Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure and Applications
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Chapter 1  Introduction 1 Chapter 1: Introduction.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
Applied Cryptography for Network Security
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Cryptography 101 Frank Hecker
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Kittiphan Techakittiroj (24/08/58 22:49 น. 24/08/58 22:49 น. 24/08/58 22:49 น.) Digital Certification Kittiphan Techakittiroj
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 10: Authentication Guide to Computer Network Security.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Chapter 18: Doing Business on the Internet Business Data Communications, 4e.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.
Chapter 1  Introduction 1 Chapter 1: Introduction.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.
Csci5233 computer security & integrity 1 Cryptography: an overview.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
DIGITAL SIGNATURE.
SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Digital Signatures and Digital Certificates Monil Adhikari.
Jump to first page Internet Security in Perspective Yong Cao December 2000.
CPT 123 Internet Skills Class Notes Internet Security Session B.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
Information Systems Design and Development Security Precautions Computing Science.
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Computer Communication & Networks
Uses Uses of cryptography Lab today on RSA
E-Commerce Security.
Security in ebXML Messaging
Electronic Payment Security Technologies
Presentation transcript:

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed and correct Availability –System functions cannot be denied

Security in the Real World Professionals must address: –Specification/Policy Requirements, analysis, planning,… –Implementation/mechanisms Algorithms, protocols, components, etc. –Correctness/assurance Proof, testing, verification, attacks, etc. –The Human Factor Protecting against “bad” users and clever attackers All critical: CS453 focuses on the 2nd item

Terms for Activities Related to E-Commerce Security Authentication –Identification of a user for access Authorization –Defining and enforcing rules or levels of access Repudiation –A party later denying a transaction has occurred –Goal: insuring non-repudiation

Briefly: Security Policy You should define a security policy document for your site or application –A form of non-functional requirements Might include: –General philosophy toward security (high-level goals etc.) –Items to be protected –Who’s responsible for protecting them –Standards and measures to be used: how to measure to say you’ve built a secure system

What’s Coming in this Unit?

Authentication Proving a user is who they say they are Methods? –Passwords –Digital signatures, digital certificates –Biometrics (fingerprint readers etc.) –Smart cards and other HW We’ll discuss –Cryptography –Mechanisms: algorithms, web servers, biometrics, SSL

Authorization We won’t say much about this Approaches include: –Access control lists –Capabilities –Multi-level security systems

Non-Repudiation Non-repudiation of origin –proves that data has been sent Non-repudiation of delivery –proves it has been received Digital signatures –And more crypto

Digital Certificates “On the Internet, no one knows you’re a dog.” –Or do they? –For commerce, we can’t always allow anonymity How does UVa’s NetBadge work? – Public Key Infrastructure (PKI) Certifying Authorities in the commercial world –E.g. VeriSign

SSL: Secure Socket Layer A network protocol layer between TCP and the application. Provides: Secure connection – client/server transmissions are encrypted, plus tamper detection Authentication mechanisms –From both client’s point of view and also server’s –Is the other side trusted, who they say they are? Using certificates –Is the Certificate Authority trusted?

Cryptography Cryptography underlies much of this Interesting computer science –And historical interest too We’ll touch on that –But always try to come back to the practical and e-commerce Topics: –Symmetric Key Crypto.; Public Key Crypto.; Digital Signatures; Digital Certificates; SSL

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.