agent receives a commission on each sale made by a visitor to its site from the merchant selling the product on the Internet. Some auction agent Web sites provide a negotiation service through intelligent agent functions. Agents will represent both buyers and sellers. Once a buyer identifies a seller, the agent can negotiate the transaction. The agents will negotiate a price and then execute the transaction for their respective owners. The buyer’s agent will use a credit card account number to pay for the product. The seller’s agent will accept the payment and transmit the proper instructions to deliver the item under the terms agreed upon by the agent.

A Simple and Secure Credit Card-Based Payment System

2010 ◽  
pp. 834-842
Author(s):  
Chi Po Cheong
Keyword(s):  
Private Information ◽  
Credit Card ◽  
Financial Institution ◽  
Payment System ◽  
The Internet ◽  
Sensitive Information ◽  
Payment Systems ◽  
Credit Card Number ◽  
Card Number ◽  
Card Payment

Credit card is the most popular payment method used in Internet shopping. The idea of credit card payment is to buy first and pay later. The cardholder can pay at the end of the statement cycle or they can pay interest on the outstanding balance. Therefore, there are many credit card-based electronic payment systems (EPSs) that have been developed to facilitate the purchase of goods and services over the Internet such as CyberCash (VeriSign), iKP (Bellare, Garary, Hauser, et al, 1995), SET (Visa and MasterCard, 1997), CCT (Li & Zhange, 2004), and so forth. Usually a credit card-based EPS involves five parties: cardholder, merchant, acquirer bank, issuer bank, and financial institution. Internet is an open system and the communication path between each other is insecure. All communications are potentially open for an eavesdropper to read and modify as they pass between the communicating endpoints. Therefore, the payment information transmitted between the cardholder and the merchant through Internet is dangerous without a secure path. SSL (Zeus Technology, 2000) is a good example to secure the communication channel. Besides the issue of insecure communication, there are a number of factors that each participant must consider. For example, merchant concerns about whether the credit card or the cardholder is genuine. There is no way to know the consumer is a genuine cardholder. As a result, the merchant is incurring the increase in losses due to cardholder disputes and frauds. On the other hand, cardholders are worried about the theft of the privacy or sensitive information such as the credit card number. They don’t want any unauthorized usage of their credit cards and any modification to the transaction amount by a third party. These security issues have deterred many potential consumers from purchasing online. Existing credit card-based EPSs solve the problems in many different ways. Some of them use cryptography mechanisms to protect private information. However, they are very complicated, expensive, and tedious (Xianhau, Yuen, Ling, & Lim, 2001). Some EPSs use the Certificate Authority (CA) model to fulfill the authentication, integrity, and nonrepudiation security schemes. However, each participant requires a digital certificate during the payment cycle. These certificates are issued by independent CAs but the implementation and maintenance cost of this model is very high. In addition, the validation steps of Certificate-based systems are very time-consuming processes. It requires access to an online certificate server during the payment process. Moreover, the certificate revocation list is a major disadvantage of the PKI-based certification model (The Internet Engineering Task Force). The cardholder’s certificate also includes some private information such as the cardholder’s name. The requirement of a cardholder’s certificate means software such as e-Wallet is required to be installed on the cardholder’s computer. It is the barrier for the cardholder to use Certificatebased payment systems. To solve this problem, Visa Company has developed a new payment system called Verified by Visa (VbV) (http:www/visa-asia.com/ ap/sea/merchants/productstech/vbv_implementvbv. shtml). However, sensitive information such as credit card number is still passed to the merchant. Therefore, the cardholder is not protected by the system.

Sign in / Sign up

Export Citation Format

Share Document