Transparent safe settlement protocol and I-ticket booth user verification mechanism for electronic commerce

Sai, Ying

09 May 2011

Not available / text

Electronic commerce--Security measures

An audit approach of the information systems auditor in an electronic commerce environment with emphasis on internet payment security

Bezuidenhout, Pieter Stefan

22 August 2005

Electronic Commerce (EC) is a growing business option and due to the “openness” of the underlying technologies used for EC, introduces new risks and new technologies that require sophisticated and sometimes very technical controls to be implemented. The role of the IS auditors is to ensure that they are technically competent to understand the impact of new technologies on the control environment and at the same time IS auditors need to be able to communicate the audit results to non-technical management. In this study the following framework, supported by detailed information and procedures for each step, is provided to assist the IS auditor to formulate an appropriate audit approach for an EC payment security audit: <ul> <li>-- Gathering of background information related to EC payment security.</li> <li>-- Highlighting the risks in this environment.</li> <li>-- Identifying possible controls that will minimise the risks.</li> <li>-- Attending to various audit considerations that should be addressed by the IS auditor (these considerations are based on the underlying technologies, general controls, and ED-specific issues e.g., PKI, digital certificates, etc.</li> </ul> The study highlighted the fact that the IS auditors should understand that they can not be experts in all the different technologies related to EC payment security. They should, however, equip themselves with the knowledge to understand the risks involved with new technologies and they should have a sufficiently in depth background exposure to technology to understand the controls required to address the risks. Results of previous audit procedures also play a significant role in shaping the IS auditor’s approach when auditing in an EC payment security environment. This thesis provides the IS auditor with a holistic approach to an EC payment security audit. After considering and implementing the elements of the framework developed in this study in an EC payment security audit, the IS auditor has to perform the actual audit tests, evaluate the results, and report the finding. Detailed audit considerations have also been provided to assist the IS auditor in collecting information and in developing an audit program. Copyright 2002, University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. Please cite as follows: Bezuidenhout, PS 2002, An audit approach of the information systems auditor in an electronic commerce environment with emphasis on internet payment security, MCom dissertation, University of Pretoria, Pretoria, viewed yymmdd < http://upetd.up.ac.za/thesis/available/etd-08222005-120314/ > / Dissertation (MCom (Computer Auditing))--University of Pretoria, 2006. / Auditing / unrestricted

Electronic commerce security measures

Electronic commerce auditing

UCTD

Combining multiple Iris matchers using advanced fusion techniques to enhance Iris matching performance

Nelufule, Nthatheni Norman

17 September 2014

M.Phil. (Electrical And Electronic Engineering) / The enormous increase in technology advancement and the need to secure information e ectively has led to the development and implementation of iris image acquisition technologies for automated iris recognition systems. The iris biometric is gaining popularity and is becoming a reliable and a robust modality for future biometric security. Its wide application can be extended to biometric security areas such as national ID cards, banking systems such as ATM, e-commerce, biometric passports but not applicable in forensic investigations. Iris recognition has gained valuable attention in biometric research due to the uniqueness of its textures and its high recognition rates when employed on high biometric security areas. Identity veri cation for individuals becomes a challenging task when it has to be automated with a high accuracy and robustness against spoo ng attacks and repudiation. Current recognition systems are highly a ected by noise as a result of segmentation failure, and this noise factors increase the biometric error rates such as; the FAR and the FRR. This dissertation reports an investigation of score level fusion methods which can be used to enhance iris matching performance. The fusion methods implemented in this project includes, simple sum rule, weighted sum rule fusion, minimum score and an adaptive weighted sum rule. The proposed approach uses an adaptive fusion which maps feature quality scores with the matcher. The fused scores were generated from four various iris matchers namely; the NHD matcher, the WED matcher, the WHD matcher and the POC matcher. To ensure homogeneity of matching scores before fusion, raw scores were normalized using the tanh-estimators method, because it is e cient and robust against outliers. The results were tested against two publicly available databases; namely, CASIA and UBIRIS using two statistical and biometric system measurements namely the AUC and the EER. The results of these two measures gives the AUC = 99:36% for CASIA left images, the AUC = 99:18% for CASIA right images, the AUC = 99:59% for UBIRIS database and the Equal Error Rate (EER) of 0.041 for CASIA left images, the EER = 0:087 for CASIA right images and with the EER = 0:038 for UBIRIS images.

Biometric identification

Electronic commerce - Security measures

Security systems

The impact of IT security psychological climate on salient user beliefs toward IT security: an empirical study

Unknown Date

There is a growing need to better understand what influences user behavior for developing comprehensive IT security systems. This study integrates two prominent bodies of research, the theory of planned behavior used to frame the factors influencing user behavior and individual level climate perceptions used to frame organizational environment influences, to develop a multidimensional IT security user behavior model. The model is then used as the basis for a survey based research to empirically test the hypotheses whether the perceived IT security climate of an organization significantly influences the users beliefs regarding the use of IT security. The intent of the study is to extend the theory of planned behavior and IT security literature by investigating salient IT security beliefs and environmental influences on those beliefs. First, anti-spyware was identified as an appropriate target IT security artifact, and then incorporated into a multi-phased research approach. Second, a semi-structured interview process was used to elicit salient beliefs regarding use of the IT security artifact. Third, IT security psychological climate was conceptualized based on the extant literature on organizational climate, safety climate and IT security in order to examine the organizational environment influences on these beliefs. Finally, a survey was used to collect data to validate the constructs and test the hypothesized relationships. / The study found that there was a significant positive relationship between IT security psychological climate and 1) the belief that anti-spyware will protect organizational interests such as privacy and data, 2) the belief that anti-spyware will prevent disruptions to work, 3) the belief that the approval of anti-spyware use by the technical support group is important, 4) the belief that monetary resources are needed to enable the use of anti-spyware, and 5) the belief that time is a facilitating condition for the use of anti-spyware. A discussion of the findings and their implications for theory and practice is provided. / by Janis A. Warner. / Thesis (Ph.D.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web.

Security (Psychology)

Electronic commerce--Security measures

Web sites--Design

Consumer behavior--Mathematical models

Organizational effectiveness

Mutual authentication in electronic commerce transactions.

Kisimov, Martin Valentinov

02 June 2008

Electronic commerce is a large and ever growing industry. Online transactions are returning ever-growing revenues to electronic merchants. The e-commerce industry is still facing a range of problems concerning the process of completion of online transactions. Such problems are connected to consumer fears dealing with the identity of online merchants, their security pre- cautions and methods for accepting online payments. This thesis develops and presents a Mutual Authentication Model (MAM), which addresses the problem of mutual authentication between online shoppers and merchants. The model combines existing technologies in the eld of cryp- tography, as well as the use of digital signatures and certi cates. This is done in a speci c manner as for the model to achieve mutual authentication between communicating parties, in an online transactions. The Mutual Authentication Model provides a process through which an online shopper can be quickly and transparently equipped with a digital identi cation, in the form of a digital certi cate of high trust, in order for this shopper to participate in an authen- ticated transaction within the MAM. A few of the advantages of the developed model include the prospect of decreased online credit fraud, as well as an increased rate of completed online transactions. / Prof. S.H. von Solms

Data Encryption (computer science)

computer network security

computer access control

electronic commerce security

Authentication techniques for secure Internet commerce

Ndaba, Sipho Lawrence

23 August 2012

M.Sc.(Computer Science) / The aim of this dissertation (referred to as thesis in the rest of the document) is to present authentication techniques that can be used to provide secure Internet commerce. The thesis presents techniques that can be used to authenticate human users at logon, as well as techniques that are used to authenticate user's PC and the host system during communication. In so doing, the thesis presents cryptography as the most popular approach to provide information security. Chapter 1 introduces the authentication problem, the purpose and the structure of the thesis. The inadequate security of the Internet prevents companies and users to conduct commerce over the Internet. Authentication is one of the means of providing secure Internet commerce. - Chapter 2 provides an overview of the Internet by presenting the Internet history, Internet infrastructure and the current services that are available on the Internet. The chapter defines Internet commerce and presents some of the barriers to the Internet commerce. Chapter 3 provides an overview of network and internetwork security model. The purpose of this chapter is to put authentication into perspective, in relation to the overall security model. Security attacks, security services and security mechanisms are defined in this chapter. The IBM Security Architecture is also presented. Chapter 4 presents cryptography as the popular approach to information security. The conventional encryption and public-key encryption techniques are used to provide some of the security services described in chapter 3. Chapter 5 presents various schemes that can be used to provide computer-to-computer authentication. These schemes are grouped into the following authentication functions: message encryption, cryptographic checksums, hash functions and digital signatures. Chapter 6 differentiates between one-way authentication schemes and mutual authentication schemes. The applicability of each approach depends on the communicating parties. Chapter 7 presents some of the popular and widely used open-systems technologies Internet protocols, which employ some of the schemes discussed in chapter 5 and chapter 6. These include the SSL, PCT, SHTTP, Kerberos, SESAME and SET. Chapter 8 discusses some of the enabling technologies that are used to provide human user authentication in a computer system. The password technology, the biometric technologies and the smart card technology are discussed. The considerations of selecting a specific technology are also discussed. Chapter 9 presents some of the techniques that can be used to authentication Internet users (human users) over the Internet. The techniques discussed are passwords, knowledge-based technique, voice recognition, smart cards, cellular based technique, and the technique that integrates Internet banking. Chapter 10 defines criteria on which the Internet user authentication techniques presented in chapter 9 can be measured against. The evaluation of each of the techniques is made against the specified criteria. In fact, this chapter concludes the thesis. Chapter 11 provides case studies on two of the techniques evaluated in chapter 10. Specifically, the insurance case study and the medical aid case studies are presented.

Electronic commerce -- Security measures

Internet -- Security measures

Computers -- Access control -- Passwords

An incremental approach to a secure e-commerce environment

Mapeka, Kgabo Elizabeth

07 October 2014

M.Sc. (Computer Science) / The terms "Electronic Commerce" and "Internet Commerce" are often used interchangeably to mean similar processes. By definition, electronic commerce (e-commerce) means any exchange of information that occurs electronically. There are various types of electronic commerce transactions to name a few; electronic data interchange (EDI), fax, electronic funds transfer, interorganisational systems, technical data and document exchange, customer credit approval systems, interaction with customers and vendors, etc ([151, p. 27). The term internet commerce evolved with the era of the Internet. It became evident that both business and consumers are gradually conducting business via the Internet. For the purpose of this dissertation the term e-commerce will be used to refer to both electronic commerce and Internet commerce. The aim of this dissertation is to give guidance to organisations or individuals wishing to build a secure electronic commerce environment. This will be achieved by presenting an incremental phase by phase reference model. The model gives guidance on how to establish a network (local area network) with the intention to expand it through various phases to a complete, secure electronic commerce environment in the future. The dissertation will be discussed in the ten chapters outlined below. These chapters are discussed in detail in chapter 1. Chapter 1 sets out the problem addressed in this dissertation, the main objective of the dissertation and its structure. Chapter 2 introduces the framework of the reference model. It presents the different phases of the e-commerce reference model. Chapters 3 to 8 outline the phases of the e-commerce reference model in detail.

Electronic commerce - Security measures

Information networks - Planning

Information networks - Security measures

A real time, system independent, secure, Internet based auctioning system.

Brown, Cuan.

January 2000

This thesis outlines the creation of a secure, real time, system independent, Internet based auctioning application. The system has been developed to meet the needs of today's stringent reqUirements on secure Internet based applications. To attain this goal, the latest cryptographic algorithms and development platforms have been used. The result is a JAVA based server and client auctioning application. The client application is designed to run In any common web browser, and the server to execute on any JAVA enabled operating system with a web server and Internet connection. The real time system uses a relatively secure hybrid cryptosystem for communication. This involves the use of RSA for secure key exchange, and RC6 and MARS for secure communication. / Thesis (M.Sc.)-University of Natal,Durban, 2000.

Internet auctions.

Electronic commerce--Security measures.

Internet--Security measures.

Cryptography.

Java (Computer program language)

Theses--Computer science.

Validity and accuracy issues in electronic commerce with specific reference to VPN's

13 August 2012

M.Comm. / Business have traditionally relied on private leased lines to link remote office together so that distant workers could share information over a Wide Area Network (WAN). However, while providing a high degree of privacy, leased lines are expensive to set up and maintain. The Internet is fast becoming a requirement for supporting business operations in the global economy. The major concern in using a public network, like the Internet, for data exchange is the lack of security. The Internet was designed to be an "open" network, accessible to anyone with low or none security consideration. Virtual Private Networks (VPN) using Point-to-Point Tunneling Protocol (PPTP) has emerged as a relatively inexpensive way to solve this problem. The primary objective of this dissertation is to evaluate validity and accuracy issues in electronic commerce using VPN as a secure medium for data communication and transport over the Internet. The inherent control features of PPTP were mapped to data communication control objectives and the control models show how these address validity, completeness and accuracy. After analysing and evaluating the inherent control features of PPTP, the overall result is that: PPTP enables a valid communication link to be established with restricted access (validity); the PPTP communication link remains private for the full time of the connection (validity); data can be sent accurately and completely over the PPTP connection and remains accurate during transmission (accuracy); and all data sent is completely received by the receiver (accuracy). By deploying a Point-to-Point Tunneling Protocol for virtual private networking, management can mitigate the risk of transmitting private company and business data over the Internet. The PPTP analysis and evaluation models developed intend to give the auditor a control framework to apply in practice. If the auditor needs to perform a data communication review and finds that a virtual private network has been established using PPTP, the control models can assist in providing knowledge and audit evidence regarding validity and accuracy issues. The auditor should however, not review PPTP in isolation. Validity and accuracy control features inherent to TCP/IP and PPP should also be considered as well as controls on higher levels, e.g. built-in application controls.

Electronic commerce-Security measures.

Extranets (Computer networks)

Electronic commerce-Auditing.

Virtual Private Networks

Point-to-Point Tunneling Protocol

Mobile user authentication system (MUAS) for e-commerce applications

Molla, Rania A.

January 2017

The rapid growth of e-commerce has many associated security concerns. Thus, several studies to develop secure online authentication systems have emerged. Most studies begin with the premise that the intermediate network is the primary point of compromise. In this thesis, we assume that the point of compromise lies within the end-host or browser; this security threat is called the man-in-the-browser (MITB) attack. MITB attacks can bypass security measures of public key infrastructures (PKI), as well as encryption mechanisms for secure socket layers and transport layer security (SSL/TLS) protocol. This thesis focuses on developing a system that can circumvent MITB attacks using a two-phase secure-user authentication system, with phases that include challenge and response generation. The proposed system represents the first step in conducting an online business transaction. The proposed authentication system design contributes to protect the confidentiality of the initiating client by requesting minimal and non-confidential information to bypass the MITB attack and transition the authentication mechanism from the infected browser to a mobile-based system via a challenge/response mechanism. The challenge and response generation process depends on validating the submitted information and ensuring the mobile phone legitimacy. Both phases within the MUAS context mitigate the denial-of-service (DOS) attack via registration information, which includes the client's mobile number and the International Mobile Equipment Identity (IMEI) of the client's mobile phone. This novel authentication scheme circumvents the MITB attack by utilising the legitimate client's personal mobile phone as a detached platform to generate the challenge response and conduct business transactions. Although the MITB attacker may have taken over the challenge generation phase by failing to satisfy the required security properties, the response generation phase generates a secure response from the registered legitimate mobile phone by employing security attributes from both phases. Thus, the detached challenge- and response generation phases are logically linked.

005