Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS155b: E-Commerce Lecture 6: Jan. 25, 2001 Security and Privacy, Continued.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CS155b: E-Commerce Lecture 6: Jan. 25, 2001 Security and Privacy, Continued."— Presentation transcript:

1 CS155b: E-Commerce Lecture 6: Jan. 25, 2001 Security and Privacy, Continued

2 FIREWALL A barrier between an internal network & “the Internet” Protects the internal network from outside attacks Executes administrator-defined security policy Decides whether a datastream is allowed to pass through or not Main Components: - packet filter - proxy

3 Interconnection of Networks Recursively build larger networks gateway hosts

4 PACKET FILTER Works at IP layer Rule-table-driven Forwards, refuses, or drops a packet according to the rules An example rule table Drop21Any61.*.*.*3 Refuse23130.*.*.*61.*.*.*2 FwdAny130.*.*.*128.*.*.*1 Action…PortDestinationSourceRule#

5 PROXY Works at application layer One proxy per (application layer) protocol - HTTP proxy, FTP proxy, … User authentication required Different users can have different privileges Can be made transparent to users

6 SEVERAL CONFIGURATIONS POSSIBLE A Sample Configuration: Dual-home Host Trade-offs: Security vs. Accessability, Security vs. Cost

7 CHECKPOINT Full Name: Check Point TM Software Technologies Limited Employees: 1000 + Stock Price: $146.5 (Jan 22, 2001) Revenues in 2000: $425.3 million Business Area: Internet Security

8 MAIN PRODUCTS FireWall-1® : a popular firewall product Open Platform For Security (OPSEC): an enterprise-wide framework for security policies extending FireWall-1® VPN-1: a family of virtual private networking solutions Provider-1™: a security management solution

9 BRIEF HISTORY 1993 Founded June 1996 Initial Public Offering 1998 Annual Revenues More than $100M June 2000 Stock Price More than $100 Q3, 2000 Quarterly Revenues More than $100M

10 STOCK PRICE CHART

11 REVENUES CHART

12 Discussion Point Firewalls aren’t perfect E.g., “Address spoofing” is a problem Why is CheckPoint so successful? Importance of “feeling secure”? “Knee-high protection?”

13 Symmetric Key Crypto D(E(x, k), k) = x (decryption, encryption, plaintext, key) Alice and Bob choose k AB Alice: y <-- E(x, k AB ) (ciphertext) Alice --> Bob: y Bob: x <-- D(y, k AB ) (Eve does not know k AB )

14 Well Studied and Commercially Available –DES –IDEA –FEAL-n –RC5 –AES Users must deal with –Government (especially export) –Key management

15 Public Key Crypto D(E(x, PK u ), SK u ) = x (user’s Secret Key, user’s public key) Bob generates SK bob, PK bob Bob publishes PK bob Alice: Lookup PK bob y <-- E (x, PK bob ) Alice -->Bob: y Bob: x <-- D(y, SK bob ) (Eve does not know SK bob )

16 Digital Signatures... Trickier than the paper “analogue” Doc 1 -JF Doc 2 -JF Doc n -JF

17 3-part Scheme Key Generation Procedure cc PK jf SK jf directory JF’s machine...

18 Signature Procedure DocSK jf SIG

19 Verification Procedure DocPK jf SIG Accept / Reject

20 Examples RSA El Gamal DSA McEliece

21 http://www.bob-soft.com P( ) {...} SP SP = signature(P, SK bob )

22 Bob-soft: PK bob Sue-soft: PK sue. Bob-softPK bob Alice: Verify (P, PK bob, SP)

23 New Potential Problem Is PK bob the “Right Key”? What does “Right” mean?

24 Traditional Meaning Bob-soft  PK bob Accurate? Traditional Solution Alice’s Computer PK CA

25 Bootstrapping Trust (Bob-soft, PK bob )SK CA Signature Algorithm CERT bob Name 1, PK 1, CERT 1 Name 2, PK 2, CERT 2...

26 Technical Question: Is this the right PK? Business Question: Can you make money selling public-key certificates? Political Question: Crypto export Legal Question: Do we have a right to use encryption? To some form of “electronic privacy”?

27 VeriSign: Enable everyone, everywhere to use the Internet with confidence Through its acquisition of Network Solutions, VeriSign serves as the gateway to establishing an online identity and Web presence, with more than 24 million domain name registrations in.com,.net and.org. As the leader in the Web site security market, VeriSign provides Internet authentication, validation and payment services. Through VeriSign Global Registry Services, VeriSign maintains the definitive directory of over 24 million Web addresses and is responsible for the infrastructure that propagates this information throughout the Internet. VeriSign Global Registry Services responds to over 1.5 billion DNS look-ups daily.

28 History VeriSign opened HQ in Mountain View: April 1995 IPO: January 1998 Aquired Network Solutions: June 9, 2000 Currently: 2000+ employees

29 Product Line Web Site Trust Services Authenticate your site to customers and protect Internet transactions with SSL encryption.Web Site Trust Services Payment Processing Securely accept, process, and manage credit card and other payment types for B2B, B2C, and person-to-person purchases on your site.Payment Processing Code Signing Digitally sign software and macros for safe online downloading to your customers.ode Signing Secure E-Mail Digitally sign and encrypt your e-mail to safeguard it from intrusion and alteration online.Secure E-Mail Web Identity Register for and manage Web addresses (domain names).Web Identity

30 Web Authoring Build a professional-looking Web site and then enhance and promote it with business featuresWeb Authoring Enterprise Trust Services Protect your intranet, extranet, e-mail systems, and Virtual Private Networks as well as B2B transactions with PKI and Internet infrastructure solutions.Enterprise Trust Services Network Security Protect information with firewalls, VPNs, network appliances, consulting resources, and security management.Network Security Global Registry Services Domain name registrars: take advantage of registry services and Domain Name System (DNS) support.Global Registry Services Wireless Trust Services Carriers, service providers, manufacturers, and developers: enable a secure wireless commerce environment through an array of standards, devices, and applications.Wireless Trust Services

31

32 “Internet Identity” “Real-World Identity” Expertise? Liabilty? Suppose you are “Purely” Internet Business? (Recall bob-soft.com) Authorization vs. Authentication Importance of “Feeling secure”

Download ppt "CS155b: E-Commerce Lecture 6: Jan. 25, 2001 Security and Privacy, Continued."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Principles of Information Systems, Sixth Edition Electronic Commerce Chapter 8.

Principles of Information Systems, Sixth Edition Electronic Commerce Chapter 8.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Principles of Information Systems, Sixth Edition 1 Electronic Commerce Chapter 8.

Principles of Information Systems, Sixth Edition 1 Electronic Commerce Chapter 8.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Similar presentations

Ads by Google