Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Electronic Commerce The need for Public Key Infrastructure Budi Rahardjo Presented at BPPT, Jakarta, Indonesia 10 February 2000.

Published byMakenna Chew Modified over 10 years ago

Similar presentations

Presentation on theme: "Security in Electronic Commerce The need for Public Key Infrastructure Budi Rahardjo Presented at BPPT, Jakarta, Indonesia 10 February 2000."— Presentation transcript:

1 Security in Electronic Commerce The need for Public Key Infrastructure Budi Rahardjo Presented at BPPT, Jakarta, Indonesia 10 February 2000

2 2000 - v1.0Security in ecommerce - Budi Rahardjo2 Outline Brief intro on {computer, network, information} security and its relation to electronic commerce The need for Public Key Infrastructure, Certification Authority (CA), Incident Response Team Security issues in Indonesia

3 2000 - v1.0Security in ecommerce - Budi Rahardjo3 Introduction No need to introduce on Electronic Commerce. [Has been presented by previous speakers.] Trust, Security and Confidence are esential to underpin Electronic Commerce Ecommerce will succeed if security level is acceptable.

4 2000 - v1.0Security in ecommerce - Budi Rahardjo4 Security Issues Security services: –Confidentiality / privacy –Integrity –Non-repudiation –Authentication –Access control –Availability Some can be achived with cryptography –Encryption & Decryption –Private key system vs Public key system

5 2000 - v1.0Security in ecommerce - Budi Rahardjo5 Private [symmetric, shared] key cryptosystem EncryptionDecryption Plaintext Ciphertext Shared (secret) key Y$3*@My phone 555-1234 Plaintext

6 2000 - v1.0Security in ecommerce - Budi Rahardjo6 Private key cryptosystem Uses one (secret) key to encrypt and decrypt. Problem in key distribution and management –The number of keys increases exponentially (n)(n-1)/2 –Key distribution requires separate secure channel Advantage: faster operation compared to public key Examples: DES, IDEA

7 2000 - v1.0Security in ecommerce - Budi Rahardjo7 Public (asymmetric) key cryptosystem EncryptionDecryption Plaintext Ciphertext Y$3*@<>* My phone 555-1234 Public key Private key Public key repository Certificate Authority (CA)

8 2000 - v1.0Security in ecommerce - Budi Rahardjo8 Public key cryptosystem Use different keys to encrypt and decrypt. Less number of keys. Require key repository. Management of keys may be more complicated. Disadvantage: –requires extensive computing power to calculate Examples: RSA, ECC

9 2000 - v1.0Security in ecommerce - Budi Rahardjo9 Certification Authority (CA) The need for Public Key Infrastructure The need to have a National Certification Authority –An Indonesian National CA initiative is under progress Indosat/Indosatcom, Pos/Wasantara, Telkom, Deprindag (MITI), ITB, UI There may be more than one Cas Other CAs –Verisign –Entrust –International Secure Electronic Transaction Organisation (ISETO)

10 2000 - v1.0Security in ecommerce - Budi Rahardjo10 Incident Response Team ID-CERT: cert.or.id Indonesia Computer Emergency Response Team Modeled after CERT, COAST Purdue –Public services –Research & development, education –Commercial services

11 2000 - v1.0Security in ecommerce - Budi Rahardjo11 Security incidents in Indonesia Many web sites have been vandalized. The following are recent hacked –Jackarta Stock Exchange –Bank Central Asia –Indosatnet Other incidents –Port scanning / probing –Mail spamming

12 2000 - v1.0Security in ecommerce - Budi Rahardjo12 Other security issues Standarization –X509 Law, cyberlaw –cryptography usage? Digital signature law? Intellectual property rights? Privacy issues? Critical Infrastructure

13 2000 - v1.0Security in ecommerce - Budi Rahardjo13 Budi Rahardjo PPAU Mikrolektronika - InterUniversity Research on Microelectronics Institut Teknologi Bandung email: br@paume.itb.ac.id Phone: (62-22)250-6280 PIKSI ITB - Computing Services email: budi@piksi.itb.ac.id Phone: (62-22) 250-3031 IDNIC budi@idnic.net.id IDCERT email: budi@cert.or.id Affiliation

Download ppt "Security in Electronic Commerce The need for Public Key Infrastructure Budi Rahardjo Presented at BPPT, Jakarta, Indonesia 10 February 2000."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.

PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
OPEN SOURCE vs. COMMERCIAL SOFTWARE an academic view Budi Rahardjo Presented at Business Software Alliance.

OPEN SOURCE vs. COMMERCIAL SOFTWARE an academic view Budi Rahardjo Presented at Business Software Alliance.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Similar presentations

Ads by Google