Security Analysis

Nowadays, micropayment systems have become popular methods for the purchase of low value goods. Security related topic is the most important issue that concern people on the micropayment systems. In order to enhance the security of our Social Payment system, we carried out the security analysis.

1. Goal

  • Execute an in-depth technological protection analysis
  • Examine and resolve weaknesses in the QuidLink system.
  • Analyse the sensitivity of data in terms of C.I.A:

                – Confidentiality – Protect limitations on details access

                – Integrity – Protecting against inappropriate details modification

                – Availability – Ensure timely, efficient accessibility and use of information

2. Analyzed various execution weaknesses that made QuidLink transaction program insecure

3. Threat Analysis:

  • Detailed evaluation of possible risks to the system
  • To recognize the technological causes of each protection problem and their consequences

4. Risk Analysis:

  • An evaluation of the prospect of the incident of each security vulnerability
  • A evaluation of the price of threat vs. price of protection
  • Identify or offer a remedy for each vulnerability

5. Related System

  • CyberCoin: the economical details is secured and electronically finalized, but the concept itself is not.
  • eCash: provides the biggest security possible by implementing public key digital trademark methods. Additional security measures include the security of eCash distributions from the Customer’s account with a security password that is only known to him; not even to his financial institution.
  • NetBill: uses a mixture of public-key cryptography and a version of symmetric-key cryptography to create sure that all its emails are protected, and all dealings are approved. Their strategy is in accordance with the well-tested Kerberos protocol.
  • Millicent: Each deal needs that the client know the key associated with the scrip. The method never delivers the key in the obvious, so there is no threat due to eavesdropping. No part of scrip can be recycled, so a replay strike will fail
  • METEORE 2000: All dealings are done in XML, are electronically finalized using a PKI, and are using an properly secured (128bit key) SSL service provider. The system itself is properly secured with fire walls and NIDSs, following a ”no-man” structure. The management is done slightly using SSL and X509 accreditations, and the reliability is obtained using reflecting and back-up methods. (Vidalis, 2004)

Solutions

The solutions of efficient and secure payment systems are as follows: (Kiran, 2012)

  1. The security of the period can be assured working on off-line method as immediate access to central server is impossible.
  2. The program must ensure privacy for the customer thereby defending the real identification of customer engaged in the program.
  3. Avoid dual payment in one transaction.
  4. Avoid forged or illegal resources.
  5. Ensuring non-repudiation for the customer engaged, the providers, and the bank
  6. Increased effectiveness must be assured for maximum use of memory and sources engaged.
  7. The program should not use much innovative components for implementation in order to reduce the complexions engaged in keeping security
  8. The system must be scalable.

References

Kiran N.C., Kumar, N. (2012). “Implication of Secure Micropayment System Using Process Oriented Structural Design by Hash chaining in Mobile Network”, IJCSI International Journal of Computer Science Issues, Vol. 9, pp, no 2.

Vidalis, S. (2004). Security Analysis of Micro-Payment Systems. Computing Research: Technical Reports, School of Computing. Pontypridd, University of Glamorgan,[online] http://www. glam. ac. uk/socschool/research/publications/technical/CS-04-02. pdf.

Article written by

Please comment with your real name using good manners.

Leave a Reply