Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Chapter 31 Network Security
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing 
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Computer and Internet Security. Introduction Both individuals and companies are vulnerable to data theft and hacker attacks that can compromise data,
Types of Electronic Infection
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Security is often cited as a major barrier to electronic commerce. Prospective buyers are leery of sending credit card information over the web. Prospective.
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
DIGITAL SIGNATURE.
Information Security in Distributed Systems Distributed Systems1.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
E-commerce Security By John Doran. What is e-commerce?  the buying and selling of products or services over the internet [3].  Most e-commerce transactions.
Network Security Celia Li Computer Science and Engineering York University.
Unit 3 Section 6.4: Internet Security
Cryptography and Security Technologies
Pooja programmer,cse department
The Secure Sockets Layer (SSL) Protocol
Chapter 8 roadmap 8.1 What is network security?
Presentation transcript:

Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System connected to the internet are potential target for eavesdropping and destruction/tempering of the data stored in them. Website offering services on the internet is vulnerable to attacks.

Authorized e-commerce and e-governance transactions could be modified or replayed for commercial gain. Unauthorized use of computing systems compromise of data and financial losses. Systems, networks and data have to be protected to guard against such attacks which could originate from within the organization or from outside.

Trojan sometimes referred to as a Trojan horse, is non-self-replicating malware that appears to perform a desirable function for the user but instead facilitates unauthorized access to the user's computer system. computer virus a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability.

Worm A computer worm is a self-replicating Malware computer program. It uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. spam also known as junk , is a subset of spam that involves nearly identical messages sent to numerous recipients by .

Externally accessible systems are targets of hacking. Hackers can deface websites and steal valuable information from systems resulting in a significant loss of revenue if it is a financial institution or an e- commerce site. Phishing is the creation of message referencing web pages that are replicas of existing sites to make users believe that these are authentic sites.

IP Spoofing IP spoofing is used by intruders to gain unauthorized access to computers. Message are sent to the computer with the sender IP address of a trusted system. Packet headers of the message are modified to make it appear that the message is coming from a trusted system.

For externally accessible systems such as web, and FTP servers, protection can be accorded in following ways: Scanning Demilitarised zone(DMZ) Turn on system and firewall logs Implement intrusion Detection Systems. Establish proxy servers Establish an additional networks as a buffer between the internal and external networks. SSL( Secure sockets layer)

Three Pillars of a Secure Communication Privacy A secure conversation should be private. In other words, only the sender and the receiver should be able to understand the conversation. Integrity A secure communication should ensure the integrity of the transmitted message. This means that the receiving end must be able to know for sure that the message he is receiving is exactly the one that the transmitting end sent him. authentication A secure communication should ensure that the parties involved in the communication are who they claim to be.

Cryptography is "the art of writing in secret characters". Encrypting is the act of translating a 'normal message' to a message written with 'secret characters' (also known as the encrypted message). Decrypting is the act of translating a message written with 'secret characters' into a readable message (the unencrypted message).

A key-based algorithm uses an encryption key to encrypt the message. This means that the encrypted message is generated using not only the message, but also using a 'key':

The receiver can then use a decryption key to decrypt the message. Again, this means that the decryption algorithm doesn't rely only on the encrypted message. It also needs a 'key':

Symmetric Key These type of algorithm uses the same key for encryption and decryption. Symmetric cryptosystems began in 1977 when the Data encryption standard(DES) was adopted as a United States federal standard. Symmetric system operate either in the block cipher(fixed size block) or in the stream cipher(data of any size). In block cipher data is encrypted in 64-bit block using a 56-bit key. Triple-DES follows the same algorithms as DES, using three 56-bit keys. 64-bit data block are first encrypted using key1. the result is encrypted using key 2and again using key 3

Although this type of algorithms are generally very fast and simple to implement, they also have several drawbacks. The main drawback is that they only guarantee privacy Another drawback is that both the sender and the receiver need to agree on the key they will use throughout the secure conversation (this is not a trivial problem).

Public-key algorithms are asymmetric algorithms and, therefore, are based on the use of two different keys, instead of just one. In public-key cryptography, the two keys are called the private key and the public key Private key: This key must be know only by its owner. Public key: This key is known to everyone (it is public) Relation between both keys: What one key encrypts, the other one decrypts, and vice versa. That means that if you encrypt something with my public key (which you would know, because it's public :-), I would need my private key to decrypt the message.

In a basic secure conversation using public-key cryptography the sender encrypts the message using the receiver's public key The encrypted message is sent to the receiving end, who will decrypt the message with his private key. Only the receiver can decrypt the message because no one else has the private key. Also, notice how the encryption algorithm is the same at both ends: what is encrypted with one key is decrypted with the other key using the same algorithm.

There is no need to agree on a common key for both the sender and the receiver if someone wants to receive an encrypted message, the sender only needs to know the receiver's public key As long as the receiver keeps the private key secret, no one but the receiver will be able to decrypt the messages encrypted with the corresponding public key. unlike symmetric algorithms, public-key systems can guarantee integrity and authentication, not only privacy. The main disadvantage of using public-key systems is that they are not as fast as symmetric algorithms.

Digital Signatures

1.Very easy to make copies 2.Very fast distribution 3.Easy archiving and retrieval 4.Copies are as good as original 5.Easily modifiable

Why Digital Signatures? To provide Authenticity, Integrity and Non- repudiation to electronic documents To use the Internet as the safe and secure medium for e-Commerce and e- Governance

Integrity is guaranteed in public-key systems by using digital signatures. A digital signature is a piece of data which is attached to a message and which can be used to find out if the message was tampered with during the conversation

The digital signature for a message is generated in two steps: A message digest is generated. A message digest is a 'summary' of the message we are going to transmit, and has two important properties: (1) It is always smaller than the message itself and (2) Even the slightest change in the message produces a different digest. The message digest is generated using a set of hashing algorithms. The message digest is encrypted using the sender's private key. The resulting encrypted message digest is the digital signature.

The digital signature is attached to the message, and sent to the receiver. The receiver then does the following: Using the sender's public key, decrypts the digital signature to obtain the message digest generated by the sender. Uses the same message digest algorithm used by the sender to generate a message digest of the received message.

Compares both message digests (the one sent by the sender as a digital signature, and the one generated by the receiver). If they are not exactly the same, the message has been tampered with by a third party. We can be sure that the digital signature was sent by the sender (and not by a malicious user) because only the sender's public key can decrypt the digital signature (which was encrypted by the sender's private key; remember that what one key encrypts, the other one decrypts, and vice versa). If decrypting using the public key renders a faulty message digest, this means that either the message or the message digest are not exactly what the sender sent.

A digital certificate is a digital document that certifies that a certain public key is owned by a particular user. This document is signed by a third party called the certificate authority (or CA).

Signed by using CA’s private key User Name & other credentials User Name & other credentials User’s Public key User’s Public key User Certificate Certificate Database Publish Certificate Request User Name User’s Public Key CA’s Name Validity Digital Signature of CA Certificate Class User’s Address Serial No. Key pair Generation Private Public Web site of CA User 1 certificate User 2 certificate. Public License issued by CCA

An X.509 certificate is a plain text file which includes a lot of information in a very specific syntax. four most important things we can find in an X.509 certificate: Subject: This is the 'name' of the user. It is encoded as a distinguished name (the format for distinguished names will be explained next) Subject's public key: This includes not only the key itself, but information such as the algorithm used to generate the public key. Issuer's Subject: CA's distinguished name. Digital signature: The certificate includes a digital signature of all the information in the certificate. This digital signature is generated using the CA's private key. To verify the digital signature, we need the CA's public key (which can be found in the CA's certificate).

Eavesdropping is the act of secretly listening to the private conversation of others without their consent. Destruction is the concept of damage to an object, system. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Espionage or spying involves individual obtaining information that is considered secret or confidential without the permission of the holder of the information. An intruder is a person or animal who undesirably enters someone else's putative territory. A cipher is an algorithm for performing encryption or decryption

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.