-2

eCommerce systems are increasingly gaining importance in modern digital markets. Since most electronic transactions occur on a range of platforms, securing e-commerce transactions using Mobile Agents in dynamic environments is a concern for enterprise, stakeholders and users. My question relates to which how online transactions may achieve privacy, integrity, authentication, non-repudiation from the perspective of both data security (ciphers) and transaction security that affects how digital products may be exported to other countries. Previous discussions about security for online transactions include e-Banking, fraud prevention and credit cards.Although some aspects of security have been covered, what are the following aspects fully secure against cryptanalysis?

Privacy and confidentiality

Encryption algorithms such as Triple-DES,AES,SHA and Saville(voice encryption) partly explain how privacy and confidentiality can be used to secure enterprises but how do these systems assist in the context of unauthorized dissemination of sensitive data in dynamically changing mobile environments?

Authentication

In different environments, different best effort strategies are used for continuous authentication. Ideally, only the intended information is provided to the appropriate party at the desired moment. Unlike traditional known environments, it can sometimes be difficult to handle multitude of electronic identities or manage their relationships (i.e. among users, service providers) efficiently.

Non-repudiation

In the context of mobile payments via smartphones, NFCs etc, financial transactions currently derives security from the SIM cards. In the future, biometrics instead of digital signatures is likely to be employed. This opens up another level of discussion which would not be explored on this thread.

Community
  • 1
BitsInForce
  • 305
  • 1
  • 10

1 Answers1

4

Your question as originally posted is not very clear.

  • If you require Public Key / Asymmetric Encryption algorithm, the safe/simple choice is to use RSA with a 2048 or better key size.

  • If you require a plain Symmetric encryption algorithm, a good choice is AES-256.

  • The keys should be created from a Cryptographically Secure random number generator.

  • For opening a connection between two computers, use a TLS connection (which is also used in HTTPS), so that you can not only encrypt the connection, but also verify the identity of the server that you have connected to.

All of these are sufficient for E-Commerce or even Military applications, as long as they have been properly implemented, and the system in which they are used is properly designed.

Regarding your question of Export, you should first determine which algorithm(s) you are interested, and then post a more specific question.

700 Software
  • 13,807
  • 3
  • 52
  • 82