Sunday, July 20, 2014

Catalog of Attacks on Retail Payment Hubs Continued


In the last blog, I unilaterally declared (without any evidence to back me up) that intercept of payer data posed the greatest vulnerability to payment hubs generally. I decided to show the attacking environment generally and show why I think so.

In two earlier blogs (see http://paymentnetworks.blogspot.com/2014/07/turnstiles.html  and http://paymentnetworks.blogspot.com/2014/07/payment-systems-of-underground-economies.html ), I showed how the construction of valves and turnstiles within payment clearing nodes decreased throughput of clearing flow. I want to further define these elements generally as gates and state a general relationship that where gates are present points of intercept (POI) are also present. I define a point of intercept as processing environment that single threads transaction data thereby potentially forming queues. I define queues as collection of data waiting for processing.

Given these definitions Diagram 24 shows the relationship as time passes.

Diagram 24 POI within Retail Clearing Systems




































Diagram 25 shows that as processing delays increase data queues increase exponentially exposing transaction data to intercept for greater time. Emphasizing that I have no data to make this conjecture and that the relationship will actually be something different, I still conjecture that the relationship exists and looks similar to data displayed in Diagram 25.



Diagram 25: Relationship between Gates and Transaction Data in Queues





So, expenditure for defense may come in the form of decreasing gates.

Next Blog: Catalog of Attacks Final Blog


























No comments:

Post a Comment