SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Internet payment systems
CP3397 ECommerce.
Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Principles of Information Security, 2nd edition1 Cryptography.
Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 8 Web Security.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Supporting Technologies III: Security 11/16 Lecture Notes.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
CIS 1310 – HTML & CSS 12 E-Commerce Overview. CIS 1310 – HTML & CSS Learning Outcomes  Define E-commerce  Identify Benefits & Risks of E-Commerce 
Secure Electronic Transaction (SET)
Epayment System using Java April, Computer Security and Electronic Payment System Cho won chul Kim Hee Dae Lee Jung Hwan Yoon Won Jung.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.
Electronic Banking & Security Electronic Banking & Security.
1 Original Message Scrambled Message Public Key receiver Internet Scrambled+Signed Message Original Message Private Key receiver The Process of Sending.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
The Secure Sockets Layer (SSL) Protocol
SSL Certificates for Secure Websites
Cryptography and Network Security
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
BY GAWARE S.R. DEPT.OF COMP.SCI
12 E-Commerce Overview.
Cryptography and Network Security
Cryptography and Network Security
Secure Electronic Transaction (SET) University of Windsor
The Secure Sockets Layer (SSL) Protocol
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva

Objectives of the course To discuss the cryptography and its role in e-commerce. Digital certificate and the foundation for payment system. To discuss method of security, secure sockets layer Vs. secure electronic transaction protocols.

What is the Cryptography? It is the result of creation cryptographic methods, known as cryptosystems: Symmetric Cryptosystem: Use the same key, or the secret key, to encrypt or scramble and decrypt or unscramble message. Asymmetric Cryptosystem: Use one key to encrypt a message and a different key to decrypt it. It is also called public key cryptosystems and rely on technology in which two keys, the public key and the private key are use to encrypt or decrypt data. Symmetric cryptosystem are the easier of the two implement, since one key required to encrypt and decrypt the message.

Digital Certificate Authentication is the digital process of verifying that people or entities are whom or what they clam to be. Digital certificate are in effect virtual fingerprints, or retinal scans that authenticate the identity of a person in a concrete, verifiable way. A typical digital certificate is a data file or information, digitally signed and sealed by the encrypted using RSA encryption techniques, that can be verified by anyone and includes: The name of holder and other identification information, such as address.

Digital Certificate (cont.) A public key, which can be used to verify the digital signature of a message sender previously signed with the unique private key. The name of issuer, or Certificate Authority. The certificate’s validity period. To create a digital certificate for an individual, the identity of the person, device, or entity that requested a certificate must be confirmed through combination of: Personal Presence. Identification document.

Digital Certificate (cont.) Digital certificates may be distributed online, which includes: Certificate accompanying signature. Directory service. The decision to revoke a certificate is the responsibility of the issuing company

Secure Sockets Layer (SSL) It is introduced in 1995 by Netscape as a components of its popular Navigator browser and as a means of providing privacy with respect to information being transmitted between a user’s browser and the target server, typically that of a merchant It is used by the most companies to provide security and privacy and establishes a secure session between a browser and a server.

Secure Sockets Layer (cont.) A channel is the two way-way communication stream established between the browser and the server, and the definition of a channel security indicates three basic requirements: The channel is reliable. The channel is private. The channel is authenticated.

Secure Sockets Layer (cont.) This encryption is preceded by a ‘data handshake’ and has two major phases: The first phase is used to establish private communication, and uses the key-agreement algorithm. The second phase is used for client authentication. Limits of SSL: While the possibility is very slight, successful cryptographic attacks made against these technologies can render SSL insecure.

Secure Electronic Transaction (SET) It is developed by Visa and Master card in It is more secure protocol. The difference between SET and widely used SSL is that SSL does not include customer certificate requiring special software called ‘digital wallet’ at the client site. SSL is built into the browser, so no special software is needed. It is build on reducing risk associated merchant fraud, and ensuring that the purchaser is an authorized user of credit card.

Secure Electronic Transaction (cont.) SET did not propagate as fast as most people expected because of its complexity, slow response time, and the need to install the digital wallet into customer computer. SET seek to bolster the confidence in the payment process by ensuring that merchant are authorized to accept credit card payment

Secure Electronic Transactions (cont.) SET provides the special security needs of electronic commerce with the followings: Privacy of payment data and confidentiality of of order information transaction. Authentication of a cardholder for a branded bank card account. Authentication of merchant to accept credit card payments.

The Purchasing Process Merchant applies and receives an account. Consumer applies to receive digital credit card. When consumer receives credit card, its added to browser wallet. The consumer browser the Web at a particular site. At the check out time, The Web site asks for a credit card. Instead of typing credit card number, the browser wallet is queried by the Web SET software.

Purchase Process (cont.) After entry of appropriate password, the digital credit card is submitted to the merchant. The merchant receives digital credit card in a digital envelope. The merchant software then sends the SET transaction to a credit card processor for verification. The financial institution performs functions including authorization, credit and capture(void or refund).

Purchase Process (cont.) Following successful processing, the merchant, cardholder, and the credit card processor are all advised electronically that the purchase has been approved. Following this notification, the card holder is debited and the merchant is paid through subsequent payment capture transactions. The merchant can then ship the merchandise, knowing that customer transaction is approved.

Limitations of SET and SSL A downside of both SSL and SET protocols is that they both require to use cryptographic algorithms that place significant load on the computer systems involved in commerce transactions. For the low and medium e-commerce applications, there is no additional server cost to support SET over SSL. For the large and medium term e-commerce server application, support of SET requires additional hardware acceleration resulting in 5-6% difference in server cost.

Advantages of SET It is an emerging technology has a definite security component that very clearly represents an advance in technology over SSL, and that any deficits that may be related to performance will quickly be rendered minor as hardware-based processing technology rapidly advance. Despite fact that SET is more secure protocol.