SET is Secure Electronic Transaction protocol which has been developed by Visa and MasterCard. SET is a security method in payment card transactions over open networks. It is highly interested by the industrial (Lu & Smolka 1999). SET is an open protocol and standard for protecting the privacy, which ensuring the authenticity of the electronic transaction (Wiley & Sons 1996). They also said that SET protocol consist of two different encrytion mechanisms. SET uses sysmmetric encryption, in the form of the aging DES (Data Encryption Standard), and uses asymmetric (public key) encrytion to transmit session keys for DES transactions. SET simple uses 56 bits session keys which are transmitted asymmetrically. As the public key cryptography is only used to encrypt DES keys and for authentication, and not for the main body of the transaction to save computational cost.
Authentication is important in e-commerce for both merchants and consumer. Authentication is achieved through the use of digital signatures in SET. SET uses hashing algorithm to sign a transaction message with the sender's public key, and the authenticity of the transaction can be verified (Wiley & Sons 1996).
Two encryption algorithms are used in the SET protocol. They are DES and RSA. The DES algorithm has been used since year 1970 (Wiley & Sons 1996). RSA is the first great advances algorithm for public key cryptography, and widely used in e-commerce protocols. RSA provides a secure and sufficient log keys for the use of up-to-date implementations. RSA was publicly described in 1977 by Ron Rivest, Adi Shamir and Leonard Adlenan. RSA are the initails of their surnames. RSA is a asymmetric encrytion which consist of public key and private key (Wikipedia 2009).
2.What can you find out about network and host-based intrusion detection systems?
An intrusion detection system (IDS) is used to monitor all inbound and outbound activity in the network, and recognizes suspicious patterns that may indicate a system or network attack from someone who attempting to break into or compromise the system. IDS could be categorized into (Webopedia 2002):
- Misuse detection vs anomaly detection
- Network-based vs host-based system
- Passive system vs reactive system
3.What is ‘phishing’?
Phishing is an action of sending e-mail to a user falsely claiming that come from a legitimate enterprise, in attempt to scam the user to provide private information. The e-mail may directs the user to visit a Web site that ask to update his personal information such as passwords and credit card, social security and bank account numbers. The Web site is bogus and set up for stealing user's information (Webopedia 2008).
Reference
- Lu, S. and Smolka, S. A. (1999), Model checking the secure electronic transaction (set) protocol, Dept. of Comput. Sci., State Univ. of New York, Stony Brook, NY, 358-368.
- Wiley, J. and Sons (1996), Secure electronic transactions : an overview, Schneier, Bruce. Applied Cryptography, Retrieved at http://www.davidreilly.com/topics/electronic_commerce/essays/secure_electronic_transactions.html on 23rd April, 2009.
- Wikipedia (2009), RSA, Retrieved at http://en.wikipedia.org/wiki/RSA on 23rd April, 2009.
- Webopedia (2002), intrusion detection system, Retrieved at http://www.webopedia.com/TERM/I/intrusion_detection_system.html on 23rd April, 2009.
- Webopedia (2008), phishing, Retrieved at http://www.webopedia.com/TERM/p/phishing.html on 23rd April, 2009.
No comments:
Post a Comment