Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Published byCaren Norris Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University."— Presentation transcript:

1 Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University

2 Security Issues in E-commerce A computer system composing of bare hardware and an OS responsible for safe guarding its data and applications resident in primary and secondary storage, proper management of other resources and establishing connection to other computer systems via the network. When the system is not hooked to the outside world, the computer system is only vulnerable to its bad users who abuse it with bad applications like virus, Trojan horses, etc. However, when it is open to outside world through networking, this becomes a major threat to the system.  Security Issues  Is E-commerce Secure?  Cryptography  Web security

3  Security Issues  Operating System Security  Network Security  Internet Security  Middleware Security  Database Security  Others Fields of Computer System security

4  Operating System Security The security models are classified into two major groups: Mandatory security model: –Control the access to information by individuals on the basis of classification of subjects (active element) and objects (data). Bell Lapadula model, Biba model, and Dion model. Discretionary security model: –Control user access on the basis of user identity and some rules guiding what type of access relationship can be established between the user (subject) and object. Access matrix model, take-grant model, ant action entity model. Lattice model: –Based on flow control

5  Operating System Security

6  Network Security

7  Network Security (Cont…)  As the network makes a computer system open to the world, communication becomes easy with the outside world at the cost of security. One of the major successes in tackling the distributed system security problem is Kerberos.  Kerberos uses encryption to enable secure communication. To be able to connect to the computers, users have to use programs that can use Kerberos. In order to authenticate to Kerberos, one needs to get ‘tickets’.  A ticket grants the user the right to use a service, such as accessing his/her files. A ‘ticket granting ticket’ is a ticket used to get other tickets.

8  Internet Security

9  Middleware Security OSF’s DCE OMG’s CORBA

10  Database Security Figure: Distributed Database Model

11  Other Fields of Computer System Security E-cash

12 When viewing digital information from the network perspective, information security contains the following characteristics:  Confidentiality or message transmission security.  Integrity of data content  Authentication of sender and receiver  Non-repudiation by the sender and receiver  Anonymity or secrecy  Availability  Is E-commerce Secure ?

13  Single Key (Symmetric) Cryptography  Public Key (Asymmetric) Cryptography  Digital Signature  Certification Authority  Digital Certificates  Cryptography

14  Single Key (Symmetric) Cryptography

15  Public Key (Asymmetric) Cryptography

16  Public Key (Asymmetric) Cryptography (Cont..)

17  Certification Authority

18  Digital Certificate The digital certificate is basically the digitally signed triple: Identity of user Public key of user Other attributes

19  Digital Certificate (cont..) In addition to the signature, the public key certificate contains the following items: subject subjectPublicKeyInfo issuerUniqueidentifier extensions version serialNumber signature Issuer validity

20 What is Digital Signature? Hash value of a message when encrypted with the private key of a person is his digital signature on that e-Document –Digital Signature of a person therefore varies from document to document thus ensuring authenticity of each word of that document. –As the public key of the signer is known, anybody can verify the message and the digital signature Why Digital Signatures? To provide Authenticity, Integrity and Non-repudiation to electronic documents To use the Internet as the safe and secure medium for e-Commerce and e-Governance Digital Signatures

21 Each individual generates his own key pair [Public key known to everyone & Private key only to the owner] Private Key – Used for making digital signature Public Key – Used to verify the digital signature

22 Digital Signature: An application of public key cryptography

23  Web security  Secure Socket Layer (SSL)  Secure Electronic Transaction (SET)

24  Secure Socket Layer (SSL) The SSL protocol provides connection security that has three basic properties: The connection is private, Symmetric cryptography is used for data encryption (e.g. EDS, RC4, etc.)

25  Secure Socket Layer (SSL) (cont…)  The peer’s identity can be authenticated using asymmetric, or public key, cryptography (e.g. RSA, DSS, etc.)  The connection is reliable. Message transport includes a message integrity check using a keyed MAC. Secure hash function (e.g. SHA, MD5, etc.)

26  Secure Socket Layer (SSL) (cont..) Figure: SSL 3.0 information exchange between a client and a server

27  Secure Electronic Transaction (SET) The SET specification is designed to meet three main objectives. First, it will enable payment security for involved, authenticate card holders and merchants, provide confidentiality of payment data, and define protocols for potential electronic security service providers.

28  Secure Electronic Transaction (SET) (Cont…) Second, it will enable interoperability among applications developed by various vendors and among different operating systems and platforms. Third, it will strive to achieve market acceptance on a global scale.

29 Thank You

Download ppt "Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
Chapter 8 Web Security.

Chapter 8 Web Security.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Similar presentations

Ads by Google