Table of Contents

• Introduction
• Cryptography
• Secure End-To-End Communication
• Public-key Infrastructure
• Notary Services
• Payments
• Copyright Protection
• Frameworks
• Secure Hardware

• Slides (PDF)

• M. Waidner
  Development of a Secure Electronic Marketplace for Europe
  ESORICS '96 (4th European Symposium on Research in Computer Security), Rome, LNCS 1146, Springer-Verlag, Berlin 1996, 1-14
  Comment: Summary of SEMPER's objectives and initial architecture; gives an overview on security issues in electronic commerce.

• D. Chaum
  Achieving Electonic Privacy
  Scientific American, August, 1992, 96-101.
  Comment: Good overview on anonymity issues.

Books

• W. Ford, M. Baum
  Secure Electronic Commerce
  Prentice-Hall, 1996
  Comment: Introduction to electronic commerce from a security and legal perspective.

• W. Ford
  Computer Communications Security -- Principles, Standard Protocols and Techniques
  PTR Prentice Hall, Englewood Cliffs, New Jersey 1994
  Comment: Good introduction to network security in general.

• S. Garfinkel, G. Spafford
  Practical Unix & Internet Security (2nd. ed)
  O'Reilly & Associates, Inc., Sebastopol 1996
  Comment: Overview of the known concrete security problems of Unix and the Internet protocols.

• P. Denning
  Computers under Attack - Intruders, Worms and Viruses
  ACM Press, 1990
  Comment: Collection of articles for people who don't believe that security is an issue.

• Electronic Commerce (SIRENE)

• R. Rivest
  Cryptography
  Chapter 13 of Handbook of Theoretical Computer Science, (ed. J. Van Leeuwen), Vol. 1, Elsevier, 1990, 717-755
  Comment: Good introduction to modern cryptography.

Books

• D. Stinson
  Cryptography - Theory and Practice
  CRC Press, Boca Raton, 1995
  Comment: Good textbook on cryptography.

• B. Schneier
  Applied Cryptography: Protocols, Algorithms, and Source Code in C
  John Wiley Sons, Inc, 1996
  Comment: Very complete compendium on cryptographic algorithms. No proofs or mathematical details, but a very useful "cookbook."

• A. Menezes, P. van Oorschot, S. Vanstone
  Handbook of applied cryptography
  CRC Press series on discrete mathematics and its applications,CRC Press, 1996, ISBN 0-8493-8523-7
  Comment: More into depth and formal than previous book. A book for cryptographers.

• G.J. Simmons
  Contemporary Cryptoloy -- The Science of Information Integrity
  IEEE Press, Hoes Lane 1992
  Comment: Collection of interesting papers on cryptology. Quite technical.

• Proceedings of the IACR conference series
  Advances in Cryptology - CRYPTO/EUROCRYPT/AUSCRYPT/ASIACRYPT
  LNCS, Springer-Verlag, Berlin
  Comment: Main fora for original contributions in cryptography.

Further Online References

• Cryptography (SIRENE)
• RSA's FAQ 3.0 on Cryptography

• S. Garfinkel, G. Spafford
  Cryptography and the Web
  World Wide Web Journal 2/3 (1997) 113-126
  Comment: High level overview of cryptography and standard protocols for Internet security.

• V.L. Voydock, S.T. Kent
  Security Mechanisms in High-Level Network Protocols
  ACM Computing Surveys 15/2 (1983) 135-171
  Comment: Old, but still valid survey on the common models for end-to-end and link security.

• David Chaum
  Security without Identification: Transaction Systems to make Big Brother Obsolete;
  Communications of the ACM 28/10 (1985) 1030-1044
  Comment: Introduction to blind signatures, cryptographic pseudonyms, and so on.

• David Chaum:
  Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms;
  Communications of the ACM 24/2 (1981) 84-88
  Comment: Introduced "Mixes" or cryptographic anonymous remailers.

Books

• Ford 1994
  

Further Online References

• Standards and Protocols (SIRENE)

• Ford 1994
  Comment: Technical aspects of PKI.

• Ford, Baum 1996
  Comment: Legal aspects of PKI.

Articles

• Germany's Digital Signature Act
  Federal Bill Establishing the General Conditions for Information and Communication Services (Information and Communication Services Bill); Bundestagsdrucksache 13/7934 vom 11.06.1997; approved by Bundestag (June 13, 1997) and Bundesrat (July 4, 1997); valid from August 1st, 1997, onwards
  Comment: Defines under which conditions a digital signature can be accepted as evidence. Notably, this law recognizes the need for secure hardware with trusted input and output.

• R.J. Anderson
  Why Cryptosystems Fail
  Communications of the ACM 37/11 (1994) 32-40
  Comment: Some real-world examples where supposedly secure systems were broken because of operational weaknesses.

• U. Pordesch
  Risiken elektronischer Signaturverfahren
  Datenschutz und Datensicherung DuD 17/10 (1993) 561-569
  Comment: Demonstrates the risk of digital signatures in operation.

• Verisign
  Certification Practice Statement (Version 1.2)
  Version 1.2, Verisign, May 30, 1997
  Comment: Defines the classes mentioned in the tutorial.

Further Online References

• Standards and Protocols (SIRENE)

• S. Haber, W. Stornetta
  How to Time-Stamp a Digital Document
  Journal of Cryptology 3/2 (1991) 99-111
  Comment: Basis of the scheme for logical time stamps presented in the tutorial; implemented in Surety's Digital Notary System.

• N. Asokan, M. Schunter, M. Waidner
  Optimistic Protocols for Fair Exchange
  4th ACM Conference on Computer and Communications Security, Zürich, April 1997, 7-17
  Comment: Basis of the optimistic 2-party fair exchange protocol presented in the tutorial.

• M. Ben-Or, O. Goldreich, S. Micali, R. L. Rivest
  A Fair Protocol for Signing Contracts
  IEEE Transactions on Information Theory 36/1 (1990) 40-46
  Comment: Basis of the contract signing protocol "w/o third party" presented in the tutorial.

• N. Asokan, P. Janson, M. Steiner, M. Waidner
  State of the Art in Electronic Payment Systems
  IEEE COMPUTER 30/9 (1997) 28-35
  Comment: Survey on electronic payment systems for the Internet.

• Anderson 1994
  Comment: Gives some good examples why multi-party security and dispute handling are important for electronic commerce, in particular for payment systems.

• B. Pfitzmann, M. Waidner
  Properties of Payment Systems: General Definition Sketch and Classification
  IBM Research Report RZ 2823 (#90126) 05/06/96, IBM Research Division, Zurich, May 1996
  Comment: Gives more details on the security requirements for electronic payment systems, and how those can be used to give a general definition of a "secure payment system."

• M. Bellare, J.A. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, M. Waidner
  iKP - A Family of Secure Electronic Payment Protocols
  1st USENIX Workshop on Electronic Commerce, 1995
  Comment: Basis of the simplified credit card payment system presented in the tutorial.

• SET Secure Electronic Transaction Version 1.0
  Mastercard, VISA, May 31, 1997
  Comment: Standard credit card system for the Internet.

• CEN/TC224/WG10
  Inter-sector Electronic Purse
  Draft European Standard; Part 1: Concepts and Structures, Part2: Security Architecture, Part 3: Data Elements and Interchanges, Brussels 1992-94
  Comment: Standard for smartcard based electronic cash, using symmetric or asymmetric cryptography.

• D. Chaum, S. Brands
  'Minting' Electronic Cash
  IEEE spectrum 34/2 (1997) 30-34
  Comment: Good overview of untraceable electronic cash.

• S. Brands
  Untraceable Off-line Cash in Wallet with Observers
  Crypto '93, LNCS 773, Springer-Verlag, Berlin 1994, 302-318
  Comment: Basis of the untraceable off-line payment system with double spending detection presented in the tutorial. The paper is quite technical.

• J.-P. Boly, A. Bosselaers, R. Cramer, R. Michelsen, S. Mjolsnes, F. Muller, T. Pedersen, B. Pfitzmann, P. de Rooij, B. Schoenmakers, M. Schunter , L. Vallee, M. Waidner
  The ESPRIT Project CAFE - High Security Digital Payment Systems
  ESORICS 94 (Third European Symposium on Research in Computer Security), Brighton, LNCS 875, Springer-Verlag, Berlin 1994, 217-230
  Comment: Actually implemented scheme using Brands' ideas. This article does not contain the technical details; final specs should be published soon.

• T. Pedersen
  Electronic Payments of Small Amounts
  1996 Security Protocols Workshop, LNCS 1189, Springer-Verlag, Berlin 1997, 59-68
  Comment: Basis of the "phoneticks" presented in the tutorial.

• B. Cox, J.D.Tygar, M. Sirbu
  NetBill Security and Transaction Protocol
  First USENIX Workshop on Electronic Commerce, 1995
  Comment: Example of a billing server.

• A. Herzberg, H. Yochai
  Mini-Pay: Charging per Click on the Web
  6th Internation World Wide Web Conference, Santa Clara, 1997
  Comment: Describes IBM's MiniPay system.

Further Online References

• Payment Systems (SIRENE)

• Report on Digital Rights Management Technologies for the International Federation of Reproduction Rights Organizations

• H.M. Gladney, J.B. Lotspiech
  Safeguarding Digital Library Contents and Users
  D-Lib Magazine, May 1997
  Comment: Describes IBM's Cryptolopes
  

• R. Mori, M. Kawahara
  Superdistribution: The Concept and the Architecture
  The Transactions of The Institute of Electronics, Information and Communication Engineers IEICE, E73/7 (1990) 1133-1146
  Comment: One of the classic papers on copyright protection.

• F. M. Boland, J. J. K. Ruanaidh, C. Dautzenberg
  Watermarking Digital Images for Copyright Protection
  5th IEE International Conference on Image Processing and its Applications, Proceedings, 4-6 July 1995, Edinburgh, 1995, 326-330
  

• D. Boneh, J. Shaw
  Collusion-Secure Fingerprinting for Digital Data
  Crypto '95, LNCS 963, Springer-Verlag, Berlin 1995, 452-465
  Comment: Still the best code for symmetric collusion tolerant fingerprinting. The paper is quite technical.

• Waidner 1996
  Comment: High-level overview on objectives of SEMPER, security issues of electronic commerce in general, and the initial architecture.

• SEMPER Consortium
  Deliverables of Project SEMPER
  La Gaude, 1995-1998
  Comment: D03 describes the concrete designs, and D05 the business requirements and user perspective.

• J.L. Abad-Peiro, N. Asokan, M. Steiner, M. Waidner
  Designing a Generic Payment Service
  212ZR055, IBM Zurich Research Laboratory, 29 November 1996; to appear in: IBM Syst. Journal, 1998
  Comment: Basis of the design example presented in the tutorial.

Further Online References

• CommerceNet's eCo SYSTEM
• IBM SecureWay
• Microsoft
• Netscape
• Java Electronic Commerce Framework (JECF)
• Secure Electronic MarketPlace in EuRope (SEMPER)

• A. Pfitzmann, B. Pfitzmann, M. Schunter, M. Waidner
  Trusting Mobile User Devices and Security Modules
  IEEE COMPUTER 30/2 (1997) 61-68
  Comment: Introduction why trusted devices are necessary, what issues arise and which options are possible.

• C. Hovenga Fancher
  In Your Pocket: Smartcards
  IEEE spectrum 34/2 (1997) 47-53
  Comment: Overview of smartcards.

• R. Anderson, M. Kuhn
  Tamper Resistance - A Cautionary Note
  2nd USENIX Workshop on Electronic Commerce, 1996
  Comment: Demonstrates the limits of cheap tamper-resistance, in particular of smartcards.

• L. Guillou, M. Ugon, J.-J. Quisquater
  The Smart Card: A Standardized Security Device Dedicated to Public Cryptology
  in Simmons 1992, 561-613
  Comment: Good introduction to smartcards and crypto co-processors.

• D. Naccache, D. M'Raihi
  Cryptographic Smart Cards
  IEEE Micro 14/3 (1996) 14-24
  (Abstract)
  Comment: Good market survey.

Further Online References

• Secure Hardware (SIRENE)

Last modified : Mon, 29 Sep 1997 09:12