Researchonsecurityofe-paymentine-commerce.doc

精品論文research on security of e-payment in e-commerceguoxu deng, zhiqian wangbeijing university of posts & telecommunications network information center(100876)e-mail: abstractelectronic payment is a critical technology to ensure the normal running of electronic commerce. e- payment can work on internet, mobile phone and pstn. they achieve security mainly through ssland set. however, the detailed implementations are different. this paper researches the secure schemes of them and seeks a proper way to ensure the security of e-payment on pstn network on which there is not even an operative method.key words: payment pstn ssl set key encryption1. introductionelectronic payment is a critical technology to ensure the normal running of electronic commerce. electronic payment means charging through e-cash, credit card, debit card and so on. different forms of money lead to different payments. this paper mainly discusses paying by bank card. generally speaking, client, merchant and bank are the three key parts in a payment scheme. during a transaction, client pays to merchant for products or services and merchant can get the payment from bank while the bank transfers money to merchants account from clients account.the process of paying with bank card can be described as follows:a, client sends the credit card information to merchant in a safe way before actual products, services and money transmission.b, merchant verifies the clients identification.c, merchant sends the money amount and signature to bank or credit card on-line processor. d, bank or processor sends the information to clients issuer bank for authorization.e, clients issuer bank returns the credit card data, payment confirmation and authorization. f, payment finishes.security, validity and convenience are greatly concerned about in a payment system. a secure payment system should include the following functions:a, certificate all sides.b, keep transaction details secret.c, make sure the integrity of transaction.d, non-deny of transaction when dispute occurs. 1in this paper, we mainly discuss the system security from the above aspects. nowadays e- commerce is not only used on internet, but also on mobile phone and telephone. methods to protect payment security are different in different payment scenarios. secure payment on internet is deep researched for it is the most popular way and therefore some mature protocols have been created. architecture of mobile payment is something like the internet payment system although it has some distinguishing features. this kind of payment has also been in use for several years abroad. comparatively speaking, telephone payment is a relatively new scheme and there is noteven an operative way to secure it. it is meaningful to find an efficient solution to it. cryptography method is the main technology to achieve security in payment systems. this paper will discuss the features of these payment systems and the corresponding schemes and try to seek an operativeway to secure payment on pstn from cryptography perspective.- 9 -2. payments on internet2.1 system overviewon internet, the e-payment model is shown in figure1:figure 1. e-payment system on internetbanks, merchants and clients are connected together by internet. internet is an open network and there are millions of computers on it. a word says on internet no body knows whether you are a dog. meanwhile, a great number of people stay waiting for chances to launch evil attacks. whats worse, it is difficult to track down those invaders when damage occurs. therefore, it seems more important to keep sensitive information secret and authenticate entities identity over internet. there are two main protocols based on which to ensure the security, ssl(secure socket layer) protocol and set(secure electronic transaction) protocol.2.2 sslssl protocol is firstly developed by netscape and widely used for authentication and securedata transmission between web server and client browser. ssl protocol works on the session layer of osi reference model. it includes two protocols. the first is handshake protocol, which is to authenticate the identification of client and server and choose a proper encryption algorithm and session key. the second is record protocol, which is to transmit secure information encrypted with the negotiated algorithm and key. the whole process can be described in figure 2:figure 2. ssl processstep1, this message contains the clients version of ssl, a random number used later in key derivation, as well as a collection of cipher suite offers. the offers are identifiers that specify the ciphers and hashing algorithms the client is willing to use.step2, when establishing the initial connection, the server chooses an offer it is willing to use, and communicates that offer back to the client along with its certificate and a random value of its own. step3, the client then verifies the server using the certificate and extracts the servers public key. using the public key, the client encrypts the pre-master secret, a random value that will be used to generate the symmetric keys independently, and sends the encrypted message to the server, which decrypts the message using its private key.step4, once the server receives the pre-master secret from the client, both the server and the client generate the same symmetric keys using the pre-master secret and the random numbers exchanged above using the tls pseudo-random function (prf), which expands a secret and some data into a block of arbitrary length. this way, only the small pre-master secret is encrypted using public-key cryptography, limiting the impact of the expensive operation on performance.step5, as soon as the keys are generated, the client and server exchange change cipher spec messages to indicate that they each now have symmetric keys and all further communications will be conducted using the symmetric algorithm chosen in the initial stages of the handshake. 2we can easily get that ssl is an end-to-end protocol. it can protect messages from eavesdropping and active attacks, providing efficient authentication and secure information transmission between two communicating parties. however, there are still some defects. for example, it has no signature function and cant provide non-deny service. whats the most important, for an e-payment system, messages often need to be transmitted among multi-partiesbut ssl cant coordinate information transmission and trust-ship of them. in addition, during an e- commerce transaction, clients purchase information would be sent to merchant firstly and then be transmitted to bank by merchant in ssl. it provides more benefits to merchant rather than clients and is unfair to clients.32.3 setin order to make up for the defeats of ssl, visa and mastercard developed set protocol to secure payment based on credit card on internet. set has successfully solved the problems such as transaction protocol, secret, integrity and authentication.set can be regarded as an application of pki, which also uses encryption technology to achieve secret, integrity, authentication, non-deny and authorization. ca plays an important role in the whole work process. every party has their own digital certificate and can get others public key. by using it all the attending parties prove their own identity and verify others identity.sensitive information is kept secure through digital envelope in set, a combination of public key and secret key. set mainly use rsa as the asymmetric encryption algorithm and des as symmetric encryption algorithm. when a message is to be sent, it is firstly encrypted by a des key, with the des key encrypted by communicating sides rsa public key. then the encrypted message and key are all sent to the other side. when the other side receives message, it firstly decrypt the des key by his private key, then get the raw message by des decryption.digital signature is used for integrity and origin-authentication. digital signature gets message digest by rsa algorithm. when a message is to be sent, a hash is firstly applied to it. then the hash result is encrypted using the senders private key and later sent following the formal data. when receiver receives these messages, he would firstly decrypt the last part with senders public key and deal with the raw message by hash function. at last he would compare the two results. if they are equal, it proves the expected message. else there must be something wrong. for only the sender can perform encryption by his private key, this method can protect from denying while hash can verify whether information is integrate.in a secure transaction, order information (oi) and payment instruction (pi) are opposing, which means merchant can only get oi while bank can only get pi. in set there is a key techniquecalled dual signatures which is to provide such function. a dual signature combines two digest which are firstly deduced from the two messages and then signed by users private key. every messages receiver gets the message he can identify. through this way, message can only be got by the proper receiver while non-deny is ensured3.2.4 analysisevidently, asymmetric encryption algorithm plays a key role in both ssl and set. they both distribute session key and realize non-deny through asymmetric encryption algorithm. however, set can provide higher and more overall security solutions than ssl its process is much more complicated accordingly. a single set process will take signature 6 times, pass certificate 7 times, sign 5 times, des encryption 4 times and rsa encryption 4 times, costing 1.5 min-2 min or even longer every time. it is known that asymmetric encryption is much less efficient than symmetric encryption. therefore set costs much more than ssl. in application a balance should beachieved between security and efficiency for a certain transaction.as ssl is mainly for end-to-end security, it should be more appropriate for end-to-end system while set is more appropriate in system of multi-parties. whats more, ssl and set work on different layers. we can apply them smartly in different systems of different enquiries.3. mobile payment3.1 the system of mobile paymentmobile payment is somehow like payment system on internet for all parties in this system are connected into internet. the client connects to the merchant through the access point to perform an e-commerce transaction. the merchant and payment gateway communicate to each other over the wired network. the work model is shown in figure 3:figure 3. mobile payment modelhowever, the fatal differences between internet payment and mobile payment determine they have to adopt different security schemes. the most important difference is processing ability of computers and smart phones. it is known that smart phones processing ability is much lower than computers. while computers on internet can calculate rsa encryption easily it runs in smart phone very slow. although smart phone can perform symmetrical encryption such as des easily, the number of secret key stored is limited for its poor storage and its poor processing ability also make it difficult to generate keys instantaneously. in addition, while fixed wired networks provide computer a stable network, the wireless networks can hardly supply such running environment. therefore, a successful payment scheme on smart phone should consider all the above requirements. luckily, mobile payment has a merit that it can identify entity easily, as a result, it does not need to pay much to realize identity authentication. until now the most popular method for mobile payment is ksl protocol.3.2 ksl protocol4ksl protocol is a mobile credit card payment protocol based on account put up with in 2004. it has been implemented and shown to achieve the same transaction security properties offered by set and ikp protocols using light weight cryptographic operations.in the ksl architecture, the client sends the value subtraction request to the payment gateway through the merchant instead of sending it directly to minimize the number of connections needed. this can help to conserve the resources needed to set up a connection with the payment gateway. the ksl protocol is divided into two phases, the merchant registration protocol (mrp) phase and payment protocol (pp) phase.during mrp protocol, the client has to register with the merchant and send the merchant the maser key x. it can be described as below, (c stands for client, m stands for merchant while pg stands for payment gateway),1) c m: clientid, x, nk2) m c: nkk is a temporary key shared between client and merchant, distributed through asymmetric encryption.during pp phase, the purchase takes place by generating a session key from the master key y, which was distributed between the client and the issuer when the client first registered with the issuer. session key is generated from the corresponding master key using hash and cyclic-shifting techniques, which is a creature of ksl protocol. for example, the set of xi, where i = 1, , n, session key shared between client and merchant, can be generated as follows:x1 = h(1-bit-shift-of-x), , xn = h(n-bit-shift-of-x).the set of yi, where i = 1, , n, session key shared between client and payment gateway, can be generated as follows:y1 = h(1-bit-shift-of-y), , yn = h(n-bit-shift-of-y).by using this way, confidentiality, authentication and non-repudiation can be achieved. meanwhile, it can reduce the frequency of key update processes and lead to high performance.then all the transaction data between client and merchant would be encrypted with session key xi and transaction data between client and payment gateway would be encrypted with session key yi. the process can be described as below:1) c m: initialrequestm c: initialresponsexi2) c m: prequest, h(vrrquest, yi)xi3) m pg: vcrequest, h(vsrequest, yi)pub-pgpri-m4) pg m: vsresponseyi, vcresponsepub-mpri-pg5) m c: vsresponseyixi+1pri-m means merchants private key while pub-m means its public key. and pri-pg means payment gateways private key while pub-pg means payment gateways public key. this protocol takes advantage of system features and then makes up corresponding schemes. the dynamic session key scheme improves the system security.3.3 smart phone payment system (spps)5in spite of the high performance of ksl protocol, new security enhancement techniques are put up with to improve it. the smart phone payment is one. for a smart card can be charged and used without revealing the clients information it is believed that using it for making the internet payment is more secure. the proposed system is similar to the ksl protocol architecture. client conducts payment authentication through pin to allow mobile users to make a payment over wlan or gprs. merchant will forward encapsulated packets from client to payment gateway after reassemble it then encrypt it and finally sign it. payment gateway manages all incoming packets and verifies the legalization of the payment. client and merchant will shared a master key x and a set of session keys xi, i = 1, , n. and client and payment gateway will share a masterkey y and a set of session keys yi, i = 1, , n.this payment system is different from other payment system in that it employs limited-used key generation technique rather than cyclic shifting technique. moreover, when client registers with merchant, there are some differences. when client makes transactions with merchant, it firstly checks whether it has been previously registered with merchant. if not, it sends a registration request to merchant asking for its certificate to be delivered back to client. after that, it will generate a random temporary key, which is encrypted and sent to merchant. once the clientreceives the ok response, it will generate a master key x and a random number n, then encrypts them with the temporary key; and sent them to merchant. subsequently, merchant will decrypt x and n using the temporary key to obtain the master key x and n.4. payments on pstn network4.1 payment system on pstn network6payment system on pstn network seems totally different from the above two systems. its model is shown in figure 4:figure 4. payment system on pstnin this system the main payment tool is a terminal like a phone. it has the same shortcoming as smart phone, very low processing ability and limited storage. moreover, telephone terminals are connected to servers in telecom by pstn network and can not access internet. therefore it can not connect to various service providers directly. thats to say, when a terminal wants to get service from other service providers its request must be sent via server in telecom.however, this kind of payment is the closest way to ordinary people. telephone is much more popular than computer especially in china and pstn network covers a much wider range than internet. payment on pstn network can provide much more convenience and is even praised a convenient-people project in some provinces and cities. meanwhile, as for every terminal there isa certain phone number and pstn network is considered the most secure network, natural security of this system is highly appreciated by experts and its application is said to have a bright future.4.2 current situationalthough payment on pstn network can be widely accepted and is in a rapidly developing period, there are still seldom schemes to protect its security. until now, the most popular scheme is new jiajia epos electronic payment scheme, which is adopted by china bank union.the system can be divided into three parts, one is c