Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 E-Commerce Security. Objectives Understand the basic elements of EC security. Explain the basic types of network security attacks.

Published bySilvia Hensley Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 8 E-Commerce Security. Objectives Understand the basic elements of EC security. Explain the basic types of network security attacks."— Presentation transcript:

1 Chapter 8 E-Commerce Security

2 Objectives Understand the basic elements of EC security. Explain the basic types of network security attacks.

3 Cipher Text 3 0ryh brx

4 Cipher Text ? Julius Caesar supposedly used secret codes known today as Caesar Cyphers. The simplest replaces A with B, B with C etc. This is called a one-rotate code. The following is encrypted using a simple Caesar rotation cypher. See if you can decrypt it: Mjqqt hfjxfw. Mtb nx dtzw hnumjw? Xyfd fbfd kwtr ymj xjsfyj ytifd.

5 Organization Computer Security Institute (CSI) Nonprofit organization located in San Francisco, California, that is dedicated to serving and training information, computer, and network security professionals Computer Emergency Response Team (CERT) Group of three teams at Carnegie Mellon University that monitor the incidence of cyber attacks, analyze vulnerabilities, and provide guidance on protecting against attacks

6 Five Levels of Security Level 1—The Home User/Small Business Level 2—Large Enterprises Level 3—Critical Sectors/Infrastructure Level 4—National Issues and Vulnerabilities Level 5—Global

7 Basic Security Issues authentication The process by which one entity verifies that another entity is who he, she, or it claims to be authorization The process that ensures that a person has the right to access certain resources auditing The process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions

8 Securing EC Communications access control Mechanism that determines who can legitimately use a network resource passive tokens Storage devices (e.g., magnetic strips) that contain a secret code used in a two-factor authentication system active tokens Small, stand-alone electronic devices that generate one-time passwords used in a two-factor authentication system

9 Securing EC Communications biometric systems Authentication systems that identify a person by measurement of a biological characteristic, such as fingerprints, iris (eye) patterns, facial features, or voice physiological biometrics Measurements derived directly from different parts of the body (e.g., fingerprint, iris, hand, facial characteristics) behavioral biometrics Measurements derived from various actions and indirectly from various body parts (e.g., voice scans or keystroke monitoring)

10 Securing EC Communications fingerprint scanning Measurement of the discontinuities of a person’s fingerprint, which are then converted to a set of numbers that are stored as a template and used to authenticate identity iris scanning Measurement of the unique spots in the iris (colored part of the eye), which are then converted to a set of numbers that are stored as a template and used to authenticate identity

11 Securing EC Communications public key infrastructure (PKI) A scheme for securing e-payments using public key encryption and various technical components encryption The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time- consuming for an unauthorized person to unscramble (decrypt) it plaintext An unencrypted message in human-readable form

12 Securing EC Communications ciphertext A plaintext message after it has been encrypted into a machine-readable form encryption algorithm The mathematical formula used to encrypt the plaintext into the ciphertext, and vice versa key The secret code used to encrypt and decrypt a message

13 Securing EC Communications symmetric (private) key system An encryption system that uses the same key to encrypt and decrypt the message Data Encryption Standard (DES) The standard symmetric encryption algorithm supported the NIST and used by U.S. government agencies until October 2, 2000 Rijndael The new Advanced Encryption Standard used to secure U.S. government Communications since October 2, 2000

14 Symmetric (Private) Key Encryption

15 Security Threats in the E- commerce Environment Three key points of vulnerability 1. the client 2. communications pipeline 3. the server

16 Copyright © 2007 Pearson Education, Inc. Types of Attacks Against Computer Systems (Cybercrime)

17 Security System Security is an essential part of any transaction that takes place over the internet. Customers will lose his/her faith in e-business if its security is compromised. Following are the essential requirements for safe e- payments/transactions: Confidentiality - Information should not be accessible to an unauthorized person. It should not be intercepted during the transmission. Integrity - Information should not be altered during its transmission over the network. Availability - Information should be available wherever and whenever required within a time limit specified.

18 Security System Authenticity- There should be a mechanism to authenticate a user before giving him/her an access to the required information. Non-Repudiability - It is the protection against the denial of order or denial of payment. Once a sender sends a message, the sender should not be able to deny sending the message. Similarly, the recipient of message should not be able to deny the receipt. Encryption - Information should be encrypted and decrypted only by an authorized user. Auditability - Data should be recorded in such a way that it can be audited for integrity requirements.

19 Security Protocols in Internet The popular protocols used over the internet to ensure secured online transactions. Secure Socket Layer (SSL) It is the most commonly used protocol and is widely used across the industry. It meets following security requirements: Authentication Encryption Integrity Non-reputability "https://" is to be used for HTTP urls with SSL, whereas "http:/" is to be used for HTTP urls without SSL.

20 Vulnerable Points Copyright © 2012 Pearson Education, Inc.

21 Copyright © 2007 Pearson Education, Inc. The E-commerce Security Environment

22 Copyright © 2007 Pearson Education, Inc. Technologies Available to Achieve Site Security Ipsec

23 Secure Hypertext Transfer Protocol (SHTTP) SHTTP extends the HTTP internet protocol with public key encryption, authentication, and digital signature over the internet. Secure HTTP supports multiple security mechanism, providing security to the end-users. SHTTP works by negotiating encryption scheme types used between the client and the server.

24 Secure Electronic Transaction It is a secure protocol developed by MasterCard and Visa in collaboration. Theoretically, it is the best security protocol. It has the following components: Card Holder's Digital Wallet Software - Digital Wallet allows the card holder to make secure purchases online via point and click interface. Merchant Software - This software helps merchants to communicate with potential customers and financial institutions in a secure manner. Payment Gateway Server Software- Payment gateway provides automatic and standard payment process. It supports the process for merchant's certificate request. Certificate Authority Software- This software is used by financial institutions to issue digital certificates to card holders and merchants, and to enable them to register their account agreements for secure electronic commerce.

25 References Copyright © 2007 Pearson Education, Inc. Copyright © 2012 Pearson Education, Inc.

Download ppt "Chapter 8 E-Commerce Security. Objectives Understand the basic elements of EC security. Explain the basic types of network security attacks."

Similar presentations

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Chapter 11 E-Commerce Security. Electronic CommercePrentice Hall © 2006 2 Learning Objectives 1.Document the trends in computer and network security attacks.

Chapter 11 E-Commerce Security. Electronic CommercePrentice Hall © Learning Objectives 1.Document the trends in computer and network security attacks.
Computer and Network Security Risanuri Hidayat, Ir., M.Sc.

Computer and Network Security Risanuri Hidayat, Ir., M.Sc.
Chapter 8 Web Security.

Chapter 8 Web Security.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Supporting Technologies III: Security 11/16 Lecture Notes.

Supporting Technologies III: Security 11/16 Lecture Notes.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Similar presentations

Ads by Google