Appendix A: Security Framework


Overview

This appendix describes a possible security framework. It facilitates the qualitative understanding of security issues encountered in the analysis and design of electronic payment systems. This process is schematized in Figure A.1.

click to expand
Figure A.1: Definition of a security framework.

A top-down approach can be used in the description of this security framework, following the steps listed below.

Step 1: Interface decomposition Each electronic payment system is composed of a number of interfaces, with each interface opposing two parties. Generally, the main interfaces are cardholder-merchant, merchant-acquirer, acquirer-card association, card association-issuer, and issuer-cardholder. Depending on the particular features of each payment system, other interfaces could be identified.

Step 2: Threat analysis On each identified interface, the two parties have established a business relationship, which determines a set of transactions to be performed between them. For the completion of each transaction, messages are exchanged from one party to another according to a well-established protocol. The threat analysis identifies the consequences of possible protocol deviations on the business interests of each party. The parties participating in the protocol are first concerned about the threats generated by third parties, which are not eligible to participate in the protocol. If the two parties are mutually distrustful, they have to protect themselves from threats arising due to the misbehavior of each party during the participation in the protocol. Appendix B defines some of the security threats that can be identified in any interface between two communicating parties.

Step 3: Security services Each threat can be countered by a security service, which is a generic solution towards reducing or eliminating the impact of a threat on the business interests of the parties. The definition of the security requirements is the second step in the construction of the security framework, mapping security services to threats. Appendix C describes the security services that can counter the identified threats: confidentiality, entity authentication, data origin authentication and integrity, timeliness, and non- repudiation .

Step 4: Security mechanisms Each security service is implemented through an adequate security mechanism. The attribute adequate refers to the tradeoff between providing the required level of security and the cost of implementing the corresponding security mechanism. This means that the choice of a security mechanism is biased by economical considerations: the level of strength of the security mechanism must be in accordance with the value of the assets to be protected by parties. Risk management is the process of selecting the security mechanism in a cost-effective way.

The main security mechanisms used in the design of the protocols underlying payment systems' functionality are described in Appendix D, including symmetric and asymmetric enciphering , cryptographic hash functions, digital signatures, public key certificates, cardholder verification mechanisms, static and DDA mechanisms.

Step 5: Cryptographic primitives A security mechanism can be implemented with one or several cryptographic primitives. The choice of one cryptographic primitive or another is also determined by a trade-off, this time between the level of strength of the primitive against known classes of attacks and the costs determined by the implementation of the primitive. These costs are related to key management as well as software and hardware platforms needed to implement the primitive. In many cases, the choice of a cryptographic primitive is strongly influenced by subjective factors, among which are export regulations dictated by national security reasons, claimed intellectual rights protected by patents, and protectionist measures.

Appendix E is dedicated to block ciphers, their operating modes, and the main representatives. Appendix F presents a tutorial on the RSA public key encryption system and the RSA digital signature scheme. The interested reader can find more information on cryptographic primitives in [1].




Implementing Electronic Card Payment Systems
Implementing Electronic Card Payment Systems (Artech House Computer Security Series)
ISBN: 1580533051
EAN: 2147483647
Year: 2003
Pages: 131
Authors: Cristian Radu

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net