• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Shared server encryption scheme vulnerabilities?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
Joe6Pack
Just Arrived
Just Arrived


Joined: 24 May 2008
Posts: 0


Offline

PostPosted: Sat May 24, 2008 4:03 am    Post subject: Shared server encryption scheme vulnerabilities? Reply with quote

I'm working on a web commerce site that is hosted on shared servers (Windows IIS, ASP, SQL Server, and a shopping cart which uses a cart_id session and the database to store cart contents as the user shops). My client wants to store credit card numbers, so that they can be retrieved and used to process pending and failed transactions. I don't want to do this, but I've sketched out a possible encryption scenario to protect the data. I have no doubt it is insecure on shared servers, but would like to know why, and whether it would be secure on a dedicated web server combined with a shared SQL Server. Here it is (assume an SSL connection):

When the user begins a session he is assigned a random symmetric key (RSK) which is stored as an ASP session variable. When the user submits credit card info via a form the CC# is encrypted using the RSK. The RSK itself is encrypted using a public asymmetric key (PAK). Both the encrypted CC# and encrypted RSK are stored in the order record. Now, as the user cycles through the purchase pages, the CC# can be retrieved (so that it doesn't have to filled in over and over again if the user makes a form entry mistake in, say, his email address) because the unencrypted RSK is available in the session variable and can be used to decrypt the stored encrypted CC#. And later, when the store owner wants to retrieve the CC#, he can do so by supplying the private asymmetric key (not sure how to implement this part yet in a secure, yet convenient way) to decrypt the stored RSK which can then be used to decrypt the CC#.

The point of all this is that no keys are stored on the web server (except the PAK, which is useless to any miscreant). And, even if someone gets a hold of an RSK, it is only good for one CC#. Although, if one can be got, then probably many can.

Hope that makes sense. I suspect that the session variable is somehow vulnerable and/or the hosting company's employees would be able to somehow eavesdrop on the traffic and get a hold of the keys.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register