Secure Electronic Transaction (SET) Protocol

 

Secure Electronic Transaction (SET) Protocol

• Secure Electronic Transaction or SET is a system that ensures the security and integrity of electronic transactions done using credit cards. 
• SET is not a system that enables payment but it is a security protocol applied on those payments. 
• It uses different encryption and hashing techniques to secure payments over the internet done through credit cards. 
• SET protocol was supported in development by major organizations like Visa, Mastercard, Microsoft which provided its Secure Transaction Technology (STT) and NetScape which provided the technology of Secure Socket Layer (SSL).
• SET protocol restricts revealing of credit card details to merchants thus keeping hackers and thieves at bay. 
• The SET protocol includes Certification Authorities for making use of standard Digital Certificates like X.509 Certificate.

Requirements in SET 

SET protocol has to meet some requirements such as,

• It has to provide mutual authentication i.e., customer (or cardholder) authentication by confirming if the customer is intended user or not and merchant authentication.
• It has to keep the PI (Payment Information) and OI (Order Information) confidential by appropriate encryptions.
• It has to be resistive against message modifications i.e., no changes should be allowed in the content being transmitted. (integrity)
• SET also needs to provide interoperability (the ability of computer systems or software to exchange and make use of information) and make use of the best security mechanisms.

Participants in SET 

In the general scenario of online transaction, SET includes similar participants:

1. Cardholder – customer
2. Issuer – customer financial institution
3. Merchant
4. Acquirer – Merchant financial institution
5. Certificate authority – Authority which follows certain standards and issues certificates (like X.509V3) to all other participants.

Key Features

• Provide Authentication
• Merchant Authentication – SET allows customers to check previous relationships between merchants and financial institutions to prevent theft. Standard X.509V3 certificates are used for this verification.
• Customer / Cardholder Authentication – SET checks if the use of a credit card is done by an authorized user or not, using X.509V3 certificates.

• Provide Message Confidentiality: Confidentiality refers to preventing unintended people from reading the message being transferred. SET implements confidentiality by using encryption techniques. Traditionally DES is used for encryption purposes.

• Provide Message Integrity: SET doesn’t allow message modification with the help of signatures. Messages are protected against unauthorized modification using RSA digital signatures with SHA-1 and some using HMAC with SHA-1

Working Of SET

Dual Signature 

The dual signature is a concept introduced with SET, which aims at connecting two information pieces meant for two different receivers :

• Order Information (OI) for merchant
• Payment Information (PI) for bank

The merchant does not need to know the customer's credit card number, and the bank does not need to know the details of the customer's order but sending them in a connected form resolves any possible disputes in the future.

Generation of Dual Signature

• The message digest (MD) of the OI and the PI are independently calculated by the customer. 
• These are concatenated and another MD is calculated from this. 
• Finally, the dual signature is created by encrypting the MD with the customer's secret key. 
• The dual signature is sent to both the merchant and the bank. 
• The protocol arranges for the merchant to see the MD of the PI without seeing the PI itself, and the bank sees the MD of the OI but not the OI itself. 
• The dual signature can be verified using the MD of the OI or PI, without requiring either the OI or PI. 
• Privacy is preserved as the MD can't be reversed, which would reveal the contents of the OI or PI.

Strength Of SET Protocol

• Secure enough to protect the user's credit card numbers and personal information from attacks 
• Hardware independent
• Worldwide usage
• Confidentiality of information
• Integrity of data
• Authentication of customer & merchant account 

Weakness of SET Protocol

• User must have credit card
• It is not cost-effective when the payment is small
• None of the anonymity and it is traceable
• Network effect - need to install client software (an e-wallet)
• Cost and complexity for merchants to offer support, contrasted with the comparatively low cost and simplicity of the existing SSL based alternative

Recent Trends in Embedded Computing

 

Recent Trends in Embedded Computing

An embedded system is an application-specific system designed with a combination of hardware and software to meet real-time constraints. 

The key characteristics of embedded industrial systems include speed, security, size, and power. 

The industry for embedded systems is growing and there are still several barriers that must be overcome. Below are notable trends of the embedded systems.

Improved Security for Embedded Devices

• With the rise of the Internet of Things (IoT), the primary focus of developers and manufacturers is on security. 

• Advanced technologies for embedded security will emerge as key generators for identifying devices in an IoT network.

Cloud Connectivity and Mesh Networking

• Connecting embedded industrial systems to the internet and cloud can take weeks and months in the traditional development cycle. Consequently, cloud connectivity tools will be an important future market for embedded systems. These tools are designed to simplify the process of connecting embedded systems with cloud-based services by reducing the underlying hardware complexities.

• A the similar yet innovative market for low-energy IoT device developers is Bluetooth mesh networks. These solutions can be used for the seamless connectivity of nearby devices while reducing energy consumption and costs.

Reduced Energy Consumption

• A key challenge for developers is the optimization of battery-powered devices for low power consumption and maximum uptime. 

• Several solutions are under development for monitoring and reducing the energy consumption of embedded devices. These include energy monitors and visualizations that can help developers fine-tune their embedded systems, and advanced Bluetooth and Wi-Fi modules that consume less power at the hardware layer.

Real-Time Visualization 

• Developers currently lack tools for monitoring and visualizing their embedded industrial systems in real-time. 

• The industry is working on real-time visualization tools that will give software engineers the ability to review embedded software execution. These tools will enable developers to keep a check on key metrics such as raw or processed sensor data & event-based context switches for tracking the performance of embedded systems.

Deep Learning Applications

• Deep learning represents a rich, yet unexplored embedded systems market that has a range of applications from image processing to audio analysis. 

• Even though developers are primarily focused on security and cloud connectivity right now, deep learning and artificial intelligence concepts will soon emerge as a trend in embedded systems.

Embedded Product Development Life Cycle (EDLC)

 

It is an Analysis – Design – Implementation based problem-solving approach for embedded systems development.

There are three phases to Product development:

•  Analysis involves understanding what product needs to be developed.
• Design involves what approach to be used to build the product.
• Implementation is developing the product by realizing the design. 

Why we need EDLC?

• Essential for understanding the scope & complexity of the work involved in embedded systems development.
• It can be used in any developing any embedded product.
• Defines the interaction and activities among various groups of a product development phase.

Objectives of EDLC

• The aim of any embedded product in a commercial production setup is to produce Marginal benefit. Marginal is usually expressed in terms of Return On Investment.
•  The investment for product development includes initial investment, manpower, infrastructure investment, etc.
• The product needs to be acceptable to the end-user in terms of quality, reliability & functionality.

The primary objectives are:

• Ensuring that high-quality products are delivered to the user
• Risk minimization & defect prevention through project management
• Maximize productivity

# Ensuring that high-quality products are delivered to the user

Quality in any product development is Return On Investment, achieved by the product. The expenses incurred for developing the product are:-

• Initial investment
• Developer recruiting
• Training
• Infrastructure requirement related

# Risk minimization & defect prevention through project management

Project in EDLC requires loose or tight project management.

Project management adds an extra cost on a budget but essential for ensuring the development process is going in the right direction and is required for ;

• Predictability (Analysing the time to finish the project)

• Coordination (Resources(developers) needed for the job)

• Risk Management (Backup of resources to overcome critical situations & ensuring the defective product is not developed)

# Maximize productivity

Productivity is a measure of efficiency as well as Return On Investment.

Different ways to improve productivity are,

• Saving manpower.

• Use of automated tools wherever required.

• Reusable effort- work which has been done for the previous product can be used, if similarities present b/w previous & present product.

DIFFERENT PHASES OF EDLC

Need

The need may come from an individual or from the public or from a company. The need should initiate the “Development Life Cycle”. Need  can be visualized in any one of these requirements :

•  New or Custom Product Development - The need for a product that does not exist in the market or a product that acts as a competitor to an existing product in the current market will lead to the development of a completely new product. The product can be a commercial requirement or an individual requirement or a specific organization’s requirement

• Product Re-engineering - Re-engineering a product is a process of making changes in existing product design and launching it as a new version. It is generally termed as a product upgrade. Re-engineering an existing product comes as a result of the needs like Change in Business requirements, User Interface Enhancements, Technology Upgrades.

• Product Maintenance - Product maintenance 'need' deals with providing technical support to the end-user for an existing product in the market. The maintenance of the request may come as a result of product non-functioning or failure. Product maintenance is generally classified into two categories: Corrective maintenance and Preventive maintenance. 

 Conceptualization 

Defines the scope of concept (Deals with the activities involved in the product to be made), performs cost-benefit analysis (Revealing and assessing the total development cost and profit expected from the product) & feasibility study (Examine the need and suggest possible solutions), and prepare project management and risk management plans. 

Analysis 

The product is defined in detail concerning the inputs, processes, outputs, and interfaces at a functional level. 

Design 

The design phase identifies the application environment and creates an overall architecture for the product.

• It starts with the Preliminary Design. 
• It establishes the top-level architecture for the product. 
• On completion, it resembles a ‘black box’ that defines only the inputs and outputs.
• The final product is called the Preliminary Design Document (PDD).
• Once the PDD is accepted by the End User the next task is to create the ‘Detailed Design’.
• It encompasses the Operations manual design, Maintenance Manual Design, and Product Training Material Design and is together called the ‘Detailed Design Document’.

Development and Testing 

 The development phase transforms the design into a realizable product. Testing can be divided into independent testing of software & Hardware like,

• Unit testing – Testing Individual modules. The unit module is either a function or a class. Unit Testing is performed by the development team, primarily the developer and is usually carried out in a peer-review model. Based on the specification of the module test cases are developed.
• Integration testing – Testing a group of modules for the required functionality. Integration testing can be classified into two segments:

Software integration testing

Software/hardware integration testing.

• System testing- Testing functional aspects or functional requirements of the product after integration. Now the module to be tested is a full framework that consists of complete software code additionally all real-time operating system (RTOS) and platform-related pieces such as interrupts, tasking mechanisms, communications and so on.
• User acceptance testing- Testing the product to meet the end-user requirements.

Deployment 

Deployment is the process of launching the first fully functional model of the product in the market. It is also known as First Customer Shipping (FCS). Tasks performed during this phase are:

• Notification of Product Deployment
• Execution of training plan
• Product installation
• Product post Implementation Review

 Support 

 The support phase deals with the operational and maintenance of the product in the production environment. The support phase ensures that the product meets the user needs and it

continues functioning in the production environment. Activities involved under support are,

• Setting up of a dedicated support wing: Involves providing 24 x 7 supports for the product after it is launched.
• Identify Bugs and Areas of Improvement: Identify bugs and take measures to eliminate them.

Upgrades

Deals with the development of upgrades (new versions) for the product which is already present in the market. During the upgrade phase, the system is subject to design modification to fix

the major bugs reported.

 Retirement/Disposal

The retirement/disposal of the product is a gradual process. This phase is the final phase in a product development life cycle where the product is declared as discontinued from the market. The disposal of a product is essential due to the following reasons,

• Rapid technology advancement
• Increased user needs

Complexity- Analysis- Asymptotic Notations (M1.2)

Complexity- Analysis- Asymptotic Notations

The complexity of an algorithm is a function describing the efficiency of the algorithm in terms of the amount of data that the algorithm must process.

In simple, it is the measure of the amount of time or space required by an algorithm for an input of a given size (n).

There are two main complexity measures of the efficiency of an algorithm:

Time complexity

• It is nothing but the measure of the amount of time that is required by an algorithm for a given input of size (n).
• The “Time” can be the number of memory accesses performed or the number of comparisons between integers, the number of times some inner loop is executed, or some other natural unit related to the amount of real-time the algorithm will take.

Space complexity

• It is similar to the time complexity but here we consider the amount of memory (space) that an algorithm takes for the given input.
• Space complexity is sometimes ignored because the space used is minimal or obvious, but sometimes it becomes as important an issue as time.

What is the Analysis of Algorithms?

The analysis of the algorithm simply means to compare the various algorithms to solve the same problem. This is done to analyse which algorithm takes fewer resources like, time, effort and memory to solve a particular problem.

Types of analysis of an algorithm

To analyze a particular algorithm, first, we need to understand which input to the algorithm takes less time and for which input it takes more time. Based on this, we divide the inputs in three cases:

1. Best case where we assume the input, for which algorithm takes less time.
2. Worst case where we assume the input, for which algorithm takes a long time.
3. Average case where the input lies in between best and worst case.

Asymptotic Notation

The standard mathematical notations of representing the complexity of an algorithm. If we want to calculate the time without execution, we consider the no. of iterations, frequency so to represent in a proper way we make use of asymptotic notations.

Types of Asymptotic Notation

1. Big-O Notation (Ο) — describes the worst-case scenario.
2. Omega Notation (Ω) — describes the best-case scenario.
3. Theta Notation (θ) — This notation represents the average complexity of an algorithm.

Big-O Notation (Ο)

• This notation is known as the asymptotic upper bound of the algorithm, or a Worst Case of an algorithm.
• It tells us that a certain function will never exceed a specified time for any value of the input n.

For a given function g(n), we denote by O(g(n)) the set of functions,

O(g(n)={f(n): there exist positive constants c and n0 such that 0 <= f(n) <= cg(n) for all n >= n0}

refer fig. b

Omega Notation (Ω)

• Big Omega notation is used to define the asymptotic lower bound of any algorithm or we can say the Best case of any algorithm.
• This always indicates the minimum time required for any algorithm for all input values, therefore the best case of any algorithm.

For a given function g(n), we denote by Ω(g(n)) the set of functions,

Ω(g(n)={f(n): there exist positive constants c and n0 such that 0 <= cg(n) <= f(n) for all n >= n0}

refer fig. c

Theta Notation (θ)

• Theta notation describes both upper bound and lower bound of an algorithm so we can say that it defines exact asymptotic behaviour.
• In the real case scenario the algorithm not always run on best and worst cases, the average running time lies between best and worst and can be represented by the theta notation.

For a given function g(n), we denote by θ(g(n)) the set of functions,

θ(g(n)={f(n): there exist positive constants c1, c2 and n0 such that 0 <= c1g(n) <= f(n) <= c2g(n) for all n >= n0}

refer fig. a

Abstract Data Types | Need | Applications of Data Structures, Symbol Table (M1.1)

 An abstract data type is defined as a mathematical model of the data objects

Abstract Data type (ADT) is a type(or class) of data whose behavior is defined by a set of values and a set of operations.

• It is called “abstract” because it gives an implementation-independent view. 
  
• The process of providing only the essentials and hiding the details is known as abstraction.
  
• The definition of ADT only mentions what operations are to be performed but not how these operations will be implemented. 
• It does not specify how data will be organized in memory and what algorithms will be used for implementing the operations.

We have three ADTs: List, Queue, Stack

List ADT

• The data is generally stored in a key sequence in a list that has a head structure consisting of count, pointers, and address of compare function needed to compare the data in the list.
• The data node contains the pointer to a data structure and a self-referential pointer which points to the next node in the list.
  
•  A list contains elements of the same type arranged in sequential order and various operations can be performed on the list.

 Stack ADT

• In Stack ADT Implementation instead of data being stored in each node, the pointer to data is stored.
• The program allocates memory for the data and the address is passed to the stack ADT. 
• The head node and the data nodes are encapsulated in the ADT. The calling function can only see the pointer to the stack.
• The stack head structure also contains a pointer to the top and a count of the number of entries currently in the stack.
• A Stack contains elements of the same type arranged in sequential order.
• All operations take place at a single end that is top of the stack.

 Queue ADT

• The queue abstract data type (ADT) follows the basic design of the stack abstract data type.
• Each node contains a void pointer to the data and the link pointer to the next element in the queue. The program’s responsibility is to allocate memory for storing the data.
• A Queue contains elements of the same type arranged in sequential order. 
• Operations take place at both ends, insertion is done at the end and deletion is done at the front. 

 

Why we need data structures?

Data structure provides a means of organizing, managing, and storing  & accessing data efficiently. It also includes the collection of data as well as the operations that can be applied to that data.

• Efficiency
• Data Organization
• Re-usability
• invisibility

Applications of Data Structures

The data structures store the data according to the mathematical or logical model it is based on. The type of operations on a certain data structure makes it useful for specific tasks. Here is a brief discussion of different applications of data structures.

Linked List

• Implementing stacks, queues, binary trees and graphs of predefined size.
• Implement dynamic memory management functions of operating system.
• Polynomial implementation for mathematical operations
• Circular linked list is used to implement OS or application functions that require round robin execution of tasks.
• Circular linked list is used in a slide show where a user wants to go back to the first slide after last slide is displayed.
• When a user uses the alt+tab key combination to browse through the opened application to select a desired application
• Doubly linked list is used in the implementation of forward and backward buttons in a browser to move backwards and forward in the opened pages of a website.
• Circular queue is used to maintain the playing sequence of multiple players in a game.

Stacks

• Temporary storage structure for recursive operations
• Auxiliary storage structure for nested operations, function calls, deferred/postponed functions
• Manage function calls
• Evaluation of arithmetic expressions in various programming languages
• Conversion of infix expressions into post-fix expressions
• Checking syntax of expressions in a programming environment
• Matching of parenthesis
• String reversal
• In all the problems solutions based on backtracking.
• Used in depth first search in graph and tree traversal.
• Operating System functions
• UNDO and REDO functions in an editor.

Queues

• It is used in breadth search operation in graphs.
• Job scheduler operations of OS like a print buffer queue, keyboard buffer queue to store the keys pressed by users
• Job scheduling, CPU scheduling, Disk Scheduling
• Priority queues are used in file downloading operations in a browser
• Data transfer between peripheral devices and CPU.
• Interrupts generated by the user applications for CPU
• Calls handled by the customers in BPO

Trees

• Implementing the hierarchical structures in computer systems like directory and file system
• Implementing the navigation structure of a website
• Code generation like Huffman’s code
• Decision making in gaming applications
• Implementation of priority queues for priority based OS scheduling functions
• Parsing of expressions and statements in programming language compilers
• For storing data keys for DBMS for indexing
• Spanning trees for routing decisions in computer and communications networks
• Hash trees
• path-finding algorithm to implement in AI, robotics and video games applications

Graphs

• Representing networks and routes in communication, transportation and travel applications
• Routes in GPS
• Interconnections in social networks and other network based applications
• Mapping applications
• E commerce applications to present user preferences
• Utility networks to identify the problems posed to municipal or local corporations
• Resource utilization and availability in an organization
• Document link map of a website to display connectivity between pages through hyperlinks
• Robotic motion and neural networks

Arrays

• Storing list of data elements belonging to same data type
• Auxiliary storage for other data structures
• Storage of binary tree elements of fixed count
• Storage of matrices

These are a few applications of data structures to make appropriate storage and management of data for specific applications.

Symbol Table is an important data structure created and maintained by the compiler in order to keep track of semantics of variable i.e. it stores information about scope and binding information about names, information about instances of various entities such as variable and function names, classes, objects, etc.