Please use this identifier to cite or link to this item:
Full metadata record
DC FieldValueLanguage
dc.contributor.authorEzennaya-Gomez, Salatiel-
dc.contributor.authorKiltz, Stefan-
dc.contributor.authorKrätzer, Christian-
dc.contributor.authorDittmann, Jana-
dc.description.abstractThe paper discusses means to identify potential impacts of data flows on customers’ security, and privacy during online payments. The main objectives of our research are looking into the evolution of cybercrime new trends of online payments and detection, more precisely the usage of mobile phones, and describing methodologies for digital trace identification in data flows for potential online payment fraud. The paper aims to identify potential actions for identity theft while conducting the Reconnaissance step of the kill chain, and documenting a forensic methodology for guidance and further data collection for law enforcement bodies. Moreover, a secondary objective of the paper is to identify, from a user’s perspective, transparency issues of data sharing among involved parties for online payments. We thus declare the transparency analysis as the incident triggering a forensic examination. Hence, we devise a semi-automated traffic analysis approach, based on previous work, to examine data flows, and data exchanged among parties in online payments. For this, the main steps are segmenting traffic generated by the process payment, and other sources, subsequently, identifying data streams in the process. We conduct three tests which include three different payment gateways: PayPal, Klarna-sofort, and Amazon Pay. The experiment setup requires circumventing TLS encryption for the correct identification of forensic data types in TCP/IP traffic, and potential data leaks. However, it requires no extensive expertise in mobile security for its installation. In the results, we identified some important security vulnerabilities from some payment APIs that pose financial and privacy risks to the marketplace’s customers.eng
dc.subjectApplied computingeng
dc.subjectEvidence collectioneng
dc.subjectStorage and analysiseng
dc.subjectSecurity and privacyeng
dc.subjectEconomics of security and privacyeng
dc.titleA semi-automated HTTP traffic analysis for online payments for empowering security, forensics and privacy analysiseng
dc.typeConference Object-
local.bibliographicCitationEnthalten in ARES 2021 - New York, New York : The Association for Computing Machinery, 2021-
Appears in Collections:Fakultät für Informatik (OA)

Files in This Item:
File Description SizeFormat 
Ezennaya-Gomez et al._A semi-automated_2021.pdfZweitveröffentlichung1.52 MBAdobe PDFThumbnail