Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dimensions of E – Commerce Security

Published byDaniel Lloyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Dimensions of E – Commerce Security"— Presentation transcript:

1 Dimensions of E – Commerce Security
Integrity Non – Repudiation Authenticity Confidentiality Privacy Availability

2 One Line explanation INTEGRITY: prevention against unauthorized data modification NON-REPUDIATION: prevention against any one party from denying on an agreement after the fact AUTHENTICITY: authentication of data source CONFIDENTIALITY: protection against unauthorized data disclosure PRIVACY: provision of data control and disclosure AVAILABILITY: prevention against data delays or removal

3 Integrity: prevention against unauthorized data modification
This is the ability to ensure that information being displayed on a Web site or being transmitted/received over the Internet has not been altered in any way by an unauthorized party. Integrity ensures data remains as is from the sender to the receiver. Example 1:One type of integrity security breach would be an unauthorized person intercepting and redirecting a bank wire transfer into a different account. Example 2:If someone added an extra bill to the envelope, which contained your credit card bill, he has violated the integrity of the mail.

4 Bank Wire & Bank Wire Transfer (just concept)
An electronic message system allowing major banks to communicate various actions or occurrences regarding client accounts. For example, the purpose of a bank wire would be to notify a bank if a client has deposited funds into its account. Bank Wire Transfer A wire transfer is a transfer of money from one bank account to another. The actual transfer is done by the bank, and neither the sender nor the recipient of the money sees or touches the actual funds. (more info)

5 Example:3 <a href://www. shophive
Example:3 <a href:// <a href:// Ali is registered customer of shophive.com Shophive.com send a newletter to ali for the promotion of new products. Shophive.com Ali Newsletter Newsletter Hello Mr, Ali We introduce new Product , Click for More Detail Shophive Newsletter Hello Mr, Ali We introduce new Product , Click for More Detail Shophive Change Content Any other person On the internet

6 Customer & Merchant prospective on Integrity dimension of e-commerce
Customer’s Prospective: Has information I transmit or receive been altered? Merchant’s Prospective: Has data on the site been altered without authorization? Is data being received from customers valid?

7 Nonrepudiation: prevention against any one party from reneging on an agreement after the fact
the ability to ensure that e-commerce participants do not deny their online actions. Example 1: An example of a repudiation incident would be a customer ordering merchandise online and later denying that he or she had done so. The credit card issuer will usually side with the customer because the merchant has no legally valid proof that the customer ordered the merchandise.

8 Customer & Merchant prospective on Non – Repudiation dimension of e-commerce
Customer’s Prospective: Can a party to an action with me later deny taking the action? Merchant’s Prospective: Can a customer deny ordering products?

9 Authenticity: authentication of data source
Authenticity is the ability to identify the identity of a person or entity you are transacting with on the Internet. Example 1: One instance of an authenticity security breach is “spoofing,” in which someone uses a fake address, or poses as someone else. This can also involve redirecting a Web link to a different address. Example 2: One instance of an authenticity security breach in which postman deliver the mail to a wrong address.

10 Example: <a href://www. shophive
Example: <a href:// <a href:// Ali is registered customer of shophive.com Shophive.com send a newletter to ali for the promotion of new products. Authentication shophive to ali is valid but ali is redirected to a spoofed site. Shophive.com Ali Newsletter Newsletter Hello Mr, Ali We introduce new Product , Click for More Detail Shophive Newsletter Hello Mr, Ali We introduce new Product , Click for More Detail Shophive Change Content Shophivee.com Spoofed Web Any other person On the internet

11 Customer & Merchant prospective on Authenticity dimension of e-commerce
Customer’s Prospective: Who am I dealing with? How can I be assured that the person or entity is who they claim to be? Merchant’s Prospective: What is the real identity of the customer?

12 Confidentiality: protection against unauthorized data disclosure
Privacy concerns people or control over information, whereas confidentiality concerns data. Confidentiality: The ability to ensure that messages and data are available only to authorized viewers. One type of confidentiality security breach is “sniffing” in which a program is used to steal proprietary information on a network including messages, company files, or confidential reports. Bank send credit card pin on your address but someone (postman etc) read it. (it is breach of confidentiality)

13 Customer & Merchant prospective on Confidentiality dimension of e-commerce
Customer’s Prospective: Can someone other than the intended recipient read my messages? Merchant’s Prospective: Are messages or confidential data accessible to anyone other than those authorized to view them?

14 Privacy: provision of data control and disclosure
The ability to control the use of information a customer provides about him or herself to an e-commerce merchant. An example of a privacy security breach is a hacker breaking into an e-commerce site and gaining access to credit card or other customer information. This violates the confidentiality of the data and also the privacy of the people who supplied the data.

15 Customer & Merchant prospective on Privacy dimension of e-commerce
Customer’s Prospective: Can I control the use of information about myself transmitted to an e-commerce merchant? Merchant’s Prospective: What use , if any, can be made of personal data collected as part of an e-commerce transaction? Is the personal information of customers being used in an unauthorized manner?

16 Availability: prevention against data delays or removal
This is the ability to ensure that an e-commerce site continues to function as intended. Availability ensures you have access and are authorized to resources. Example 1 :One availability security breach is a DoS (Denial of Service) attack in which hackers flood a Web site with useless traffic that causes it to shut down, making it impossible for users to access the site. Example 2:If the post office destroys your mail or the postman takes one year to deliver your mail, he has impacted the availability of your mail.

17 Customer’s Prospective: Can I get access to the site?
Customer & Merchant prospective on Availability dimension of e-commerce Customer’s Prospective: Can I get access to the site? Merchant’s Prospective: Is the site Operational?

Download ppt "Dimensions of E – Commerce Security"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Introduction to network security

Introduction to network security
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment ELC 200 Day 24.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment ELC 200 Day 24.
“Electronic Payment System”

“Electronic Payment System”
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Similar presentations

Ads by Google