Login | Register

Security analysis of an e-commerce solution

Title:

Security analysis of an e-commerce solution

El-Hamwi, Yazan (2008) Security analysis of an e-commerce solution. Masters thesis, Concordia University.

[img]
Preview
Text (application/pdf)
MR42519.pdf - Accepted Version
3MB

Abstract

The escalation in the number of people with access to the Internet has fuelled the growth of e-commerce transactions. In order to stimulate this growth in e-commerce, the adoption of new business models will be required. In this thesis, we propose the idea of bringing the multi-level marketing business model into the e-commerce world. For e-commerce applications to take advantage of the business potential in this business model, some challenging security problems need to be resolved. Our proposed protocol provides a method for fair exchange of valuable items between multiple-parties in accordance with the multi-level marketing business model. It also provides the required security services needed to increase the overall customers' trust in e-commerce, and hence increase the rate of committed online transactions. These security services include content assurance, confidentiality, fair exchange and non-repudiation. The above security services are usually attained through the use of cryptography. For example, digital rights management systems deliver e-goods in an encrypted format. As these e-goods are decrypted before being presented to the end user, cryptographic keys may appear in the memory which leaves it vulnerable to memory disclosure attacks. In the second part of this thesis, we investigate a set of memory disclosure attacks which may compromise the confidentiality of cryptographic keys. We demonstrate that the threat of these attacks is real by exposing the secret private keys of several cryptographic algorithms used by different cryptographic implementations of the Java Cryptographic Extension (JCE)

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:El-Hamwi, Yazan
Pagination:xiv, 87 leaves : ill. ; 29 cm.
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Institute for Information Systems Engineering
Date:2008
Thesis Supervisor(s):Youssef, Amr
ID Code:976028
Deposited By: Concordia University Library
Deposited On:22 Jan 2013 16:18
Last Modified:18 Jan 2018 17:41
Related URLs:
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Back to top Back to top