Abstract

The escalation in the number of people with access to the Internet has fuelled the growth of e-commerce transactions. In order to stimulate this growth in e-commerce, the adoption of new business models will be required. In this thesis, we propose the idea of bringing the multi-level marketing business model into the e-commerce world. For e-commerce applications to take advantage of the business potential in this business model, some challenging security problems need to be resolved. Our proposed protocol provides a method for fair exchange of valuable items between multiple-parties in accordance with the multi-level marketing business model. It also provides the required security services needed to increase the overall customers' trust in e-commerce, and hence increase the rate of committed online transactions. These security services include content assurance, confidentiality, fair exchange and non-repudiation. The above security services are usually attained through the use of cryptography. For example, digital rights management systems deliver e-goods in an encrypted format. As these e-goods are decrypted before being presented to the end user, cryptographic keys may appear in the memory which leaves it vulnerable to memory disclosure attacks. In the second part of this thesis, we investigate a set of memory disclosure attacks which may compromise the confidentiality of cryptographic keys. We demonstrate that the threat of these attacks is real by exposing the secret private keys of several cryptographic algorithms used by different cryptographic implementations of the Java Cryptographic Extension (JCE)