CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
Applied Cryptography for Network Security
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Web services security I
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Cryptography 101 Frank Hecker
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
CS 4720 Security CS 4720 – Web & Mobile Systems. CS 4720 The Traditional Security Model The Firewall Approach “Keep the good guys in and the bad guys.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Cryptography and Network Security
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
An Investigation into E-Commerce Frauds and their Security Implications By Kevin Boardman Supervisor: John Ebden 29 July 2004.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Chapter 21 Distributed System Security Copyright © 2008.
Chapter 1  Introduction 1 Chapter 1: Introduction.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.
IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
DIGITAL SIGNATURE.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.
CPT 123 Internet Skills Class Notes Internet Security Session B.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Introduction to Network Systems Security Mort Anvari.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
Computer Communication & Networks
Uses Uses of cryptography Lab today on RSA
Security in ebXML Messaging
Presentation transcript:

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton

List Some Bad Things We Don’t Want to Happen

What Can Go Wrong? Exposure of confidential data –Yours, customer’s Loss, modification or destruction of data Denial of Service –And other “sabotage” Inability to insure integrity –Transaction completed? –Data valid?

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed and correct Availability –System functions cannot be denied

Security in the Real World Professionals must address: –Specification/Policy Requirements, analysis, planning,… –Implementation/mechanisms Algorithms, protocols, components, etc. –Correctness/assurance Proof, testing, verification, attacks, etc. –The Human Factor Protecting against “bad” users and clever attackers All critical: CS453 focuses on the 2nd item

Terms for Activities Related to E-Commerce Security Authentication –Identification of a user for access Authorization –Defining and enforcing rules or levels of access Repudiation –A party later denying a transaction has occurred –Goal: insuring non-repudiation

Briefly: Security Policy You should define a security policy document for your site or application –A form of non-functional requirements Might include: –General philosophy toward security (high-level goals etc.) –Items to be protected –Who’s responsible for protecting them –Standards and measures to be used: how to measure to say you’ve built a secure system

What’s Coming in this Unit?

Authentication Proving a user is who they say they are Methods? –Passwords –Digital signatures, digital certificates –Biometrics (fingerprint readers etc.) –Smart cards and other HW We’ll discuss –Cryptography –Mechanisms: algorithms, web servers, biometrics, SSL

Authorization We won’t say much about this Approaches include: –Access control lists –Capabilities –Multi-level security systems

Non-Repudiation Non-repudiation of origin –proves that data has been sent Non-repudiation of delivery –proves it has been received Digital signatures –And more crypto

Digital Certificates “On the Internet, no one knows you’re a dog.” –Or do they? –For commerce, we can’t always allow anonymity How does UVa’s NetBadge work? – Public Key Infrastruction (PKI) Certifying Authorities in the commercial world –E.g. VeriSign

SSL: Secure Socket Layer A network protocol layer between TCP and the application. Provides: Secure connection – client/server transmissions are encrypted, plus tamper detection Authentication mechanisms –From both client’s point of view and also server’s –Is the other side trusted, who they say they are? Using certificates –Is the Certificate Authority trusted?

Cryptography Cryptography underlies much of this Interesting computer science –And historical interest too We’ll touch on that –But always try to come back to the practical and e-commerce Topics: –Symmetric Key Crypto.; Public Key Crypto.; Digital Signatures; Digital Certificates; SSL

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.