next up previous
Next: 3.5 What a Smart Up: 3.4 Transaction Security Previous: 3.4.1 What are Kerberos,

3.4.2 How can these protocols contribute to transaction security?

* Kerberos

It allows entities communicating over networks to prove their identity to each other while preventing eavesdropping or replay attacks. It also provides for data stream integrity (detection of modification) and secrecy (preventing unauthorized reading) using cryptography systems such as DES.

It is important to realize that Kerberos is a one-trick pony. It provides for mutual authentication and secure communication between principals on an open network by manufacturing secret keys for any requestor and providing a mechanism for these secret keys to be safely propagated through the network. Kerberos does not, per se, provide for authorization or accounting, although applications that wish to can use their secret keys to perform those functions securely. Kerberos also does not provide password validation for individual workstations unless care is taken.

It is also important to understand that using Kerberos on time-sharing machines greatly weakens its protections, since user's tickets are then only as secure as the `root' account (read: not very). Furthermore, dumb terminals and most X terminals do not understand the Kerberos protocol and as a result their cable connections remain insecure.


As far as I know, TIS/PEM and RIPEM are not used (or, at least, widely used) for securing electronic commerce transactions, but only for personal email messages. However, we may assume that some vendors will support PEM encrypted messages for their transaction processes if a significant number of customers desire so.


Some softwares developers have implemented a system by which NCSA Mosaic client and/or server call external PGP program which encrypt and decrypt their communications and thus provide secure communications between the server and the client, and ensure that a user is who he/she says he/she is.

However, the most ``natural'' mean to securely communicate with PGP is by exchanging encrypted email messages, since this can be performed an all platforms.

In both cases, the merchant can register his public key on a server such as SLED ( where the customer will be able to retrieve it. The merchant will have to provide the server with evidence (by another mean than the Internet) that he/she claims who he/she actually is, so that the customer will be able to trust his/her public key.

Several electronic storefronts, such as NetMarket, support purchase orders or customer sensitive information encrypted with PGP.


We can enter our credit card number on a secure (https) browser (we may assume that other browsers than Netscape Navigator will support SSL in a near future) form and transmit the form over the Internet to a secure Commerce Server without risk of an intermediary obtaining our credit card information. The security features offered by SSL compliant technology protect commercial transactions, as well as all other communications, from misappropriation and fraud that could otherwise occur as information passes through Internet computers.

Secure communications does not eliminate all of an Internet user's concerns. For example, the end-user must be willing to trust the server administrator with his or her credit card number before he or she enter into a commercial transaction. Security technology secures the routes of Internet communication; but does not protect from unreputable or careless people with whom we might choose to do business.

The situation is analogous to telling someone our credit card number over the telephone. We may be secure in knowing that no one has overheard our conversation (privacy) and that the person on the line works for the company we wish to buy from (authentication), but we must also be willing to trust the person and the company.

Server administrators must take additional precautions to prevent security breaches. To protect information, they must maintain physical security of their server computers and control access to software passwords and private keys.

A lot of electronic storefronts, such as MarketNet, now support SSL mechanism.


S-HTTP specifies ways to add all the secure features needed in a transaction to the conversations that occur over the Internet between World Wide Web clients and servers. S-HTTP does not say how these elements will appear to users or what elements should be used with what transactions; that is up to the developers of the clients and servers and their customers.

However, a few companies like OpenMarket and NCSA have already released Web secure servers and clients that support S-HTTP, Terisa proposes toolkits to develop such systems, and CyberCash has developed a payment system based on this protocol.


The primary objective of the IPSEC work is to ensure that IPv4 and IPv6 will have solid cryptographic security mechanisms available to users who desire security. These mechanisms are designed to avoid adverse impacts on Internet users who do not employ these security mechanisms for their traffic. These mechanisms are intended to be algorithm-independent so that the cryptographic algorithms can be altered without affecting the other parts of the implementation. These security mechanisms should be useful in enforcing a variety of security policies.

As far as I know, the IPSEC is not yet implemented: this protocol is in a stage of ``work in progress'', but it may be worth to keep looking at what it will become.

next up previous
Next: 3.5 What a Smart Up: 3.4 Transaction Security Previous: 3.4.1 What are Kerberos,
Denis Arnaud