Professional Documents
Culture Documents
Lecture overview
• Transaction???
• Transaction security
• Requirements of Transaction security
• Types of transaction
• Encryption
• Types of encryption
• Private key encryption & its limitations
• Public key encryption
Transaction
• A transaction is an agreement, communication, or movement
carried out between separate entities or objects, often
involving the exchange of items of value, such as information,
goods, services, and money.
• It is still a transaction if you exchange the goods at one time,
and the money at another.
• This is known as a two part transaction, part one is giving the
money, part two is receiving the goods.
• A financial transaction is an event or condition under the
contract between a buyer and a seller to exchange an asset
for payment.
• It involves a change in the status of the finances of two or
more businesses or individuals.
Transaction Security
• Transaction security has become a high-profile concern
because of the increasing number of merchants trying to
start commerce online.
• Consumer confidence in the reliability and protection of
business transactions against third-party threats must be
enhanced before electronic commerce can succeed.
• Transaction privacy, confidentiality and integrity are the
main barriers to the widespread acceptance of electronic
commerce.
Requirements for Transaction Security
• Privacy:
Transactions must be kept private and inviolable in the sense
that eavesdroppers cannot understand the message content.
• Confidentiality:
Traces of transactions must be expunged from the public
network.
No intermediary should be allowed to hold copies of the
transaction unless authorized to do so.
• Integrity:
Transaction must not be tampered or interfered with.
Transmitted information must be unaltered during
transmission.
Types of online transactions
• The type of transaction depends on the type of data (or
content) being sent across the network.
• The different categories of data are:
• Public Data:
This type of data has no security restrictions and may be
read by anyone.
Such data should, however, be protected from unauthorized
tampering or modification.
• Copyright data:
This type of data is copyrighted but not secret.
The owner of the data is willing to provide it, but wishes to
be paid for it.
In order to maximize revenue, security must be tight.
Types continued…
• Confidential data:
This type of data contains content that is secret but the
existence of the data is not a secret.
Such data include bank account statements and personal
files.
• Secret data:
The existence of this type of data is a secret and must be
kept confidential at all times.
It is necessary to monitor and log all access and attempted
access to secret data.
Encryption or cryptography
• Cryptography transforms data by using a key(a string of
digits/characters that act as password) to make the data
incomprehensible to all but the sender and intended
receivers.
• The encrypted data is called cipher text.
• Data encrypted at the sender by an encryption algorithm
should be decrypted at the receiver using a decryption
algorithm.
• Types of encryption:
• Private-key/Secret key/Single key/Symmetric key
encryption
• Public key encryption
Encryption
Cypher text
Message
Message Cypher text
Internet
Internet Cypher text
Cypher text
Message
Message
Secret key encryption
• Secret key encryption involves the use of a
shared key for both encryption by the
transmitter and decryption by the
receiver.
How it works???
• Secret key encryption works in the following way.
• Pair of keys
• Number of keys • Single key
• One key is private and
• Types of keys • Key is secret one is public