Five Fundamental Requirements of a Secure Transaction System - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Five Fundamental Requirements of a Secure Transaction System

Description:

Plaintext run through hash function which gives message a mathematical value ... Developed by Netscape. Operates between TCP/IP and application software ... – PowerPoint PPT presentation

Number of Views:455
Avg rating:3.0/5.0
Slides: 18
Provided by: NeilJ
Category:

less

Transcript and Presenter's Notes

Title: Five Fundamental Requirements of a Secure Transaction System


1
Five Fundamental Requirements of a Secure
Transaction System
  • Privacy information not read by third party
  • Integrity information not compromised or
    altered
  • Authentication sender and receiver prove
    identities
  • Non-repudiation legally prove message was sent
    and received
  • Availability -- computer systems continually
    accessible

2
Security Requirements and Controls
3
Cryptography to Secure Privacy
  • Digital
  • Encryption and decryption keys are binary strings
    with a given key length
  • With Symmetric or Secret-key Cryptography, both
    sender and receiver have a secret key and all
    messages are encrypted and decrypted using the
    same key.
  • With Asymmetric or Public-key cryptography,
    message is sent with public key and read using
    private key.

4
Secret-key Cryptography
  • Has a problem with protecting key exchange
  • Also has a problem knowing who actually created
    message (authentication)
  • Can use key distribution center, which reduces
    the risk of and increases the efficiency the key
    exchange process.
  • DES (or some variation thereof)

5
Public Key Cryptography
  • Each party has both a public and a private key
  • Data is sent using the public key.
  • Receiver reads the message using private key and
    sends reply using senders public key thus both
    sender and receiver are authenticated.
  • RSA Is most commonly used public-key algorithm.
  • Also non-governmental algorithm named Pretty Good
    Privacy (PGP)

6
Digital Signatures
  • Developed to be used in public-key systems.
  • Plaintext run through hash function which gives
    message a mathematical value called hash value or
    message digest
  • Collision occurs when multiple messages have same
    hash value
  • Hash function is encrypted with private-key
  • Original message (encrypted with public key),
    signature, and hash function sent to receiver.
  • Receiver uses senders public key to decipher the
    digital signature and reveal the message digest.
  • Then receiver applies hash function to received
    message to insure match.

7
Timestamping
  • Binds a time and date to message, solves
    non-repudiation
  • Third party, timestamping agency, timestamps
    messags

8
Digital certificate
  • Digital document issued by certification
    authority
  • Includes name of company, companys public key,
    serial number, expiration date and signature of
    trusted third party
  • Leading certificate authority --Verisign
    (www.verisign.com)

9
Secure Sockets Layer (SSL)
  • Non-proprietary protocol that provides
    transaction security
  • Developed by Netscape
  • Operates between TCP/IP and application software
  • Uses public-key technology and digital
    certificates to authenticate server and protect
    private information.
  • Client and server negotiate session keys
    (private, symmetric key) to continue transaction
  • Protocol switches from http to https

10
Secure Electronic Transaction (SETTM)
  • Designed to protect e-commerce payments
  • Certifies customer, merchant and merchants bank
  • Requires that
  • Merchants have a digital certificate and SET
    software
  • Customers have a digital certificate and digital
    wallet to store credit card information and
    identification
  • Merchant never sees the customers personal
    information as it is sent straight to bank

11
Attacks on Security
  • Denial of service attacks
  • Use a network of computers to overload servers
    and cause them to crash or become unavailable to
    legitimate users
  • Flood servers with data packets
  • Alter routing tables which direct data from one
    computer to another
  • Distributed denial of service attack comes from
    multiple computers
  • Viruses
  • Computer programs that corrupt or delete files
  • Sent as attachments or embedded in other files
  • Worm
  • Can spread itself over a network, doesnt need to
    be sent
  • Web defacing

12
Firewalls
  • Used to protect intranets connected to Internet
  • Allow only authorized users access
  • Prevent unauthorized users from obtaining access
  • Trade-off between security and performance and
    convenience
  • Prohibits all data not explicitly allowed or
    allows all data not explicitly prohibited

13
Types of Firewalls
  • Packet filtering firewall examines all data sent
    from outside the LAN and rejects any external
    data packets that are addressed to local network
    addresses (e.g., router)
  • Application firewall is an application that
    mediates traffic between a protected network and
    the Internet (e.g., proxy server). It includes
    software components that do logging and access
    control, network address translation, etc.
    However, having an application in the way in some
    cases may impact performance and may make the
    firewall less transparent.

14
Biometrics
  • Has become a very important topic not just for
    Internet usage.
  • Uses personal information to identify a user,
    e.g., fingerprint, iris scan, face scan, etc.
  • Suggested as a possible ID card for frequent
    flyers, etc.

15
Steganography
  • Hiding information within other information
  • Usually hidden in image or sound or video
  • Again, a very hot topic right now as it is
    suspected that terrorists used Internet for
    communication, but hid transmissions perhaps
    using steganorgraphy

16
Error Detection and Control
  • Included as part of TCP/IP protocol.
  • Operates primarily at packet level. Uses packet
    checksum which is computed and sent with each
    packet. Recomputed on the receiving end.
  • Uses ACK and NAK protocol to acknowledge
    successful or non-successful transmission

17
Availability
  • Redundant components
  • Disaster Recovery
  • Business continuity plan
  • Available in-company resources
  • Available hosted disaster recovery facilities
  • Mobile data centers
  • Aftermath Technology Tools and Services
Write a Comment
User Comments (0)
About PowerShow.com