Security of E-commerce

Slides:



Advertisements
Similar presentations
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
E-Commerce Security and Fraud Issues and Protections
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 10 E-Commerce Security.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
PART THREE E-commerce in Action Norton University E-commerce in Action.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Chapter 6 Introduction to Digital Security
Securing Information Systems
Unit 3 Section 6.4: Internet Security
Security Issues in Information Technology
Securing Information Systems
Issues and Protections
Security Outline Encryption Algorithms Authentication Protocols
Crypto in information security
USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
SECURITY in IT ~Shikhar Agarwal.
Chapter 6 Introduction to Digital Security
Lecture 7: IT Security PAD 6710.
Chapter 5 Electronic Commerce | Security
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
BY GAWARE S.R. DEPT.OF COMP.SCI
Objectives Overview Define the term, digital security risks, and briefly describe the types of cybercriminals Describe various types of Internet and network.
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Securing Information Systems
E-Commerce Security.
Chapter 5 Electronic Commerce | Security
Pooja programmer,cse department
Confidentiality and Privacy Controls
E-Commerce Security and Fraud Issues and Protections
Chapter 9 E-Commerce Security and Fraud Protection
INFORMATION SYSTEMS SECURITY and CONTROL
Install AD Certificate Services
Module 2 OBJECTIVE 14: Compare various security mechanisms.
ONLINE SECURE DATA SERVICE
Security in mobile technologies
Operating Systems Concepts
10/7/2019 Created by Omeed Mustafa 1 st Semester M.Sc (Computer Science department) Cyber-Security.
Presentation transcript:

Security of E-commerce

What is computer security?? Computer security in general refers to the protection of data, networks, computer programs, computer power, and other elements of computerized information systems.

What is EC Security?? EC Security involves: -prevention, or at least minimization of the web attacks -encryption of information -protection of users (customers, visitors, byers)

Security risks 2014 and 2015 (IBM, 2014) Cyberespionage and cyberwars are growing threats. Attacks are now also against mobile assets, including on smartphones, tablets, and other mobile devices. Enterprise mobile devices are a particular target. Attacks on social networks and social software tools. User-generated content is a major source of malware. Attacks on BYOD (“Bring Your Own Device”). Identity theft is exploding, increasing the criminal use of the stolen identities. Profit motive – as long as cybercriminals can make money, security threats and phishing attacks, will continue to grow. Social engineering tools such as phishing via e-mail are growing rapidly. Cybergang consolidation – underground groups are multiplying and getting bigger, especially in Internet fraud and cyberwars. Business-oriented spam (including imagebased spam). Attacks using spyware (e.g., using Denial-of- Service method). Attacks on new technologies such as cloud computing and virtualization. Attacks on Web and mobile applications (apps).

TYPES OF ATTACKS Cyber attacks can be classified into two major interrelated categories: Corporate espionage. Many attacks target energy-related companies because their inside information is valuable (McAfee 2011 ) Political espionage and warfare. Political espionage and cyberwars are increasing in magnitude.

EC Security Requirements Authentication is a process used to verify (assure) the real identity of an EC entity, which could be an individual, software agent, computer program, or EC website. Authorization is the provision of permission to an authenticated person to access systems and perform certain operations in those specific systems. Auditing. When a person or program accesses a website or queries a database, various pieces of information are recorded or logged into a file. The process of maintaining or revisiting the sequence of events during the transaction, when,and by whom, is known as auditing.

Availability. Assuring that systems and information are available to the user when needed Nonrepudiation. Closely associated with authentication is nonrepudiation , which is the assurance that online customers or trading partners will not be able to falsely deny (repudiate) their purchase, transaction, sale,

Factors that convert consumers who browse online into consumers who buy online: security price comparative information searchability ease of ordering delivery time product presentation

Possible threats hacking viruses denial of service

Security is complex problem Communication HW SW Security Procceses Personal (internal and external employees, hackers) Physical (fire, water…)

Software and hardware security

Technical security attack methods Malware Unauthorized access Denial of Service Spam and spyware Hijacking servers Botnets (malicious SW to hijack number of different computers) Maladvertising

Non-technical threats Phishing is a fraudulent process of acquiring confi dential information, such as credit card or banking details, from unsuspecting computer users. Pharming. Similarly to phishing, pharming is a scam where malicious code is installed on a computer and used to redirect victims to a bogus websites without their knowledge or consent

security and privacy elements Authenticity Integrity Non-repudiation Auditing Confidentiality Availability

The methods by which a human can authenticate Something the user is (e.g., fingerprint or retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), voice pattern (again several definitions), signature recognition or other biometric identifier) Something the user has (e.g., ID card, security token, software token or cell phone) (e.g. Digipass from VASCO, or RSA) Something the user knows (e.g., a password, a pass phrase or a personal identification number (PIN))

Example of security card and key

Methods Cryptography or cryptology is a field of mathematics and computer science concerned with information security and related issues, particularly encryption and authentication.

Encryption Decryption obtained message transfered message plain message encrypted message nosy parker decryption encryption

The Ancient Greek scytale may have been one of the earliest devices used to implement a cipher.

The Enigma machine, used by Germany in World War II, implemented a complex cipher to protect sensitive communications.

Modern cryptography Symmetric-key cryptography Public-key cryptography

Symmetric-key cryptography Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related cryptographic keys for both decryption and encryption

SYMMETRIC KEY ENCRYPTION

Public-key cryptography Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key. This is done by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically

digital signatures secret key Original text hash function signed document

Creating and veryfing a digital signature: encrypt digital signature + plain message using recipients public key Plain message Create digest (hash) from message Transmit through internet Digest Encrypt digets using senders private key Decrypt encrypted digital signature and encrypted message using recipients private key Digital signature Plain message Digital signature Dencrypt digital siganature using senders public key Create digest (hash) from message Digest Digest

In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CA's are characteristic of many public key infrastructure (PKI) schemes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.