Software implementation of secure e-payment system using SSL

number: 
1627
إنجليزية
Degree: 
Author: 
Dhiaa Ismaeel Al-Taiee
Supervisor: 
Dr. Sufyan T. Faraj
year: 
2005

Abstract : As Internet and the web are extremely vulnerable against various sorts of threats, therefore, there is an increasing demand for securing web services. The web is fundamentally a client/server application running over Internet and TCP/IP intranets, hence, security of the network traffic between the web browser and servers is a basic issue for achieving web security in order to prevent any tampers or any intruders that want to alter or read any information; this is achieved using SSL (Socket Secure Layer). In this project the web security services (Authentication, Confidentiality and Data Integrity) are introduced and various methods for securing web services are studied. The implementation of these techniques has been done for a specific web application .The chosen application is e-payment system, in which an encryption/decryption using IDEA algorithm is applied for the data stream between different stations in the system. Signature verifying algorithm is also introduced and implemented for verifying each station in the system. The key exchange between the stations will be done using RSA algorithm, proper calculations were done to obtain a public key and private key. The authentication between any two stations was applied by using mutual authentication protocol. To implement this application Borland java was used, Java contains classes specialized for networking and security such as Authentication (i.e. Digital signatures, certificates) and Non-repudiation (i.e. Digital signatures, certificates, message digest) .