Applied Cryptography in Electronic Commerce

Applied Cryptography in Electronic Commerce

Slawomir Grzonkowski (National University of Ireland, Ireland), Brian D. Ensor (National University of Ireland, Ireland) and Bill McDaniel (National University of Ireland, Ireland)
DOI: 10.4018/978-1-4666-2919-6.ch017
OnDemand PDF Download:


Electronic commerce has grown into a vital segment of the economy of many nations. It is a global phenomenon providing markets and commercialization opportunities world-wide with a significantly reduced barrier to entry as compared to global marketing in the 20th century. Providing protocols to secure such commerce is critical and continues to be an area for both scientific and engineering study. Falsification, fraud, identity theft, and disinformation campaigns or other attacks could damage the credibility and value of electronic commerce if left unchecked. Consequently, cryptographic methods have emerged to combat any such efforts, be they the occasional random attempt at theft or highly organized criminal or political activities. This chapter covers the use of cryptographic methods and emerging standards in this area to provide the necessary protection. That protection, as is common for web-based protocols, evolves over time to deal with more and more sophisticated attacks. At the same time, the provision of security in a manner convenient enough to not deter electronic commerce has driven research efforts to find easier to use and simpler protocols to implement even as the strength of the cryptographic methods has increased. This chapter covers current standards, looking at several facets of the secure commercialization problem from authentication to intrusion detection and identity and reputation management. Vulnerabilities are discussed as well as capabilities.
Chapter Preview


We begin our presentation describing authentication solutions for the web. We specifically focus on SSL/TSL (Dierks & Allen 1999, Rescola 2000) protocols that are widely used for ecommerce. Then, we briefly introduce the most notable Password-based Authentication Key Exchange (PAKE) solutions (Bellovin & Merritt 1992, Jablon 1996, Wu 2000) that aims at secure communication using short and memorable passwords.

Complete Chapter List

Search this Book: