Analysis and Design of an Advanced Infrastructure for Secure and Anonymous Electronic Payment Systems on the Internet

Electronic payment systems are of paramount importance in our current digital society. Security and privacy constitute crucial challenges in this area. Electronic money is indeed just digital information that can easily be copied. Moreover, users automatically leave an electronic trail of all their activities in the digital world. In this thesis an advanced infrastructure for secure and anonymous electronic payment systems on the Internet is analyzed and designed. The thesis starts with an overview of the most important existing payment systems on the Internet. The currently most popular payment system makes direct use of the credit card information. It therefore suffers from severe security problems. There are however conceptually more secure payment systems, but these are not used for various reasons. The World Wide Web (WWW) is the platform on which electronic commerce is performed. This thesis analyzes the SSL/TLS protocol which is responsible for securing the communications between a browser and a web server. The protocol is extended with new security functionality. The thesis also demonstrates the weaknesses in the mobile code security model that is supported by current browsers. Anonymous electronic payment systems are investigated. Anonymity should here be present both within the payment protocol and at the communications layer. Controlled anonymity provides a balance between the protection of privacy and the security against anonymity misuse. A new system for revocable anonymous access to the Internet is therefore designed in this thesis. Due to the enormous growth of mobile communications, secure mobile payment systems are being developed. This thesis motivates the combined use of the WWW and mobile devices, and identifies different usage scenarios. A new GSM-based payment system for the WWW is designed. In addition, a software token is proposed that is resistant against specific attacks. Mobile software agents can in the future help users with many otherwise time-consuming activities. This thesis presents how the communication between agents is secured. The thesis finally investigates how mobile agents can conduct secure electronic transactions from untrusted hosts on the Internet.