Post on 15-Jan-2016
transcript
Securing Transactions: Protocols and Politics
Securing Transactions: Protocols and Politics
D. Crocker Brandenberg ConsultingBrandenberg Consulting
+1 408 246 8253+1 408 246 8253dcrocker@brandenburg.comdcrocker@brandenburg.com
D. Crocker Brandenberg ConsultingBrandenberg Consulting
+1 408 246 8253+1 408 246 8253dcrocker@brandenburg.comdcrocker@brandenburg.com
bbbbbb
bb
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bb Brandenburg ConsultingBrandenburg Consulting Product & service / planning & design Technical
Large-scale systems Internet & interoperability Operations Security Protocols (email, transport, commerce)
Internet development since 1972 Chair, Silicon Valley - Public Access Link
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbSecure transactionsSecure transactions
Doing business on the Internet Object- vs. Transport- security Payment protocols Standards work
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbInternet for commerce?Internet for commerce?
Strong pressures emerging Businesses now online Reduced access costs Global “reach”
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbA global InternetA global Internet
Scaling A chicken in every pot!
Security Military vs. commercial vs. personal
Management Interconnection interoperability Sometimes always
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbStyles of useStyles of use
Receiver pull Interactive sessions Individual, foreground refinement
Sender push Messaging Bulk, background distribution
(Mark Smith, Intel)(Mark Smith, Intel)
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbTo be on the InternetTo be on the Internet
FullFull (core)(core) Permanent, visible,
native
DirectDirect (consumer)(consumer) Native
ClientClient User runs Internet
applications
MediatedMediated Provider runs
applications for user
MessagingMessaging Surprisingly useful
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbWhat is business?What is business?
R&D Search, browse Test Coordinate
Support Discuss Info push
Marketing Targeted info push Survey
Sales Negotiate Order, bill, payOrder, bill, pay Deliver
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bb Where to put functions?Where to put functions? Core vs. edges
Place it in the core• Can’t be used until all of the
pieces between users adopt it Place it at the edges
• Useful as soon as adopted by two, consenting hosts
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bb Where to put security...Where to put security...
My objectMy objectMy objectMy objectObjectObject TransportTransport
SecureSecure
My objectMy objectMy objectMy object
FTPFTPEMailEMail
Web Web
SecureSecure
My objectMy objectMy objectMy objectSecureSecure
My objectMy objectMy objectMy object
EMailEMail
My objectMy objectMy objectMy objectMy objectMy objectMy objectMy object
Web Security
Web ServerWeb ServerWeb ServerWeb Server
Web ServerWeb ServerWeb ServerWeb Server
MTAMTAMTAMTA
MTAMTAMTAMTA
EMail Security
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbTransport security Transport security
IPSEC IP-level labelingKerberos (MIT) Third-party serviceS-KEY (Bellcore) Pairwise loginS-HTTP (EIT) Negotiate specifical
object wrapper securitySSL (Netscape) Client-server transport
linkSTT (Microsoft) (TBD)
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbObject security Object security
MOSS (was: PEM) MIME Object Security Service - IETF RSA + DES Global, formal key certification hierarchy
PGP Pretty Good Privacy - Phil Zimmerman RSA + IDEA Informal, personal, direct certification
S/MIME Secure MIME - RSA & Consortium
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbBasic algorithmsBasic algorithms
MsgMsgMsgMsg MsgMsgMsgMsg
MsgMsgMsgMsg
MsgHashMsgHash++ ++ ŸŸ++KeyKeyPRIV-ORIGPRIV-ORIGKeyKeyPRIV-ORIGPRIV-ORIG
DigitalDigitalSignatuSignaturere
DigitalDigitalSignatuSignaturere
++KeyKeyDATADATA++KeyKeyDATADATAŸŸEncryptEncryptDataDataEncryptEncryptDataData
MsgHashMsgHash
+ + KeyKeyDATADATA+ + KeyKeyDATADATA+ KeyKeyPUB-RECIPPUB-RECIP KeyKeyPUB-RECIPPUB-RECIP
Integrity Authentication (sign)
Privacy (seal)
ŸŸŸŸEncryptEncryptKeyKeyEncryptEncryptKeyKey
When do you need each? ...not always!When do you need each? ...not always!
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbEDI over InternetEDI over Internet
Multiple EDI transports already
Internet is one more
EDI/MIME, proposed standard Regular EDI objects, encapsulated in
MIME Use MIME-based security
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbPayment system model Payment system model
BuyerBuyer
MerchantMerchant
Issuing Bank
Acquiring Bank
ClearingHouse
16+416+4
(M. Rose, FV ) (M. Rose, FV )
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbPayment system issues Payment system issues
Transaction category “card not present” For all bankcard approaches for Internet
Issues Knowing buyer/merchant authorized Avoiding third-party interception Interchange, assessment, fees Retrievals, chargebacks, etc.
• Risk managementRisk management
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbPayment system efforts Payment system efforts
Commercenet www.commerce.net
First Virtual Holdings www.fv.com
CyberCash www.cybercash.com
Open Market www.openmarket.com
NetMarket www.netmarket.com
Netscape www.netscape.com
DigiCash www.digicash.com
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbScheme “Clear”Scheme “Clear”
ClearingClearingHouseHouse
BuyerBuyer
MerchantMerchant
16+416+4in the clear!in the clear!
16+416+4in the clear!in the clear!
Just trust the net...Easy to capture Easy to capture and replay.and replay.
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbScheme “ID”Scheme “ID”
ClearingClearingHouseHouse
BuyerBuyer
MerchantMerchant
16+416+4
IDID
ID ID
16+416+4
StillStill trust the net, untilthe next statement...Easy to capture and replay. Easy to capture and replay.
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbScheme “ID confirm”Scheme “ID confirm”
ClearingClearingHouseHouse
BuyerBuyer
16+416+4
ID ID ID ID
ConfirmConfirm
ID ID MerchantMerchant
Each transactionconfirmed.Requires mildlyRequires mildlysafe user account.safe user account.
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbScheme “Secure link”Scheme “Secure link”
ClearingClearingHouseHouse
BuyerBuyer
MerchantMerchant
Encrypted Encrypted 16+416+4
16+416+4
Same a telephone, but encrypt over Internet.Merchant gets Merchant gets number. number. Is merchant safe??Is merchant safe??
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbScheme “Mediated”Scheme “Mediated”
ClearingClearingHouseHouse
BuyerBuyer
MerchantMerchant
Encrypted Encrypted 16+416+4
Encrypted Encrypted 16+416+4
Only banks sees datain clear.Limited points of Limited points of attack.attack.
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbThe standards debateThe standards debate
Open
IP labelingSession SecurityS-HTTP (sort of)
MOSS
Proprietary
SSLSTT
PGP (sort of)S/MIME
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bb Freezing out competitionFreezing out competition
Non-interoperability Do it because it’s minemine! Customer lock-in through
proprietary extensions
Half-hearted integration Specialized protocols for each and
every need
© 1995 D. Crocker, Brandenburg Consulting
bbbbbb
bbIs there hope?Is there hope?
Vendor initiatives Market lead
Folded into public standards Open access Open enhancement
It all depends on market demand.It all depends on market demand.YouYou are the market; start demanding! are the market; start demanding!