Security System Analysis

Security System Analysis Paypal The information era has totally revolutionized our society with its sphere of influence touching every facet of our lives. There is a paradigm shift in our business methodology and ecommerce has evolved as an integral and indispensable aspect of any business venture that wishes to capitalize on the global market that technology promises. Today more and more companies are recognizing the vast potential and the unprecedented customer base of ecommerce which is definitely poised to become the mainstay business medium of the future.

With ecommerce exploding like anything there will be more and more transfer of funds online. It stands out clearly that the anonymous nature of the web medium poses issues pertaining to the credibility and authenticity and thus compromises on the flexibility and the comfort of the web. The success of fast online fund transfer very much hinges on implementing effective security measures to thwart the designs of hackers and other snoopers who threaten the whole concept.

Paypal is a concept that offers a hassle free and secure solution for online funds transfer. Let us have a brief outlook on the issues pertaining to security on the web and how Paypal, one of the leading online payment networks handles this area of concern. Paypal Features Paypal is rapidly developing into one of the easiest methods of transferring funds and making payments online. The Paypal concept allows money to be transferred via email to anybody who has a paypal account.

The company has attracted several millions of people in the United States alone and is already accepting international customers. Let us now dwell in depth on Paypal's security features that protect the confidentiality and privacy of the users and how it strives to ensure the authenticity and the credibility of the transactions. Dangers of Security Lapses One of the worst fears of people using the Internet is the danger of ending up disclosing (unknowingly) their personal and financial information to a nosey hacker.

If information transaction is not sufficiently protected by means of encryption techniques and protocols which ensure authenticity of the transaction the whole concept of web trade will be at a risk. The huge pile of personal data that is stored in the company servers can be accessed or manipulated by these evasive intruders exposing the customers to grave consequences. In fact loss of privacy and impersonation have proved to be the bane of the information highway.

Ensuring Privacy (Isolated Storage) The main idea behind the birth of the Paypal concept is to get around the hidden dangers involved in the disclosure of sensitive information such as credit card numbers and other personal data without hindering online transactions. Paypal protects the financial as well as the personal information of its members from fellow members. Information pertaining to each customer is stored in an encrypted form in computer systems that are totally isolated from the web.

This ensures that information is accessible only to the Paypal staff who need the data to provide the requested services. All transactions and updations of personal information are regulated by a password system and a highly sophisticated encryption mechanism. {Paypal] The SSL Security (Digital integrity and authenticity) Paypal is secure with the SSL (Secure Sockets Layer) protocol, which implies that all the transactions between the client and the host are safe as the data which is exchanged is rendered undecipherable and meaningless to anyone who happens to gain unauthorized access.

The essential idea of the SSL protocol is to encrypt the information at the sender's end and decrypt the same at the receiver's end. En route the data cannot be extracted in a meaningful form which in effect makes the whole transaction tamper proof. Paypal uses digital signatures to verify each transaction for completeness and authenticity and to identify if information is tampered with or is lost due to some reason while on transit.

Digital signatures ensure that the data that is passed on is unchanged and they also have an automatic time stamping facility. SSL protocol is actually made up of two separate protocols namely the SSL Record Protocol and the SSL Handshake protocol. SSL record protocol looks after the format in which data is transmitted over the web and also manages the data integrity. SSL handshake protocol on the other hand determines the session key or the secret key.

The SSL handshake protocol initiates the transaction process by sending the SSL version number and other data such as the cipher settings to the server. The server, in return, sends its SSL version, cipher settings and a digital certificate to the client. Once the certificate from the Paypal server is received the client verifies its authenticity with a certificate authority such as VeriSign. This verification ensures that the public key sent by the server through the certificate is genuine.

Once the server is authenticated the client machine creates a 'Premaster Key', encrypts it using the public key supplied by the server and sends back the encrypted 'Premaster key' to the server. Upon receiving the 'Premaster key' the Paypal server generates the 'Master secret' by decrypting the 'Premaster Key' using its private key. The 'Master key' thus generated is used to determine the 'Session key'.

The server finally passes on the session key to the client and all further exchange of data for that particular session are done in an encrypted form using the session key. Since the 'Session Key' is a symmetrical one the encrypted message is decrypted at the server. [Chip, November 2000, 4].

Disadvantages of SSL While SSL offers a safe and secure way of transferring sensitive information online there are some obvious disadvantages compared to other protocols such as Kerberos in that the VeriSign certificate is permanently stored on the client's hard disk which involves a certain degree of risk as it gives a chance for potential hackers to have a go at the encrypted certificate. Furthermore the Certification Company has to maintain a revocation server to deal with problem of a compromised certificate.

The system overheads caused due to encryption and decryption tend to slow down the speed. [Faqs.org] Paypal's Encryption and Firewall Protection The most commonly used encryption methods are the 40 bit or 128 bit systems. Paypal uses 128-bit encryption, which is one of the most robust and highly safe technique by present day encryption standards. A 40-bit encryption by itself generates billions of keys from which only one will be used as the session key.

128 bit encryption which is the standard adopted by Paypal makes it all the more safe and virtually impossible for a potential hacker to tamper with as it generates around (1026* 3) more keys when compared with the 40 bit encryption. The Paypal database which stores all the personal information is behind a firewall and.