SPP Secure Payment Protocol: Protocol Analysis, Implementation and Extensions

Internet commerce continues to grow rapidly. Over 60% of US households use the internet to shop online. A secure payment protocol is required to support this rapid growth. A new payment protocol was recently invented at IBM. We refer to the protocol as SPP or Secure Payment Protocol. This thesis presents a protocol analysis of SPP. It is essential that a thorough security analysis be done on any new payment protocol so that we can better understand its security properties. We first develop a method for analyzing payment protocols. This method includes a list of desirable security features and a list of proofs that should be satisfied. We then present the results of the analysis. These results validate that the protocol does contain many security features and properties. They also help understand the security properties and identify areas where the protocol can be further secured. This led us to extend the design of the protocol to enhance its security. This thesis also presents a prototype implementation of SPP. Three software components were implemented. They are the Electronic Wallet component, the merchant software component and the Trusted Third Party component. The architecture and technologies that are required for implementation are discussed. The prototype is then used in performance measurement experiments. Results on system performance as a function of key size are presented. Finally, this thesis presents an extension of SPP to support a two buyer scenario. In this scenario one buyer makes an order while another buyer makes the payment. This scenario enables additional commerce services

Internet payment system--: mechanism, applications & experimentation.

Ka-Lung Chong.Thesis (M.Phil.)--Chinese University of Hong Kong, 2000.Includes bibliographical references (leaves 80-83).Abstracts in English and Chinese.Abstract --- p.iAcknowledgments --- p.iiiChapter 1 --- Introduction & Motivation --- p.1Chapter 1.1 --- Introduction --- p.1Chapter 1.2 --- Internet Commerce --- p.3Chapter 1.3 --- Motivation --- p.6Chapter 1.4 --- Related Work --- p.7Chapter 1.4.1 --- Cryptographic Techniques --- p.7Chapter 1.4.2 --- Internet Payment Systems --- p.9Chapter 1.5 --- Contribution --- p.16Chapter 1.6 --- Outline of the Thesis --- p.17Chapter 2 --- A New Payment Model --- p.19Chapter 2.1 --- Model Description --- p.19Chapter 2.2 --- Characteristics of Our Model --- p.22Chapter 2.3 --- Model Architecture --- p.24Chapter 2.4 --- Comparison --- p.30Chapter 2.5 --- System Implementation --- p.30Chapter 2.5.1 --- Acquirer Interface --- p.31Chapter 2.5.2 --- Issuer Interface --- p.32Chapter 2.5.3 --- Merchant Interface --- p.32Chapter 2.5.4 --- Payment Gateway Interface --- p.33Chapter 2.5.5 --- Payment Cancellation Interface --- p.33Chapter 3 --- A E-Commerce Application - TravelNet --- p.35Chapter 3.1 --- System Architecture --- p.35Chapter 3.2 --- System Features --- p.38Chapter 3.3 --- System Snapshots --- p.39Chapter 4 --- Simulation --- p.44Chapter 4.1 --- Objective --- p.44Chapter 4.2 --- Simulation Flow --- p.45Chapter 4.3 --- Assumptions --- p.49Chapter 4.4 --- Simulation of Payment Systems --- p.50Chapter 5 --- Discussion of Security Concerns --- p.54Chapter 5.1 --- Threats to Internet Payment --- p.54Chapter 5.1.1 --- Eavesdropping --- p.55Chapter 5.1.2 --- Masquerading --- p.55Chapter 5.1.3 --- Message Tampering --- p.56Chapter 5.1.4 --- Replaying --- p.56Chapter 5.2 --- Aspects of A Secure Internet Payment System --- p.57Chapter 5.2.1 --- Authentication --- p.57Chapter 5.2.2 --- Confidentiality --- p.57Chapter 5.2.3 --- Integrity --- p.58Chapter 5.2.4 --- Non-Repudiation --- p.58Chapter 5.3 --- Our System Security --- p.58Chapter 5.4 --- TravelNet Application Security --- p.61Chapter 6 --- Discussion of Performance Evaluation --- p.64Chapter 6.1 --- Performance Concerns --- p.64Chapter 6.2 --- Experiments Conducted --- p.65Chapter 6.2.1 --- Description --- p.65Chapter 6.2.2 --- Analysis on the Results --- p.65Chapter 6.3 --- Simulation Analysis --- p.69Chapter 7 --- Conclusion & Future Work --- p.72Chapter A --- Experiment Specification --- p.74Chapter A.1 --- Configuration --- p.74Chapter A.2 --- Experiment Results --- p.74Chapter B --- Simulation Specification --- p.77Chapter B.1 --- Parameter Listing --- p.77Chapter B.2 --- Simulation Results --- p.77Bibliography --- p.8

Codex Enables Secure Offline Micropayments

This paper introduces a new micropayment scheme, suitable for all kinds of transactions, and does not require online transactions for either the payer or payee. The designed method uses an encrypted data structure called Codex which self replicates to represent the current values of both the payer and the payee. The model, while providing fraud detection also guarantees payment & loss recovery

Synchronization of multi-carrier CDMA signals and security on internet.

by Yooh Ji Heng.Thesis (M.Phil.)--Chinese University of Hong Kong, 1996.Includes bibliographical references (leaves 119-128).Appendix in Chinese.Chapter I --- Synchronization of Multi-carrier CDMA Signals --- p.1Chapter 1 --- Introduction --- p.2Chapter 1.1 --- Spread Spectrum CDMA --- p.4Chapter 1.1.1 --- Direct Sequence/SS-CDMA --- p.5Chapter 1.1.2 --- Frequency Hopping/SS-CDMA --- p.5Chapter 1.1.3 --- Pseudo-noise Sequence --- p.6Chapter 1.2 --- Synchronization for CDMA signal --- p.7Chapter 1.2.1 --- Acquisition of PN Sequence --- p.7Chapter 1.2.2 --- Phase Locked Loop --- p.8Chapter 2 --- Multi-carrier CDMA --- p.10Chapter 2.1 --- System Model --- p.11Chapter 2.2 --- Crest Factor --- p.12Chapter 2.3 --- Shapiro-Rudin Sequence --- p.14Chapter 3 --- Synchronization and Detection by Line-Fitting --- p.16Chapter 3.1 --- Unmodulated Signals --- p.16Chapter 3.2 --- Estimating the Time Shift by Line-Fitting --- p.19Chapter 3.3 --- Modulated Signals --- p.22Chapter 4 --- Matched Filter --- p.23Chapter 5 --- Performance and Conclusion --- p.27Chapter 5.1 --- Line Fitting Algorithm --- p.27Chapter 5.2 --- Matched Filter --- p.28Chapter 5.3 --- Conclusion --- p.30Chapter II --- Security on Internet --- p.31Chapter 6 --- Introduction --- p.32Chapter 6.1 --- Introduction to Cryptography --- p.32Chapter 6.1.1 --- Classical Cryptography --- p.33Chapter 6.1.2 --- Cryptanalysis --- p.35Chapter 6.2 --- Introduction to Internet Security --- p.35Chapter 6.2.1 --- The Origin of Internet --- p.35Chapter 6.2.2 --- Internet Security --- p.36Chapter 6.2.3 --- Internet Commerce --- p.37Chapter 7 --- Elementary Number Theory --- p.39Chapter 7.1 --- Finite Field Theory --- p.39Chapter 7.1.1 --- Euclidean Algorithm --- p.40Chapter 7.1.2 --- Chinese Remainder Theorem --- p.40Chapter 7.1.3 --- Modular Exponentiation --- p.41Chapter 7.2 --- One-way Hashing Function --- p.42Chapter 7.2.1 --- MD2 --- p.43Chapter 7.2.2 --- MD5 --- p.43Chapter 7.3 --- Prime Number --- p.44Chapter 7.3.1 --- Listing of Prime Number --- p.45Chapter 7.3.2 --- Primality Testing --- p.45Chapter 7.4 --- Random/Pseudo-Random Number --- p.47Chapter 7.4.1 --- Examples of Random Number Generator --- p.49Chapter 8 --- Private Key and Public Key Cryptography --- p.51Chapter 8.1 --- Block Ciphers --- p.51Chapter 8.1.1 --- Data Encryption Standard (DES) --- p.52Chapter 8.1.2 --- International Data Encryption Algorithm (IDEA) --- p.54Chapter 8.1.3 --- RC5 --- p.55Chapter 8.2 --- Stream Ciphers --- p.56Chapter 8.2.1 --- RC2 and RC4 --- p.57Chapter 8.3 --- Public Key Cryptosystem --- p.58Chapter 8.3.1 --- Diffie-Hellman --- p.60Chapter 8.3.2 --- Knapsack Algorithm --- p.60Chapter 8.3.3 --- RSA --- p.62Chapter 8.3.4 --- Elliptic Curve Cryptosystem --- p.63Chapter 8.3.5 --- Public Key vs. Private Key Cryptosystem --- p.64Chapter 8.4 --- Digital Signature --- p.65Chapter 8.4.1 --- ElGamal Signature Scheme --- p.66Chapter 8.4.2 --- Digital Signature Standard (DSS) --- p.67Chapter 8.5 --- Cryptanalysis to Current Cryptosystems --- p.68Chapter 8.5.1 --- Differential Cryptanalysis --- p.68Chapter 8.5.2 --- An Attack to RC4 in Netscapel.l --- p.69Chapter 8.5.3 --- "An Timing Attack to Diffie-Hellman, RSA" --- p.71Chapter 9 --- Network Security and Electronic Commerce --- p.73Chapter 9.1 --- Network Security --- p.73Chapter 9.1.1 --- Password --- p.73Chapter 9.1.2 --- Network Firewalls --- p.76Chapter 9.2 --- Implementation for Network Security --- p.79Chapter 9.2.1 --- Kerberos --- p.79Chapter 9.2.2 --- Privacy-Enhanced Mail (PEM) --- p.80Chapter 9.2.3 --- Pretty Good Privacy (PGP) --- p.82Chapter 9.3 --- Internet Commerce --- p.83Chapter 9.3.1 --- Electronic Cash --- p.85Chapter 9.4 --- Internet Browsers --- p.87Chapter 9.4.1 --- Secure NCSA Mosaic --- p.87Chapter 9.4.2 --- Netscape Navigator --- p.89Chapter 9.4.3 --- SunSoft HotJava --- p.91Chapter 10 --- Examples of Electronic Commerce System --- p.94Chapter 10.1 --- CyberCash --- p.95Chapter 10.2 --- DigiCash --- p.97Chapter 10.3 --- The Financial Services Technology Consortium --- p.98Chapter 10.3.1 --- Electronic Check Project --- p.99Chapter 10.3.2 --- Electronic Commerce Project --- p.101Chapter 10.4 --- FirstVirtual --- p.103Chapter 10.5 --- Mondex --- p.104Chapter 10.6 --- NetBill --- p.106Chapter 10.7 --- NetCash --- p.108Chapter 10.8 --- NetCheque --- p.111Chapter 11 --- Conclusion --- p.113Chapter A --- An Essay on Chinese Remainder Theorem and RSA --- p.115Bibliography --- p.11

Microcash: Efficient Off-Line Small Payments

An off-line electronic cash scheme is proposed that is suitable for small payments. The approach is innovative, in that each coin may be efficiently verified by the same or different merchants during payment. The scheme relies on a batch signature technique to efficiently sign and verify individually spent coins; coins may also be deposited in batch manner. The scheme outlined differs considerably from conventional micropayments schemes by servicing a number of cash-like properties, such as off-line processing, detection of double spent coins, and ability to spend at different merchants. Additionally, the scheme eliminates a number of processing overheads that are apparent to some existing micropayment schemes

Aspects of Financial Literacy

Proceedings of the International Scientific and Practical Conference "Aspects of Financial Literacy" are devoted to finding a systemic solution to multidisciplinary problems in the field of modern development, management, administration of various systems, corporate social responsibility, innovation management in various fields of environmental management. For scientists, scientists, students, graduate students, representatives of business and public organizations and higher education institutions and a wide range of readers

Mobile e-commerce: study and model generation, implementation issues and analysis

Not availabl