Security Controls and Systems in E-Commerce

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

HIPAA Security Standards What’s happening in your office?

Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Electronic Transaction Security (E-Commerce)

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Chapter 10: Authentication Guide to Computer Network Security.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Basic Technology for Electronic Commerce Fan Fan address: GUANGXI UNIVERSITY BUSINESS SCHOOL 2005.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

CSE 4482, Fall 2009, D Chan Session 2 – Common Security Techniques.

1 Chapter 8: Security in Electronic Commerce IT357 Electronic Commerce.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Secure Electronic Transaction (SET)

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

Chapter 13 – Network Security

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.

Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

E-commerce 24/12/ Electronic Commerce (E-Commerce) Commerce refers to all the activities the purchase and sales of goods or services. Marketing,

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

Securing Access to Data Using IPsec Josh Jones Cosc352.

Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.

PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471

Chapter 5 Electronic Commerce | Security

Chapter 5 Electronic Commerce | Security

Pooja programmer,cse department

Public-Key, Digital Signatures, Management, Security

Electronic Payment Security Technologies

E-business and Network Security

Presentation transcript:

Security Controls and Systems in E-Commerce Prof. Mohamed Aly Aboul - Dahab Head of Electronic and communications Engineering Department Arab Academy for Science , Technology and Maritime Transport ITU E - Commerce Conference for the Arab Region Tunisia, May 2001

I. Introduction What is E - Commerce ? Actors of E - Commerce: Product. Player. Process. Scope of E - Commerce: Infrastructure. Pillars. Applications.

I. Introduction (Cont’d) Security of E - Commerce involves: Security control Security systems

II. Security Controls 1- Confidentiality. 2- Access control. 3- Integrity. 4- Availability. 5- Non repudiation.

II. Security Controls (Cont’d) 1- Confidentiality it refers to the protection of information from unauthorized agent or person. It can be guaranteed by encrypting the data.

II. Security Controls (Cont’d) 2- Access control There should be some sort of control of any entity (human or computer) trying to access the E - Commerce system. It includes two measures : authentication and authorization.

2- Access Control (Cont’d) Authentication : The sender of a document must be identified precisely and without any possibility of fraud. Authorization: not all the users can have access rights to the E- Commerce system.

II. Security Controls (Cont’d) 3- Integrity It refers to protecting the data and / or computer against any tampering [nationally or internationally). Measures are taken to ensure the accuracy and completeness of data.

II. Security Controls (Cont’d) 4- Availability It refers to the continuity of the processing and the availability of information. 5- Non repudiation It ensures that users cannot deny actions they undertake.

III. Security Technologies The categories of security technologies are:- 1- Platform security. 2- Network security. 3- Encryption and certificate authority.

III. Security Technologies (Cont’d) 1- Platform security It refers to security of information contained in the computers or servers. The objective is to ensure that information on the platform is secured from unauthorized users or other platforms.

III. Security Technologies (Cont’d) 1- Platform security It can be done on three levels: User access to operating system. User access to the database. User access to the business applications and internal browser. This can be carried out by using passwords and ID numbers at each level.

III. Security Technologies (Cont’d) 2- Network Security It refers to the security of all traffic at the network levels. It involves two aspects: the two communicating platforms should authenticate each other. The information has to be preserved confidentially over the network.

III. Security Technologies (Cont’d) 2- Network Security The techniques utilized are : a) IP security protocol. b) Point to point tunneling protocol. c) Remote authentication Dial In user service. d) Firewalls.

2- Network Security (Cont’d) a) IP security protocol: The two hosts ( or platforms ) establish a security association between them. A sequence of bits called “key” is added to the information packets. Checksum operations are made on the entire packet (including the key). These operations follow certain rules or “algorithms”.

2- Network Security (Cont’d) b) Point to point tunneling protocol It is a protocol that allows establishing a secure channel between the two hosts then communicating the information. c) Remote Authentication Dial In user service It is a protocol that enables a host to authenticate dial in users before allowing them to convert to the internet service.

2- Network Security (Cont’d) d) Firewalls These are filters that control access to the internal network of the system. They examine the packet contents and accept or reject the routing, of packets based upon the contents. They are “hardware” components that are implemented from a combination of routers, hosts. computers, servers,……. etc.

III. Security Technologies (Cont’d) 3- Encryption and Certificate Authority This refers to encryption of information itself. The encryption process needs a sequence of bits called “key” and a mathematical process called “algorithm”. There are several types of encryption, namely a) Private key encryption c) Public key encryption d) Digital signature e) Certificate authority

3- Encryption and Certificate Authority (Cont’d) a) Private key encryption Same key is used to both encrypt and decrypt the message. It should be known to both sides. Difficulties are: message is communicated between users that have never met. If so many users hold the same key, it will no longer be private.

3- Encryption and Certificate Authority (Cont’d) b) Public key Encryption Two keys are used : a public key to encrypt the message and a private key to decrypt it. The public key is made available to anyone who wants to send a message. The only way to decrypt the message is to hold a private key.

3- Encryption and Certificate Authority (Cont’d) e) Digital Signature It is used to make sure that the message is coming from the person you think sent it. It is also used to make sure that the person cannot deny he or she has sent the message.

e) Digital Signature (Cont’d) Digital signature is done as follows: The sender has two keys : one “private” for encryption and the other “public” for decryption. The sender creates a phrase and encrypt it with his private key. The phrase is attached to the message and both are encrypted by a public key. The phrase is decrypted with a public key, if it is successfully decrypted, then the sender himself has sent it.

3- Encryption and Certificate Authority (Cont’d) d) Certificate Authority (CA) It is a third party which ensures that no body can steel the private key and send the message. The role of certificate authority is done as follows:

d) Certificate Authority (Cont’d) Individuals (or computers) apply for “Digital Certificate” from certificate authority by sending their public key and identification information. Certificate authority verifies information and creates a certificate that contains the applicant public key and identifying information.

d) Certificate Authority (Cont’d) The Certificate Authority uses its private key to encrypt the certificate and sends it to the applicant. The applicant uses the Certificate Authority public key to decrypt the certificate and sends it. He will use the embedded public key to send the message.

3- Encryption and Certificate Authority (Cont’d) e) Biometrics there are seven categories of biometrics, namely finger scanning, face recognition, hand geometry, iris and retina scanning, voice recognition, palm-print recognition, and signature recognition. Special hardware should be used e.g. finger print scanners and camera- based iris recognition.

IV. Conclusion Security is an issue of prime importance to E- Commerce. Security controls for E-Commerce have to be laid down. Security technologies can be applied on three levels: platform, network and message encryption.

References: 1) Me Garr, M.S., “ Tuning in Biometrics to Reduce E-Commerce Risk”, EC-World magazine, Feb.2000. 2) Turbin, E, et.al, “Electronic Commerce- A perspective”, Prentice Hall Inc.,2000. 3)Rajpnt,W.E., ”E-Commerce systems Architecture and Applications”, Artech House,2000.

Multicast Dissemination Architecture Sender Network Distribution Sites Network Receivers

Credit card processing company EC-DC Model worldwide Customer bank developing countries Web customer Web store front merchant Secure web E- commerce server Merchant’s bank Credit card processing company

Commerce Applications Electronic Commerce Applications Stocks, Jobs, Online Banking, Procurement and Purchasing Malls, Online Marketing and Advertising, Customer Service, Auctions, Travel, Online Publishing Framework for Electronic Commerce People Buyers, Sellers Intermediaries Services, IS people and Management Public Policy Taxes,Legal,and Privacy Issues Free Speech Domain names Technical Standards For Documents Security. And Network Protocols, Payments. Organizations Partners Competitors Associations Government Services Infrastructure Common Business Services Messaging and Information Distribution Multimedia Content and Network Publishing Interfacing Network MANAGEMENT

I. Introduction (Cont’d) Applications Pillars Infrastructure

I. Introduction (Cont’d) Infrastructure Applications Pillars Online Banking I. Introduction (Cont’d) Purchasing Online Publishing Pillars People Selling Legality Infrastructure Services Security Customer Service Information Handling Networks Auctions Interfacing Enterprises Exchange Stock Standards Marketing Malls Advertising