Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Published byLilian Cummings Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions."— Presentation transcript:

1 Lecture 12 Electronic Business (MGT-485)

2 Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions

3 Contents to Cover Today Tools Available to Achieve Site Security Encryption – Symmetric key encryption – Public key encryption – Digital Envelopes – Digital Certificates and Public Key Infrastructure (PKI) Securing Channels of Communication Protecting Networks Protecting Servers and Clients Management Policies, Business Procedures, and Public Laws Developing an E-commerce Security Plan How an Online Credit Transaction Works?

4 Tools Available to Achieve Site Security

5 Encryption Transforms data into cipher text readable only by sender and receiver Secures stored information and information transmission Provides 4 of 6 key dimensions of e- commerce security: – Message integrity – Nonrepudiation – Authentication – Confidentiality

6 Encryption Symmetric Key Encryption – Sender and receiver use same digital key to encrypt and decrypt message – Requires different set of keys for each transaction – Strength of encryption Length of binary key used to encrypt data – Advanced Encryption Standard (AES) Most widely used symmetric key encryption Uses 128-, 192-, and 256-bit encryption keys – Other standards use keys with up to 2,048 bits

7 Encryption Public Key Encryption – Uses two mathematically related digital keys Public key (widely disseminated) Private key (kept secret by owner) – Both keys used to encrypt and decrypt message – Once key used to encrypt message, same key cannot be used to decrypt message – Sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it

8 Public Key Cryptography—A Simple Case

9 Public Key Encryption Using Digital Signatures and Hash Digests Hash function: – Mathematical algorithm that produces fixed-length number called message or hash digest Hash digest of message sent to recipient along with message to verify integrity Hash digest and message encrypted with recipient’s public key Entire cipher text then encrypted with recipient’s private key—creating digital signature—for authenticity, non-repudiation

10 Public Key Cryptography with Digital Signatures

11 Digital Envelopes Addresses weaknesses of: – Public key encryption Computationally slow, decreased transmission speed, increased processing time – Symmetric key encryption Insecure transmission lines Uses symmetric key encryption to encrypt document Uses public key encryption to encrypt and send symmetric key

12 Creating a Digital Envelope

13 Digital Certificates and Public Key Infrastructure (PKI) Digital certificate includes: – Name of subject/company – Subject’s public key – Digital certificate serial number – Expiration date, issuance date – Digital signature of certification authority (trusted third party institution) that issues certificate Public Key Infrastructure (PKI): – CAs and digital certificate procedures that are accepted by all parties

14 Digital Certificates and Certification Authorities

15 Limits to Encryption Solutions Doesn’t protect storage of private key – PKI not effective against insiders, employees – Protection of private keys by individuals may be haphazard No guarantee that verifying computer of merchant is secure CAs are unregulated, self-selecting organizations

16 Securing Channels of Communication Secure Sockets Layer (SSL): – Establishes a secure, negotiated client-server session in which URL of requested document, along with contents, is encrypted S-HTTP: – Provides a secure message-oriented communications protocol designed for use in conjunction with HTTP Virtual Private Network (VPN): – Allows remote users to securely access internal network via the Internet, using Point-to-Point Tunneling Protocol (PPTP )

17 Secure Negotiated Sessions Using SSL

18 Protecting Networks Firewall – Hardware or software that filters packets – Prevents some packets from entering the network based on security policy – Two main methods: 1.Packet filters 2.Application gateways Proxy servers (proxies) – Software servers that handle all communications originating from or being sent to the Internet

19 Firewalls and Proxy Servers

20 Protecting Servers and Clients Operating system security enhancements – Upgrades, patches Anti-virus software – Easiest and least expensive way to prevent threats to system integrity – Requires daily updates

21 Management Policies, Business Procedures, and Public Laws U.S. firms and organizations spend 12% of IT budget on security hardware, software, services ($120 billion in 2009) Managing risk includes – Technology – Effective management policies – Public laws and active enforcement

22 A Security Plan: Management Policies Risk assessment Security policy Implementation plan – Security organization – Access controls – Authentication procedures, including biometrics – Authorization policies, authorization management systems Security audit

23 Developing an E-commerce Security Plan

24 The Role of Laws and Public Policy Laws that give authorities tools for identifying, tracing, prosecuting cyber criminals: – National Information Infrastructure Protection Act of 1996 – USA Patriot Act – Homeland Security Act Private and private–public cooperation – Computer Emergency Readiness Team (CERT) Coordination Center – US-CERT Government policies and controls on encryption software Organization for Economic Co-operation and Development (OECD) guidelines

25 E-commerce Payment Systems Credit cards – 55% of online payments in 2009 Debit cards – 28% of online payments in 2009 Limitations of online credit card payment – Security – Cost – Social equity

26 How an Online Credit Transaction Works?

27 Summary Tools Available to Achieve Site Security Encryption Securing Channels of Communication Protecting Networks Protecting Servers and Clients Management Policies, Business Procedures, and Public Laws Developing an E-commerce Security Plan How an Online Credit Transaction Works?

Download ppt "Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Copyright © 2013 Pearson Education, Inc.

Copyright © 2013 Pearson Education, Inc.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
E-commerce business. technology. society. Kenneth C. Laudon

E-commerce business. technology. society. Kenneth C. Laudon
E-commerce: business. technology. society.

E-commerce: business. technology. society.
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Copyright © 2015 Pearson Education, Inc.

Copyright © 2015 Pearson Education, Inc.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Chapter 5 E-commerce Security and Payment Systems.

Chapter 5 E-commerce Security and Payment Systems.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Similar presentations

Ads by Google