Security in Electronic Commerce The need for Public Key Infrastructure Budi Rahardjo Presented at BPPT, Jakarta, Indonesia 10 February 2000.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Public Key Infrastructure and Applications
OPEN SOURCE vs. COMMERCIAL SOFTWARE an academic view Budi Rahardjo Presented at Business Software Alliance.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Public Key Infrastructure Ammar Hasayen ….
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.
Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information.
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 1 DATE HERE Julie Grace - NetDox, Inc. Emerging Internet Commerce.
Supporting Technologies III: Security 11/16 Lecture Notes.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
1 Lesson Internet Organization network Fire wall.
Lukas Ruf, TIK April 6th WP3 Presentation, ETH WP 3 -- Security Technology And Multimedia Delivery Computer Engineering and Networks Laboratory,
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.
Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Cryptography, Authentication and Digital Signatures
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.
Encryption / Security Victor Norman IS333 / CS332 Spring 2014.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.
1 Thuy, Le Huu | Pentalog VN Web Services Security.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Security. Cryptography (1) Intruders and eavesdroppers in communication.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Copyright © Terry Felke-Morris Web Development & Design Foundations with HTML5 8 th Edition CHAPTER 12 KEY CONCEPTS 1 Copyright.
Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.
Basics of Cryptography
Symmetric and Asymmetric Encryption
Efficient CRT-Based RSA Cryptosystems
Public Key Infrastructure
Secure Electronic Transaction (SET)
Lecture 10: Network Security.
Presentation transcript:

Security in Electronic Commerce The need for Public Key Infrastructure Budi Rahardjo Presented at BPPT, Jakarta, Indonesia 10 February 2000

v1.0Security in ecommerce - Budi Rahardjo2 Outline Brief intro on {computer, network, information} security and its relation to electronic commerce The need for Public Key Infrastructure, Certification Authority (CA), Incident Response Team Security issues in Indonesia

v1.0Security in ecommerce - Budi Rahardjo3 Introduction No need to introduce on Electronic Commerce. [Has been presented by previous speakers.] Trust, Security and Confidence are esential to underpin Electronic Commerce Ecommerce will succeed if security level is acceptable.

v1.0Security in ecommerce - Budi Rahardjo4 Security Issues Security services: –Confidentiality / privacy –Integrity –Non-repudiation –Authentication –Access control –Availability Some can be achived with cryptography –Encryption & Decryption –Private key system vs Public key system

v1.0Security in ecommerce - Budi Rahardjo5 Private [symmetric, shared] key cryptosystem EncryptionDecryption Plaintext Ciphertext Shared (secret) key phone Plaintext

v1.0Security in ecommerce - Budi Rahardjo6 Private key cryptosystem Uses one (secret) key to encrypt and decrypt. Problem in key distribution and management –The number of keys increases exponentially (n)(n-1)/2 –Key distribution requires separate secure channel Advantage: faster operation compared to public key Examples: DES, IDEA

v1.0Security in ecommerce - Budi Rahardjo7 Public (asymmetric) key cryptosystem EncryptionDecryption Plaintext Ciphertext My phone Public key Private key Public key repository Certificate Authority (CA)

v1.0Security in ecommerce - Budi Rahardjo8 Public key cryptosystem Use different keys to encrypt and decrypt. Less number of keys. Require key repository. Management of keys may be more complicated. Disadvantage: –requires extensive computing power to calculate Examples: RSA, ECC

v1.0Security in ecommerce - Budi Rahardjo9 Certification Authority (CA) The need for Public Key Infrastructure The need to have a National Certification Authority –An Indonesian National CA initiative is under progress Indosat/Indosatcom, Pos/Wasantara, Telkom, Deprindag (MITI), ITB, UI There may be more than one Cas Other CAs –Verisign –Entrust –International Secure Electronic Transaction Organisation (ISETO)

v1.0Security in ecommerce - Budi Rahardjo10 Incident Response Team ID-CERT: cert.or.id Indonesia Computer Emergency Response Team Modeled after CERT, COAST Purdue –Public services –Research & development, education –Commercial services

v1.0Security in ecommerce - Budi Rahardjo11 Security incidents in Indonesia Many web sites have been vandalized. The following are recent hacked –Jackarta Stock Exchange –Bank Central Asia –Indosatnet Other incidents –Port scanning / probing –Mail spamming

v1.0Security in ecommerce - Budi Rahardjo12 Other security issues Standarization –X509 Law, cyberlaw –cryptography usage? Digital signature law? Intellectual property rights? Privacy issues? Critical Infrastructure

v1.0Security in ecommerce - Budi Rahardjo13 Budi Rahardjo PPAU Mikrolektronika - InterUniversity Research on Microelectronics Institut Teknologi Bandung Phone: (62-22) PIKSI ITB - Computing Services Phone: (62-22) IDNIC IDCERT Affiliation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.