KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEITTOEGEPASTEWETENSCHAPPEN DEPARTEMENTELEKTROTECHNIEK KasteelparkArenberg10,B-3001Leuven-Heverlee ANALYSIS AND DESIGN OF AN ADVANCED INFRASTRUCTURE FOR SECURE AND ANONYMOUS ELECTRONIC PAYMENT SYSTEMS ON THE INTERNET Promotoren: Proefschriftvoorgedragentot Prof.dr.ir.B.Preneel hetbehalenvanhetdoctoraat Prof.dr.ir.J.Vandewalle indetoegepastewetenschappen door Joris CLAESSENS December2002 KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEITTOEGEPASTEWETENSCHAPPEN DEPARTEMENTELEKTROTECHNIEK KasteelparkArenberg10,B-3001Leuven-Heverlee ANALYSIS AND DESIGN OF AN ADVANCED INFRASTRUCTURE FOR SECURE AND ANONYMOUS ELECTRONIC PAYMENT SYSTEMS ON THE INTERNET Jury: Proefschriftvoorgedragentot Prof.J.Berlamont,voorzitter hetbehalenvanhetdoctoraat Prof.B.Preneel,promotor indetoegepastewetenschappen Prof.J.Vandewalle,promotor door Prof.B.DeDecker Prof.J.-J.Quisquater(UCL) Joris CLAESSENS Prof.C.Mitchell(RHUL) Prof.P.Wambacq U.D.C.681.3*D46 December2002 (cid:176)c Katholieke Universiteit Leuven { Faculteit Toegepaste Wetenschappen Arenbergkasteel, B-3001 Heverlee (Belgium) Alle rechten voorbehouden. Niets uit deze uitgave mag vermenigvuldigd en/of openbaar gemaakt worden door middel van druk, fotocopie, microfllm, elektro- nisch of op welke andere wijze ook zonder voorafgaande schriftelijke toestem- ming van de uitgever. All rights reserved. No part of the publication may be reproduced in any form by print, photoprint, microfllm or any other means without written permission from the publisher. D/2002/7515/53 ISBN 90-5682-382-5 Acknowledgements After a period of 5 years of Ph.D. research work, time has flnally come to say a sincere \thank you" to all the people I have been surrounded with. First of all I want to express my gratitude to Prof. Bart Preneel and Prof. Joos Vandewalle for being the promoters of this thesis. I also want to thank Prof. Bart Preneel for the many valuable research suggestions he provided me withduringthepastyearsandforcarefullyreadingandcorrectingearlierdrafts of this thesis. My thanks further go to Prof. Bart De Decker and Prof. Jean-Jacques Quisquater for proof-reading this thesis, to Prof. Patrick Wambacq and Prof. Chris Mitchell for kindly accepting to be a member of my jury, and to Prof. Jean Berlamont for chairing the jury. Parts of this thesis resulted, directly and indirectly, from the collaboration with many people, and have been published in earlier work. I therefore want to thank all my co-authors (in alphabetical order): Dr. Paul Ashley, Dr. Andrew Clark, Danny De Cock, Valentin Dem, Bart De Win, Claudia D¶‡az, Prof. Jos Dumortier,GaryGaskell,CarolineGoemans,ThomasHerlea,Assoc.Prof.Mark Looi, Robert Maier, Vincent Naessens, Gregory Neven, Prof. Frank Piessens, Agung Prasetijo, Stefaan Seys, Calin Vaduva, and Dr. Mark Vandenwauver. I had the great opportunity to work in other environments during research visits abroad. Therefore I want to send thanks to Prof. Nahid Shahmehri who made it possible for me to work at the IISLAB, Link˜oping University, Sweden, duringSpring1999,andtoProf.EdDawsonforinvitingmetoworkattheISRC, QueenslandUniversityofTechnology,Brisbane,Australia,duringSummer2000. I especially want to thank Gary Gaskell and the Ascough family for their very much appreciated and kind hospitality. I had the real pleasure to assist many students with their Master thesis work. Theirworkandtheirfreshideashavecertainlycontributedtothisthesis. Thanks therefore go to (in alphabetical order): Joachim Baert, Hans Bellen, JosDeWachter,DriesIndesteege,VincentJacobs,DirkJanssens,StefanMader, DaveSingel¶ee,ElsStandaert,GeraldTatschl,RafTot¶e,VincentTouquet,Geert Verbakel, and Tim Verhuizen. InadditiontomyPh.D.work,Iactivelyparticipatedinvariousresearchand consulting projects. The collaboration with people from universities as well as industrycertainlyhadapositivein(cid:176)uenceontheoutcomeofthisthesis. Thanks in particular go to the people I work(ed) with in the scope of MOL, FATIMA, i ii OSABA,APESandPAMPAS,andtothepeopleofUtimacoSafewareBelgium. I want to thank all my current and former COSIC colleagues for the nice and challenging, and exponentially expanding, working environment. P¶ela and Elvira deserve a big thanks for their support with the sometimes complex ad- ministrative matters of university life. From a flnancial point of view, I want to acknowledge the K.U.Leuven and the Institute for the Promotion of Innovation by Science and Technology in Flanders (IWT), for funding my research work. A word of thanks also goes to some old study friends who each may have gone their own way during the last years, but who have always been there for moral support or sporty distraction. Jan, Dirk, Curt, Jo, Jan, and Tony, thank you! I especially want to thank my parents and my sister Hilde. Over the years theyhavecontinuedtosupportandmotivatemeinmystudiesandmydoctoral work. A hearty thanks also goes to my mother-in-law for the moral support during the last years. Last but by no means least, I want to thank my wife Leentje for her love and her enthusiasm, and the joy and happiness she is bringing in our life. Her strong belief in me was a very helpful motivation to complete this thesis work. Joris Claessens December 2002 Abstract Electronic payment systems are of paramount importance in our current dig- ital society. Security and privacy constitute crucial challenges in this area. Electronic money is indeed just digital information that can easily be copied. Moreover, users automatically leave an electronic trail of all their activities in thedigitalworld. Inthisthesisanadvancedinfrastructureforsecureandanony- mous electronic payment systems on the Internet is analyzed and designed. The thesis starts with an overview of the most important existing payment systems on the Internet. The currently most popular payment system makes directuseofthecreditcardinformation. Itthereforesufiersfromseveresecurity problems. There are however conceptually more secure payment systems, but these are not used for various reasons. TheWorldWideWeb(WWW)istheplatformonwhichelectroniccommerce is performed. This thesis analyzes the SSL/TLS protocol which is responsible for securing the communications between a browser and a web server. The pro- tocol is extended with new security functionality. The thesis also demonstrates the weaknesses in the mobile code security model that is supported by current browsers. Anonymouselectronicpaymentsystemsareinvestigated. Anonymityshould here be present both within the payment protocol and at the communications layer. Controlled anonymity provides a balance between the protection of pri- vacy and the security against anonymity misuse. A new system for revocable anonymous access to the Internet is therefore designed in this thesis. Due to the enormous growth of mobile communications, secure mobile pay- ment systems are being developed. This thesis motivates the combined use of the WWW and mobile devices, and identifles difierent usage scenarios. A new GSM-based payment system for the WWW is designed. In addition, a software token is proposed that is resistant against speciflc attacks. Mobile software agents can in the future help users with many otherwise time-consumingactivities. Thisthesispresentshowthecommunicationbetween agentsissecured. Thethesisflnallyinvestigateshowmobileagentscanconduct secure electronic transactions from untrusted hosts on the Internet. iii iv Samenvatting Elektronische betaalsystemen spelen een belangrijke rol in onze huidige digitale samenleving. Beveiliging en privacy vormen hierbij cruciale uitdagingen. Elek- tronisch geld is immers niets anders dan digitale informatie die eenvoudig kan gekopieerd worden. Bovendien laten gebruikers ook automatisch sporen na van al hun activiteiten in de elektronische wereld. In deze thesis wordt een gea- vanceerdeinfrastructuurvoorveilige enanonieme elektronischebetaalsystemen op het Internet geanalyseerd en ontworpen. De thesis start met een overzicht van de belangrijkste huidige elektronische betaalsystemenophetInternet. Hetmomenteelmeestpopulairesysteemmaakt rechtstreeks gebruik van de kredietkaartgegevens en vertoont hierdoor ernstige beveiligingsproblemen. Nochtans bestaan er reeds conceptueel veiligere betaal- systemen, maar deze worden om diverse redenen niet gebruikt. Het World Wide Web (WWW) is het platform waarop elektronische handel wordt gedreven. In deze thesis wordt het SSL/TLS protocol geanalyseerd dat verantwoordelijkisvoordebeveiligingvandecommunicatietusseneenbrowser en een webserver. Dit protocol wordt uitgebreid met nieuwe beveiligingsfunc- tionaliteit. Er wordt verder gedemonstreerd dat het huidige beveiligingsmodel van mobiele code in browsers onvoldoende bescherming biedt. Anonieme elektronische betaalsystemen worden bestudeerd. Anonimiteit moet hierbij aanwezig zijn zowel op het niveau van het betaalprotocol als op het niveau van de communicatie. Gecontroleerde anonimiteit vormt een balans tussendebeschermingvandeprivacyenerzijdsendebeveiligingtegenmisbruik van anonimiteit anderzijds. In deze thesis wordt daarom een nieuw systeem ontworpen voor toegang tot het Internet met herroepbare anonimiteit. Metdeenormegroei vandemobiele telefonie zit deontwikkeling vanveilige mobielebetaalsystemenindelift. Indezethesiswordthetgecombineerdgebruik van het WWW en mobiele apparatuur gemotiveerd en worden verschillende ge- bruiksmodellen ge˜‡dentiflceerd. Een nieuw GSM-gebaseerd betaalsysteem voor het WWW wordt ontworpen. Naast dit systeem wordt ook een software token voorgesteld dat bestand is tegen specifleke aanvallen. Mobielesoftwareagentenkunnenindetoekomstveletijdrovendeactiviteiten vangebruikersovernemen. Indezethesiswordtdecommunicatietussenagenten beveiligd. Tenslotte wordt onderzocht hoe mobiele agenten zelf veilig elektro- nisch kunnen betalen vanop niet-vertrouwde computerplatformen op het Inter- net. v vi
Description: