Digital Forensics for Electronic Commerce on the Web
Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 33104
Digital Forensics for Electronic Commerce on the Web

Authors: Ryuya Uda

Abstract:

On existing online shopping on the web, SSL and password are usually used to achieve the secure trades. SSL shields communication from the third party who is not related with the trade, and indicates that the trader's web site is authenticated by one of the certification authority. Password certifies a customer as the same person who has visited the trader's web site before, and protects the customer's privacy such as what the customer has bought on the site. However, there is no forensics for the trades in those cased above. With existing methods, no one can prove what is ordered by customers, how many products are ordered and even whether customers have ordered or not. The reason is that the third party has to guess what were traded with logs that are held by traders and by customers. The logs can easily be created, deleted and forged since they are electronically stored. To enhance security with digital forensics for electronic commerce on the web, I indicate a secure method with cellular phones.

Keywords: Cellular Phone, Digital Forensics, ElectronicCommerce, Information Security

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1079058

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1840

References:


[1] E. Rescorla: HTTP Over TLS, RFC 2818, 2000.
[2] Shakir James, "Web Single Sign-On Systems", http://www.cse.wustl.edu/~jain/cse571-07/ftp/websso/index.html
[3] OpenID, http://openid.net/
[4] Michiru Tanaka and Yoshimi Teshigawara, "A Method and Its Usability for User Authentication by Utilizing a Matrix Code Reader on Mobile Phones" Lecture Notes in Computer Science, Vol.4298/2007, pp.225-236, 2007.
[5] Adam Kiezun, Philip J. Guo, Karthick Jayaraman, Michael D. Ernst, "Automatic Creation of SQL Injection and Cross-Site Scripting Attacks", International Conference on Software Engineering archive, Proceedings of the 31st International Conference on Software Engineering, pp.199-209, 2009.
[6] Ryuya Uda, Masahito Ito, Kohei Awaya, Hiroshi Shigeno, Yutaka Matsushita, "E-Ticket Issuing System with 3-D Pattern Recognition for Mobile Terminals", IFIP 17th International Conference on Information Security, SEC 2002, pp.399-410, 2002.
[7] Ryuya Uda, "Proposal of Method for Digital Forensics in Physical Distribution", 2010 The 2nd International Conference on Telecom Technology and Applications (ICTTA 2010), pp.211-216, 2010.
[8] Yui Kunii, Ryuya Uda, "A Proposal of A Distributed File Backup System for Digital Forensics Using Cellular Phone", IPSJ - Proceedings of Multimedia, Distributed, Cooperative, and Mobile Symposium 2009, pp.671-678, 2009. (Japanese)
[9] Ken Kuroiwa, Ryuya Uda, "Proposal of Electronic Commerce System with Cellular Phones for Digital Forensics", The 4th International Conference on Ubiquitous Information Management and Communication (ICUIMC 2010), pp.294-299, 2010.
[10] Kei Ozaki, Ryuya Uda, Akio Tojo, "A Mutual Authentication System with Public Key Cryptosystem on A Cellular Phone" IPSJ - Proceedings of Computer Security Symposium 2005, Vol.2, pp.535-540, 2005. (Japanese)
[11] Motoi Yoshitomi, Tsuyoshi Takagi, Shinsaku Kiyomoto, Toshiaki Tanaka, "Efficient Implementation of the Pairing on Mobilephones Using BREW", IEICE - Transactions on Information and Systems archive, Vol.E91-D, Issue 5, pp.1330-1337, 2008.
[12] Yuto Kawahara, Tsuyoshi Takagi, Eiji Okamoto, "Efficient Implementation of Tate Pairing on a Mobile Phone Using Java", Lecture Notes In Artificial Intelligence, Computational Intelligence and Security: International Conference, CIS 2006, pp.396-405, 2007.
[13] Research for Digital Forensics by Using Cellular Phones, http://dfcp.u-lab.cs.teu.ac.jp/
[14] The Legion of the Bouncy Castle, http://www.bouncycastle.org/
[15] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, T. Berners-Lee: Hypertext Transfer Protocol -- HTTP/1.1 (RFC 2616), 1999.