Digital Forensics for Electronic Commerce on the Web

On existing online shopping on the web, SSL and password are usually used to achieve the secure trades. SSL shields communication from the third party who is not related with the trade, and indicates that the trader's web site is authenticated by one of the certification authority. Password certifies a customer as the same person who has visited the trader's web site before, and protects the customer's privacy such as what the customer has bought on the site. However, there is no forensics for the trades in those cased above. With existing methods, no one can prove what is ordered by customers, how many products are ordered and even whether customers have ordered or not. The reason is that the third party has to guess what were traded with logs that are held by traders and by customers. The logs can easily be created, deleted and forged since they are electronically stored. To enhance security with digital forensics for electronic commerce on the web, I indicate a secure method with cellular phones.

Authors:

• Ryuya Uda

Keywords:

• Cellular Phone
• Digital Forensics
• ElectronicCommerce
• Information Security

References:

[1] E. Rescorla: HTTP Over TLS, RFC 2818, 2000.
[2] Shakir James, "Web Single Sign-On Systems",
http://www.cse.wustl.edu/~jain/cse571-07/ftp/websso/index.html
[3] OpenID, http://openid.net/
[4] Michiru Tanaka and Yoshimi Teshigawara, "A Method and Its Usability
for User Authentication by Utilizing a Matrix Code Reader on Mobile
Phones" Lecture Notes in Computer Science, Vol.4298/2007, pp.225-236,
2007.
[5] Adam Kiezun, Philip J. Guo, Karthick Jayaraman, Michael D. Ernst,
"Automatic Creation of SQL Injection and Cross-Site Scripting Attacks",
International Conference on Software Engineering archive, Proceedings
of the 31st International Conference on Software Engineering,
pp.199-209, 2009.
[6] Ryuya Uda, Masahito Ito, Kohei Awaya, Hiroshi Shigeno, Yutaka
Matsushita, "E-Ticket Issuing System with 3-D Pattern Recognition for
Mobile Terminals", IFIP 17th International Conference on Information
Security, SEC 2002, pp.399-410, 2002.
[7] Ryuya Uda, "Proposal of Method for Digital Forensics in Physical
Distribution", 2010 The 2nd International Conference on Telecom
Technology and Applications (ICTTA 2010), pp.211-216, 2010.
[8] Yui Kunii, Ryuya Uda, "A Proposal of A Distributed File Backup System
for Digital Forensics Using Cellular Phone", IPSJ - Proceedings of
Multimedia, Distributed, Cooperative, and Mobile Symposium 2009,
pp.671-678, 2009. (Japanese)
[9] Ken Kuroiwa, Ryuya Uda, "Proposal of Electronic Commerce System
with Cellular Phones for Digital Forensics", The 4th International
Conference on Ubiquitous Information Management and Communication
(ICUIMC 2010), pp.294-299, 2010.
[10] Kei Ozaki, Ryuya Uda, Akio Tojo, "A Mutual Authentication System
with Public Key Cryptosystem on A Cellular Phone" IPSJ - Proceedings
of Computer Security Symposium 2005, Vol.2, pp.535-540, 2005.
(Japanese)
[11] Motoi Yoshitomi, Tsuyoshi Takagi, Shinsaku Kiyomoto, Toshiaki
Tanaka, "Efficient Implementation of the Pairing on Mobilephones Using
BREW", IEICE - Transactions on Information and Systems archive,
Vol.E91-D, Issue 5, pp.1330-1337, 2008.
[12] Yuto Kawahara, Tsuyoshi Takagi, Eiji Okamoto, "Efficient
Implementation of Tate Pairing on a Mobile Phone Using Java", Lecture
Notes In Artificial Intelligence, Computational Intelligence and Security:
International Conference, CIS 2006, pp.396-405, 2007.
[13] Research for Digital Forensics by Using Cellular Phones,
http://dfcp.u-lab.cs.teu.ac.jp/
[14] The Legion of the Bouncy Castle, http://www.bouncycastle.org/
[15] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, T.
Berners-Lee: Hypertext Transfer Protocol -- HTTP/1.1 (RFC 2616),
1999.