Rehan Ullah

Lecture overview
• Transaction???
• Transaction security
• Requirements of Transaction security
• Types of transaction
• Encryption
• Types of encryption
• Private key encryption & its limitations
• Public key encryption
 Transaction
• A transaction is an agreement, communication, or movement
carried out between separate entities or objects, often
involving the exchange of items of value, such as information,
goods, services, and money.
• It is still a transaction if you exchange the goods at one time,
and the money at another.
• This is known as a two part transaction, part one is giving the
money, part two is receiving the goods.
• A financial transaction is an event or condition under the
contract between a buyer and a seller to exchange an asset
for payment.
• It involves a change in the status of the finances of two or
more businesses or individuals.
 Transaction Security
• Transaction security has become a high-profile concern
because of the increasing number of merchants trying to
start commerce online.
• Consumer confidence in the reliability and protection of
business transactions against third-party threats must be
enhanced before electronic commerce can succeed.
• Transaction privacy, confidentiality and integrity are the
main barriers to the widespread acceptance of electronic
commerce.
Requirements for Transaction Security
• Privacy:
 Transactions must be kept private and inviolable in the sense
that eavesdroppers cannot understand the message content.
• Confidentiality:
 Traces of transactions must be expunged from the public
network.
 No intermediary should be allowed to hold copies of the
transaction unless authorized to do so.
• Integrity:
 Transaction must not be tampered or interfered with.
 Transmitted information must be unaltered during
transmission.
 Types of online transactions
• The type of transaction depends on the type of data (or
content) being sent across the network.
• The different categories of data are:
• Public Data:
 This type of data has no security restrictions and may be
read by anyone.
 Such data should, however, be protected from unauthorized
tampering or modification.
• Copyright data:
 This type of data is copyrighted but not secret.
 The owner of the data is willing to provide it, but wishes to
be paid for it.
 In order to maximize revenue, security must be tight.
 Types continued…
• Confidential data:
 This type of data contains content that is secret but the
existence of the data is not a secret.
 Such data include bank account statements and personal
files.

• Secret data:
 The existence of this type of data is a secret and must be
kept confidential at all times.
 It is necessary to monitor and log all access and attempted
access to secret data.
 Encryption or cryptography
• Cryptography transforms data by using a key(a string of
digits/characters that act as password) to make the data
incomprehensible to all but the sender and intended
receivers.
• The encrypted data is called cipher text.
• Data encrypted at the sender by an encryption algorithm
should be decrypted at the receiver using a decryption
algorithm.
• Types of encryption:
• Private-key/Secret key/Single key/Symmetric key
encryption
• Public key encryption
 Encryption

Cypher text
Message
Message Cypher text

Internet
Internet Cypher text
Cypher text

Message
Message
 Secret key encryption
• Secret key encryption involves the use of a
shared key for both encryption by the
transmitter and decryption by the
receiver.
 How it works???
• Secret key encryption works in the following way.

• Anne encrypts the PO( the plain text) with an

encryption key.

• Anne sends the encrypted PO(the cipher text) to

Bob.

• Bob decrypts the cipher text with the decryption

key and reads the PO.
Secret key encryption continued…
• In secret key encryption the encryption key and
decryption key are same.

• The transmitter uses a cryptographic secret key to

encrypt the message and the recipient must use
the same key to decipher or decrypt it.
 Limitations of secret key
• All parties must know and trust each other completely.

• All parties must have in their possession a protected copy of

the key.

• If the transmitter and receiver are in separate sites, they

must trust not being overheard during face-to-face
meetings or over a public messaging system( a phone system
or a postal service) when the secret key is being exchanged.

• Anyone who over hears or intercepts the key in transit can

later use that key to read all encrypted messages.
 Limitations continued…
• Shared keys must be securely distributed to each
communicating party, secret key encryption suffers from the
problem of key distribution, generation, transmission and
storage of keys.
• Secure key distribution is cumbersome in large networks and
does not scale well to a business environment where a
company deals with thousands of online customers.
• Secret key encryption is impractical for exchanging message
with a large group of previously unknown parties over a public
network.
• In order for a merchant to conduct transactions securely with
internet subscribers, each customer would need a distinct
secret key assigned by the merchant and transmitted over a
separate secure channel such as telephone,adding to the
overall cost.
 Public key encryption
• Public key encryption uses two keys.
• One key to encrypt the message and a different key to
decrypt the message.
• The two keys are mathematically related so that data
encrypted with one key can only be decrypted using the
other.
• Public key encryption uses a pair of keys for each party.
• One of the two keys is public and the other is private.
• The public key made known to other parties.
• The private key must be kept confidential and must be
known only to its owner.
• Both keys however need to be protected against
modification.
 Public key encryption continued…
• The best known public key encryption algorithm is RSA.
• In RSA method, each participant creates two unique keys, a
public key which is published in a sort of public directory
and a private key which is kept secret.
• The two keys work together, whatever data one of the keys
locks only the other can unlock.
 How it works???
• If an individual wants to send a secret email to a friend, he
simply looks up his public key and uses that key to encrypt
her text.
• When the friend receives the email, he uses his private key
to convert the encrypted message on his computer screen
back to the sender’s original message in clear text.
• Since only the intended user has knowledge of the private
key therefore only he can decrypt the message.
• If a criminal intercepts the message during transmission he
has no way to decipher it.
 Keys comparison
Features Secret key Public key

• Pair of keys
• Number of keys • Single key
• One key is private and
• Types of keys • Key is secret one is public

• Need digital certificates

• Key management • Simple but difficult to and trusted third parties
manage
• Relative Speeds • Very fast • Slower

• Used for less demanding

• Usage • Used for bulk data applications such as
encrypting small
documents or to sign
messages
Eid-ul Azha mubarik
in
advance
& have pleasant time
at
Home