Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &"— Presentation transcript:

1 ELC 200 Day 25

2 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, & 15 Assignment 8 (last) will be assigned next week Should be progressing on Framework Lecture/Discuss E-security & Encryption

3 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 3 ANTI-VIRUS STRATEGY Establish a set of simple enforceable rules Educate & train users Inform users of the existing & potential threats to the company’s systems Update the latest anti-virus software periodically E-Security: Virus – Computer Enemy #1

4 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 4 BASIC INTERNET SECURITY PRACTICES Password –http://www.crackpassword.com/http://www.crackpassword.com/ –Alpha-numeric –Mix with upper and lower cases –Change frequently –No dictionary names Encryption –Coding of messages in traffic between the customer placing an order and the merchant’s network processing the order E-Security: Security Protection & Recovery

5 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 5 SECURITY RECOVERY Attack Detection Damage Assessment Correction & Recovery Corrective Feedback E-Security: Security Protection & Recovery

6 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 6 FIREWALL & SECURITY Firewall –Enforces an access control policy between two networks –Detects intruders, blocks them from entry, keeps track what they did & notifies the system administrator E-Security: Firewall & Security

7 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 7 WHAT FIREWALL CAN PROTECT Email services known to be problems Unauthorized external logins Undesirable material, e.g. pornography Unauthorized sensitive information E-Security: Firewall & Security

8 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 8 WHAT FIREWALL CAN’T PROTECT Attacks without going through the firewall Weak security policy ‘Traitors’ or disgruntled employees Viruses via floppy disks Data-driven attack E-Security: Firewall & Security

9 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 9 SPECIFIC FIREWALL FEATURES Security Policy Deny Capability Filtering Ability Scalability Authentication Recognizing Dangerous Services Effective Audit Logs E-Security: Firewall & Security

10 Chapter 14 Encryption: A Matter Of Trust

11 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 11 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm Digital Signatures Major Attacks on Cryptosystems Digital Certificates Key Management Internet Security Protocols and Standards Government Regulations

12 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 12 WHAT IS ENCRYPTION? Based on use of mathematical procedures to scramble data to make it extremely difficult to recover the original message Converts the data into an encoded message using a key for decoding the message

13 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 13 WHAT DOES ENCRYPTION SATISFY? Authentication Integrity Nonrepudiation Privacy

14 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 14 BASIC CRYPTOGRAPHIC ALGORITHM Secret Key –The sender and recipient possess the same single key Public Key –One public key anyone can know to encrypt –One private key only the owner knows to decrypt –Provide message confidentiality –Prove authenticity of the message of originator

15 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 15 COMMON CRYPTOSYSTEMS RSA Algorithm –Most commonly used but vulnerable Data Encryption Standards (DES) –Turns a message into a mess of unintelligible characters 3DES RC4 International Data Encryption Algorithm (IDEA)

16 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 16 RSA HACK Source: E-Week July 14, 2002 took 1,757 days (almost 5 years) A worldwide team of volunteers, using spare computing power, found the secret key for a message encrypted with the RC5-64 cipher, winning a $10,000 prize and, they say, casting some doubt on the security of messages protected by the cipher. Distributed.net, a collection of more than 331,000 volunteers who lent their machines' idle processing power to the effort, solved the challenge posed in 1997 by RSA Laboratories, the research arm of RSA Security Inc. It took nearly four years, a search through 15,769,938,165,961,326,592 keys and processing power roughly equivalent to nearly 46,000 2GHz AMD Athlon machines for the team to find the correct key. The plaintext message that the key unlocked was: "Some things are better left unread." A 450MHz Pentium III machine in Japan found the key on July 14, but a technical glitch prevented the Distributed.net team from realizing they had the correct key until Aug. 12. The team's organizers said their effort should not only prove the effectiveness of distributed computing efforts in solving large problems but also cause people to think twice before using the 64-bit RC5 cipher to encrypt some data. "While it's debatable that the duration of this project does much to devalue the security of a 64-bit RC5 key…we can say with confidence that RC5 is not an appropriate algorithm to use for data that will still be sensitive in more than several years' time," the team said in a statement.

17 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 17 DIGITAL SIGNATURES Transform the message signed so that anyone who reads it can be sure of the real sender A block of data representing a private key Serve the purpose of authentication

18 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 18 MAJOR ATTACKS ON CRYPTOSYSTEMS Chosen-plaintext Attack Known-plaintext Attack Ciphertext-only Attack Third-party Attack

19 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 19 DIGITAL CERTIFICATES An electronic document issued by a certificate authority (CA) to establish a merchant’s identity by verifying its name and public key Includes holder’s name, name of CA, public key for cryptographic use, duration of certificate, the certificate’s class and ID

20 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 20 CLASSES OF CERTIFICATES Class 1 –Contains minimum checks on user’s background –Simplest and quickest Class 2 –Checks for information e.g. names, SSN, date of birth –Requires proof of physical address, etc.

21 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 21 CLASSES OF CERTIFICATES (Cont’d) Class 3 –You need to prove exactly who you are and you are responsible –Strongest Class 4 –Checks on things like user’s position in an organization in addition to class 3 requirements

22 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 22 KEY MANAGEMENT Key Generation and Registration Key Distribution Key Backup / Recovery Key Revocation and Destruction

23 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 23 THIRD-PARTY SERVICES Public Key Infrastructure –Certification Authority –Registration Authority –Directory Services Notary Services Arbitration Services

24 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 24 INTERNET SECURITY PROTOCOLS & STANDARDS Web Application –Secure Socket Layer (SSL) –Secure Hypertext Transfer Protocol (S-HTTP) E-Commerce –Secure Electronic Transaction (SET) E-Mail –PGP –S/MIME

25 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 25 SSL Operates between application and transport layers Most widely used standard for online data encryption Provide services: –Server authentication –Client authentication –Encrypted SSL connection

26 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 26 S-HTTP Secure Web transactions Provides transaction confidentiality, integrity and nonrepudiation of origin Able to integrate with HTTP applications Mainly used for intranet communications Does not require digital certificates / public keys

27 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 27 SET One protocol used for handling funds transfer from credit card issuers to a merchant’s bank account Provide confidentiality, authentication and integrity of payment card transmissions Requires customers to have digital certificate and digital wallet

28 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 28 PGP Encrypts the data with one-time algorithm, then encrypts the key to the algorithm using public-key cryptography Supports public-key encryption, symmetric- key encryption and digital signatures Supports other standards, e.g. SSL

29 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 29 S/MIME Provides security for different data types and attachments to e-mails Two key attributes: –Digital signature –Digital envelope Performs authentication using x.509 digital certificates

30 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 30 GOVERNMENT REGULATIONS National Security Agency (NSA) National Computer Security Center (NCSC) National Institute of Standards and Technology (NIST) Office of Defense Trade Controls (DTC)

31 Chapter 14 Encryption: A Matter Of Trust

Download ppt "ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &"

Similar presentations

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 24.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 24.

Similar presentations

Ads by Google