论文信息 - Design and Implementation of Challenge Response Protocol for Enhanced e-Commerce Security

Design and Implementation of Challenge Response Protocol for Enhanced e-Commerce Security

The environment of the proposed Scan2Pass is described in detail. Confidentiality is provided at the application level in the system to protect user credential in both entities (the user and the server) for preventing brute force and dictionary attacks. A security mechanism is also provided to maintain confidentiality at the transport level. The HTTP Strict Transport Security in the system ensures that all connections between entities will be upgraded to HTTPS only. This way guarantees that all data and sensitive information transmitting between both sides are protected. The implementation of Scan2Pass presents a possible deployment of the system and describes the components of the prototype. Implementation and testing confirm that the proposed Scan2Pass is fast and easy to use and learn. In particular, users without much experience with smartphones can easily use the proposed system after seeing it done only once. Therefore, the proposed system model is convenient for users because of the absence of the burden of carrying a separate hardware token or extra charges from the short message service. The design and implementation of a challenge–response protocol for enhanced e-commerce security are also elaborated.

Hamzah F. Zmezm | Mustafa S. Khalefa | Hamid Ali Abed Alasadi | Hareth Zmezm

[1] A. W. Roscoe,et al. Usability and security of out-of-band channels in secure device pairing protocols , 2009, SOUPS.

[2] Helmut Schneider,et al. The domino effect of password reuse , 2004, CACM.

[3] Patrick Traynor,et al. One-time cookies: Preventing session hijacking attacks with stateless authentication tokens , 2012, TOIT.

[4] Alan O. Freier,et al. Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .

[5] Edward F. Gehringer. Choosing passwords: security and human factors , 2002, IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293).

[6] Cullen Jennings,et al. Certificate Management Service for the Session Initiation Protocol (SIP) , 2011, RFC.

[7] Bruce Schneier,et al. Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .

[8] Edward W. Felten,et al. Password management strategies for online accounts , 2006, SOUPS '06.

[9] Arati Baliga,et al. Rootkits on smart phones: attacks, implications and opportunities , 2010, HotMobile '10.

[10] Sharath Pankanti,et al. Biometrics: a tool for information security , 2006, IEEE Transactions on Information Forensics and Security.