Advertisement

Authentication and Transaction Security in E-business

  • Lorenz Müller
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 262)

Abstract

E-business is one of the driving factors for the growth of the worldwide economy. But in parallel to the upsurge of the digital trade the cyberspace became also a main attraction for criminals. Today main parts of the Internet are still outside of traditional national legislation and law enforcement. Security is therefore a task that can not be delegated to the government only. Each party in an E-business operation has to care about the threats and the effective countermeasures. This paper introduces in the theme of online security and presents at the end a technical system that helps to defeat many of the actually most dangerous threats to a trusted E-business world.

Keywords

Organize Crime Smart Card Biometric Data Identity Theft Encrypt Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    The Digital Economy Fact Book, 8.ed, The Progress ¬ Freedom Foundation, 2006Google Scholar
  2. 2.
    Europe’s eCommerce Forecast:2006 to 2011, Jaap Favier, Forester Research, 2006Google Scholar
  3. 3.
    Identity theft: A new frontier for hackers and cybercrime, Claudio Cilli, Information Systems Control Journal, 6, 2005 Online fraud costs $2.6 billion this year, B. Sullivan, 2007 MSNBC.com, http://www.msnbc.msn.comGoogle Scholar
  4. 4.
    The Scandinavian bank Nordea equipped with a two-factor authentication system was victim of a malware MITM attack: http://www.nytimes.com/2007/01/25/technology/25hack.html?ex=1327381200&en=58990497ce27b2b2&ei=5088&partner=rss nyt&emc=rss (visible 18.07.2007). A similar attack on the Nederlands ABN Amro bank was also successful: http://www.theregister.co.Uk/2007/04/19/phishing_evades_two-.factor_authentication/(visible 18.07.2007)Google Scholar
  5. 5.
    Access Control Technologies and Market, Forecast 2007, RNCOS online Business research; http:/www-the-infoshop.com (visible 4.11.07)Google Scholar
  6. 6.
    Thursday’s security tip 2/2/06, The Infopro Corp; www.theinfopro.netGoogle Scholar
  7. 7.
    An Introduction to Information, Network and Internet Security, The security practioner; http://security.practionier.com/introduction/infosec_2.htmGoogle Scholar
  8. 8.
    PRIME — Privacy and Identity Management for Europe; https:www.prime-project.eu FIDIS — Future of Identity in the Information Society; http://www.fidis.netGoogle Scholar
  9. 9.
    Hede and Seek: An Introduction to Steganography; N. Provos and P. Honeyman; IEEE Security and Privacy, May/june 2003; http://computer.org/security/Google Scholar
  10. 10.
    Data Scrambling Issues; White Paper; Net 2000 Ltd. http://www.datamasker.com/datascramblingissues.pdfGoogle Scholar
  11. 11.
    Introduction to Public Key Technology and the Federal PKI Infrastructure; NIST pub. SP800-32; 26.2.2001. See also on wikipedia: http://en.wikipedia.org/wiki/Public_key infrastructureGoogle Scholar
  12. 12.
    Melani report, Informationssicherung, Lage in der Schweiz und international, 2007/1; ISB, Schweiz. EidgenossenschaftGoogle Scholar
  13. 13.
    Secrets & Lies; B. Schneier; Wiley Computer Publishing, J. Wiley ¬ Sons, Inc., ISBN 0-471-25311-1Google Scholar
  14. 14.
    Identity Fraud Trends and Patterns; G. Gordon et al.; Center for Identity Management and Information Protection, Utica College-cimip US Dept. of Homeland SecurityGoogle Scholar
  15. 15.
    ID-Theft: Fraudster Techniques for Personal Data collection, the related digital evidence and investigation issues; Th. Tryfonas et al.; Onlinejournal, ISACA, 2006Google Scholar
  16. 16.
    Web server exploit Mpack: http://reviews.cnet.com/4520-35137-6745285-.htmlGoogle Scholar
  17. 17.
    At least 45.7 million credit and debit card numbers were stolen by hackers who accessed the computer systems at the TJX Cos. at its headquarters in Framingham and in the United Kingdom (discounter that operates the T.J. Maxx and Marshalls chains) over a period of several years, making it the biggest breach of personal data ever reported; see also:http://www.boston.com/business/globe/articles/2007/03/29/breach_of_data_at_tjx_is_called_the_biggest_ever/ (visible 8.11.07)Google Scholar
  18. 18.
    Willie Sutton’s law: The law is named after the bank robber Willie Sutton, who supposedly answered a reporter inquiring why he robbed banks by saying “because that’s where the money is“.Google Scholar
  19. 19.
    Organized Crime and Cyber-Crime, P. Williams, CERT Coordination Center, preprint (visible 10.11.07):http://www.crime-research.org/library/Cybercrime.htmGoogle Scholar
  20. 20.
    McAfee North America Criminology Report: Organized Crime and the Internet 2007, McAfee Inc.Google Scholar
  21. 21.
    Phising Activity Trends, monthly report, 5/07; Anti Phishing Working group — APWG: http://www.antphising.orgGoogle Scholar
  22. 22.
    Consumer Fraud and Identity theft, complaint data, FTC-report, Jan 2006, http://www.ftc.govGoogle Scholar
  23. 23.
    Security report online Identity theft, Feb 2006; http://www.btplc.com/ onlineidtheft/onlineidtheft.pdfGoogle Scholar
  24. 24.
    Washington Post Online (visible 10.11.07): http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.htmlGoogle Scholar
  25. 25.
    Private communication, Security officer of a international bank (source remains confidential)Google Scholar
  26. 26.
    Secure Internet Banking Authentication, A. Hiltgen, Th. Kramp, Th. Weigold; IEEE Security & Privacy, March/April 2006Google Scholar
  27. 27.
    Trusted Computing Group; http://www.trustedcomputinggroup.org/homeGoogle Scholar
  28. 28.
    AXSionics homepage: http://www.axsionics.chGoogle Scholar
  29. 29.
    MySpace Passwords aren’t so dumb, Bruce Schneier, in Wired, 14.12.06 http://www.wired.com/politics/security/commentary/securitymatters/2006/12/72300Google Scholar
  30. 30.
    Biometrics in identity management, FIDIS EU-NoE FP6; D3.10; (to be published), http://www.fidis.netGoogle Scholar
  31. 31.
    Information Security is falling short, it is time to change the game; A. Coviello, Keynote speech at the RSA Conference Europe 2007, LondonGoogle Scholar
  32. 32.
    The smart and secure world in 2020, J. Seneca, Eurosmart Conference, 2007Google Scholar
  33. 33.
    Establishing a uniform identity credential on a national scale; Bearing Point White Paper and Protecting future large polymorphic networked infrastructure; D. Purdy, US solution for a national governmental electronic ID-Card; presented at the World e-ID conference in Sophia Antipolis, Sep. 2007Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Lorenz Müller
    • 1
  1. 1.Hochschule für Technik und InformatikAXSionics AGBielGermany

Personalised recommendations