Professional Documents
Culture Documents
Issue
Main Aim
Ecommerce Related payment mechanism. All parties so involved must be certified by third trusted party. Strong mechanism in SET for all parties involved. Unlikely as Financial details are given to PAYMENT Gateway. Customer has to digitally sign payment instructions.
Certification
Authentication
Mechanisms in place but not very strong. Possible since customer gives Financial details to merchant. Possible as no mechanism exist if a customer refuses to pay later.
Risk of Merchant Fraud Risk of Customer fraud. Action in case of customer fraud. Practical Usage
RSA algorithm
1. RSA is an asymmetric (or public key) cryptographic Algorithm.
block cipher
1. Block ciphers encrypt fixed length blocks of bits
2. Block ciphers usually execute slow. 3. In terms of hardware complexity, block ciphers are relatively more complex. 4. When using certain modes of operation, a block cipher can be used to act as a stream cipher.
Active attack
1. Active attack, the attacker needs to first gain the physical control of the media. 2. Active attacks can be easily detected. 3. Proper cure should be taken in case of active attack. 4. In active attack the attacker uses this information to launch a successful attack on target. 5. Active attacks involve some modification of the data stream or the creation of a false stream.
Passive Attack
1. Passive attack the attacker merely needs to observe the Conversation. 2. Passive cannot easily detect. 3. Prevention is better for passive attacks. 4. Attacker needs more time to get information about the target in passive attack. 5. Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
Asymmetric key
1. Asymmetric uses both a public and private key.
2.Asymmetric allows for distribution of your public key to anyone with which they can encrypt the data they want to send securely and then it can only be Decoded by the person having the private key. This eliminates the need of having to give someone the secret key (as with symmetric encryption) and risk Having it compromised.
3. Fast process
3. Slow process
The issue with asymmetric is that it is about 1000 times slower than symmetric encryption which makes it impractical when trying to encrypt large amounts of data. Also to get the same security strength as symmetric, asymmetric must use strong a stronger key than symmetric.
Environmental shortcomings
Encryption system dependence
Any encryption algorithms can be used in v5 but only DES is possible in v4.
Only IP is possible
Ticket Lifetime
Authentication Forwarding
V4 does not allow credentials issued to one client to be forwarded to some other Host and used by some other client. V5 provides this capability.
Technical deficiencies