Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELC 200 Day 10. Agenda Questions? Assignment 2 Corrected  11 A’s, 2 B’s Assignment 3 is Due Assignment 4 will be posted soon Quiz 2 on March 7  Chap.

Published byMadeline Douglas Modified over 9 years ago

Similar presentations

Presentation on theme: "ELC 200 Day 10. Agenda Questions? Assignment 2 Corrected  11 A’s, 2 B’s Assignment 3 is Due Assignment 4 will be posted soon Quiz 2 on March 7  Chap."— Presentation transcript:

1 ELC 200 Day 10

2 Agenda Questions? Assignment 2 Corrected  11 A’s, 2 B’s Assignment 3 is Due Assignment 4 will be posted soon Quiz 2 on March 7  Chap 3-5  Same format as before Begin discussion on E-Commerce Security and Payment systems

3 Chapter 5 E-commerce Security and Payment Systems Copyright © 2014 Pearson Education, Inc.

4 Learning Objectives Understand the scope of e-commerce crime and security problems. Describe the key dimensions of e-commerce security. Identify the key security threats in the e-commerce environment. Describe how technology helps protect the security of messages sent over the Internet. Identify the tools used to establish secure Internet communications channels, and protect networks, servers, and clients. Identify the major e-commerce payment systems in use today. Describe the features and functionality of electronic billing presentment and payment systems.

5 Class Discussion Cyberwar: MAD 2.0 What is the difference between hacking and cyberwar? Why has cyberwar become more potentially devastating in the past decade? Why has Google been the target of so many cyberattacks? Is it possible to find a political solution to MAD 2.0? Copyright © 2014 Pearson Education, Inc.Slide 5-5

6 12-6 © 2007 Prentice-Hall, Inc CYBER Warfare China-US Cyber War Russia – Estonia Cyber war Twitter DDoS http://anonnews.org/ Korean DDoS Stuxnet Worm Taught at US Military academies  bh-fed-03-dodge.pdf bh-fed-03-dodge.pdf  iwar_wise.pdf iwar_wise.pdf  http://www.westpoint.edu/crc/SitePages/Home.aspx http://www.westpoint.edu/crc/SitePages/Home.aspx

7 12-7 © 2007 Prentice-Hall, Inc DDOS https://zeustracker.abuse.ch/ https://spyeyetracker.abuse.ch/

8 The E-commerce Security Environment Overall size and losses of cybercrime unclear  Reporting issues 2011 CSI survey: 46% of respondent firms detected breach in last year 2011 CSI survey Underground economy marketplace  Stolen information stored on underground economy servers Copyright © 2014 Pearson Education, Inc.Slide 5-8

9 Copyright © 2012 Pearson Education, Inc.Slide 5-9

10 Types of Attacks Against Computer Systems (Cybercrime) SOURCE: Based on data from Computer Security Institute, 2011 Copyright © 2012 Pearson Education, Inc.Slide 5-10

11 What is Good E-commerce Security? To achieve highest degree of security  New technologies  Organizational policies and procedures  Industry standards and government laws Copyright © 2014 Pearson Education, Inc.Slide 5-11

12 The E-commerce Security Environment Figure 5.1, Page 168 Copyright © 2014 Pearson Education, Inc.Slide 5-12

13 Copyright © 2014 Pearson Education, Inc.Slide 5-13

14 The Tension Between Security and Other Values Ease of use:  The more security measures added, the more difficult a site is to use, and the slower it becomes Public safety and criminal uses of the Internet  Use of technology by criminals to plan crimes or threaten nation-state Copyright © 2012 Pearson Education, Inc.Slide 5-14

15 Security Threats in the E-commerce Environment Three key points of vulnerability in e- commerce environment: 1. Client 2. Server 3. Communications pipeline (Internet communications channels) Copyright © 2014 Pearson Education, Inc.Slide 5-15

16 A Typical E-commerce Transaction Copyright © 2012 Pearson Education, Inc.Slide 5-16

17 Vulnerable Points in an E-commerce Transaction Figure 5.2, Page 170 Copyright © 2014 Pearson Education, Inc.Slide 5-17

18 12-18 © 2007 Prentice-Hall, Inc Snoop and Sniff

19 Most Common Security Threats in the E-commerce Environment Malicious code  Viruses  Worms  Trojan horses  Drive-by downloads  Backdoors  Bots, botnets  Threats at both client and server levels Copyright © 2014 Pearson Education, Inc.Slide 5-19

20 Most Common Security Threats (cont.) Potentially unwanted programs (PUPs)  Browser parasites  Adware  Spyware Phishing  E-mail scams  Social engineering  Identity theft Copyright © 2014 Pearson Education, Inc.Slide 5-20

21 12-21 © 2007 Prentice-Hall, Inc SpywareSpyware infestation. Taken by Brandon Waddell.

22 Most Common Security Threats (cont.) Hacking  Hackers vs. crackers  Types of hackers: White, black, grey hats  Hacktivism (Anonymous) Cybervandalism  Disrupting, defacing, destroying Web site Data breach  Losing control over corporate information to outsiders Copyright © 2014 Pearson Education, Inc.Slide 5-22

23 Most Common Security Threats (cont.) Credit card fraud/theft  Hackers target merchant servers; use data to establish credit under false identity  Hannaford hack Hannaford hack Spoofing (Pharming) Spam (junk) Web sites  http://www.buycheapr.com/us/result.jsp?ga=us5&q=chevelle+bu mper http://www.buycheapr.com/us/result.jsp?ga=us5&q=chevelle+bu mper Denial of service (DoS) attack  Hackers flood site with useless traffic to overwhelm network Distributed denial of service (DDoS) attack Copyright © 2014 Pearson Education, Inc.Slide 5-23

24 Most Common Security Threats (cont.) Sniffing  Eavesdropping program that monitors information traveling over a network Insider attacks Poorly designed server and client software Social network security issues Mobile platform security issues  Same risks as any Internet device Cloud security issues Copyright © 2014 Pearson Education, Inc.Slide 5-24

25 Copyright © 2010 Pearson Education, Inc.Slide 1-25

26 12-26 © 2007 Prentice-Hall, Inc The Players: Hackers, Crackers, and Other Attackers Hackers  Original hackers created the Unix operating system and helped build the Internet, Usenet, and World Wide Web; and, used their skills to test the strength and integrity of computer systems  Over time, the term hacker came to be applied to rogue programmers who illegally break into computers and networks  Hacker underground http://www.defcon.org/ http://www.blackhat.com/ http://www.2600.com/

27 12-27 © 2007 Prentice-Hall, Inc The Players: Hackers, Crackers, and Other Attackers (cont.) Uber Haxor  Wizard Internet Hackers  Highly capable attackers  Responsible for writing most of the attacker tools Crackers People who engage in unlawful or damaging hacking short for “criminal hackers” Other attackers  “Script kiddies” are ego-driven, unskilled crackers who use information and software (scripts) that they download from the Internet to inflict damage on targeted sites  Scorned by both the Law enforcement and Hackers communities

28 12-28 © 2007 Prentice-Hall, Inc How Hackers Hack Many Techniques  Social Engineering Get someone to give you their password  Cracking Guessing passwords A six letter password (no caps)  > 300 million possibilities Merriam-Webster's citation files, which were begun in the 1880s, now contain 15.7 million examples of words used in context and cover all aspects of the English vocabulary.  http://www.m-w.com/help/faq/words_in.htm http://www.m-w.com/help/faq/words_in.htm  Buffer Overflows Getting code to run on other PCs  Load a Trojan or BackDoor  Snoop and Sniff Steal data  Denial of Service (DOS) Crash or cripple a Computer from another computer  Distributed Denial of Service (DDOS) Crash or cripple a Computer from multiple distributed computers

29 Insight on Technology: Class Discussion Think Your Smartphone Is Secure? What types of threats do smartphones face? Are there any particular vulnerabilities to this type of device? Are apps more or less likely to be subject to threats than traditional PC software programs?  http://www.spyphone.com/ http://www.spyphone.com/  http://www.mobile-spy.com/ http://www.mobile-spy.com/  http://www.foxnews.com/tech/2011/12/01/is-your-smartphone- secretly-spying-on/ http://www.foxnews.com/tech/2011/12/01/is-your-smartphone- secretly-spying-on/ Copyright © 2014 Pearson Education, Inc.Slide 5-29

30 12-30 © 2007 Prentice-Hall, Inc Maine’s Anti-Hacker laws §432. Criminal invasion of computer privacy 1. A person is guilty of criminal invasion of computer privacy if the person intentionally accesses any computer resource knowing that the person is not authorized to do so. [1989, c. 620 (new).] 2. Criminal invasion of computer privacy is a Class D crime. [1989, c. 620 (new).] §433. Aggravated criminal invasion of computer privacy 1. A person is guilty of aggravated criminal invasion of computer privacy if the person: A. Intentionally makes an unauthorized copy of any computer program, computer software or computer information, knowing that the person is not authorized to do so; [1989, c. 620 (new).] B. Intentionally or knowingly damages any computer resource of another person, having no reasonable ground to believe that the person has the right to do so; or [1989, c. 620 (new).] C. Intentionally or knowingly introduces or allows the introduction of a computer virus into any computer resource, having no reasonable ground to believe that the person has the right to do so. [1989, c. 620 (new).][1989, c. 620 (new).] 2. Aggravated criminal invasion of computer privacy is a Class C crime. [1989, c. 620 (new).]

31 Technology Solutions Protecting Internet communications  Encryption Securing channels of communication  SSL, VPNs Protecting networks  Firewalls Protecting servers and clients Copyright © 2014 Pearson Education, Inc.Slide 5-31

32 Tools Available to Achieve Site Security Figure 5.4, Page 181 Copyright © 2014 Pearson Education, Inc.Slide 5-32

33 Encryption  Transforms data into cipher text readable only by sender and receiver  Secures stored information and information transmission  Provides 4 of 6 key dimensions of e-commerce security Message integrity Nonrepudiation Authentication Confidentiality Copyright © 2014 Pearson Education, Inc.Slide 5-33

34 Symmetric Key Encryption Sender and receiver use same digital key to encrypt and decrypt message Requires different set of keys for each transaction Strength of encryption  Length of binary key used to encrypt data Advanced Encryption Standard (AES)  Most widely used symmetric key encryption  Uses 128-, 192-, and 256-bit encryption keys Other standards use keys with up to 2,048 bits Copyright © 2014 Pearson Education, Inc.Slide 5-34

35 Public Key Encryption Uses two mathematically related digital keys  Public key (widely disseminated)  Private key (kept secret by owner) Both keys used to encrypt and decrypt message Once key used to encrypt message, same key cannot be used to decrypt message Sender uses recipient’s public key to encrypt message; recipient uses private key to decrypt it Copyright © 2014 Pearson Education, Inc.Slide 5-35

36 12-36 © 2007 Prentice-Hall, Inc What Is Encryption? A way to transform a message so that only the sender and recipient can read, see, or understand it Plaintext (cleartext): the message that is being protected Encrypt (encipher): transform a plaintext into ciphertext Encryption: a mathematical procedure that scrambles data so that it is extremely difficult for anyone other than authorized recipients to recover the original message Key: a series of electronic signals stored on a PC’s hard disk or transmitted as blips of data over transmission lines  Plaintext + key = Ciphertext  Ciphertext – key = Plaintext

37 Public Key Cryptography: A Simple Case Figure 5.5, Page 184 Copyright © 2014 Pearson Education, Inc.Slide 5-37

38 12-38 © 2007 Prentice-Hall, Inc Symmetric Key Encryption Message “Hello” Encryption Method & Key Symmetric Key Party A Party B Interceptor Network Encrypted Message Encryption uses a non-secret encryption method and a secret key

39 12-39 © 2007 Prentice-Hall, Inc Simple example (encrypt) Every letter is converted to a two digit number  A=1, Z = 26  ANTHONY  01 14 20 08 15 14 25  Produce any 4 digit key  3654 (10 N -1 choices = 9,999)  Add together in blocks of 4 digits  0114 + 3654 = 3768  2008 + 3654 = 5662  1514 + 3654 = 5168  2500 + 3654 = 6154 (pad with 00 to make even) Send 3768566251686154 to fellow Spy

40 12-40 © 2007 Prentice-Hall, Inc Simple example (Decrypt) Received 3768566251686154 from fellow Spy  Break down in 4 digits groupings 3768 5662 5168 6154  Get right Key  3654  Subtract key from blocks of 4 digits  3768 - 3654 = 114  5662 - 3654 = 2008  5168 - 3654 = 1514  6154 - 3654 = 2500  If result is negative add 10000 Break down to 2 digits and decode  01 = A, 14 =N, 20 = T, 08 = H

41 Public Key Encryption Using Digital Signatures and Hash Digests Hash function:  Mathematical algorithm that produces fixed-length number called message or hash digest Hash digest of message sent to recipient along with message to verify integrity Hash digest and message encrypted with recipient’s public key Entire cipher text then encrypted with recipient’s private key—creating digital signature—for authenticity, nonrepudiation Copyright © 2014 Pearson Education, Inc.Slide 5-41

42 Public Key Cryptography with Digital Signatures Figure 5.6, Page 185 Copyright © 2014 Pearson Education, Inc.Slide 5-42

43 Digital Certificates and Public Key Infrastructure (PKI) Digital certificate includes:  Name of subject/company  Subject’s public key  Digital certificate serial number  Expiration date, issuance date  Digital signature of CA Public Key Infrastructure (PKI):  CAs and digital certificate procedures  PGP Copyright © 2014 Pearson Education, Inc.Slide 5-43

44 Digital Certificates and Certification Authorities Figure 5.7, Page 187 Copyright © 2014 Pearson Education, Inc.Slide 5-44

45 Limits to Encryption Solutions Doesn’t protect storage of private key  PKI not effective against insiders, employees  Protection of private keys by individuals may be haphazard No guarantee that verifying computer of merchant is secure Copyright © 2014 Pearson Education, Inc.Slide 5-45

46 Insight on Society: Class Discussion Web Dogs and Anonymity: Identity 2.0 What are some of the benefits of continuing the anonymity of the Internet? Who are the groups involved in creating an identity system for the Internet? Who should control a central identity system? Copyright © 2014 Pearson Education, Inc.Slide 5-46

47 Securing Channels of Communication Secure Sockets Layer (SSL) and Transport Layer Security (TLS)  Establishes a secure, negotiated client-server session in which URL of requested document, along with contents, is encrypted Virtual Private Network (VPN)  Allows remote users to securely access internal network via the Internet Copyright © 2014 Pearson Education, Inc.Slide 5-47

48 Secure Negotiated Sessions Using SSL/TLS Figure 5.8, Page 189 Copyright © 2014 Pearson Education, Inc.Slide 5-48

49 Protecting Networks Firewall  Hardware or software  Uses security policy to filter packets Proxy servers (proxies)  Software servers that handle all communications originating from or being sent to the Internet Copyright © 2014 Pearson Education, Inc.Slide 5-49

50 Protecting Servers and Clients Operating system security enhancements  Upgrades, patches Anti-virus software  Easiest and least expensive way to prevent threats to system integrity  Requires daily updates Copyright © 2014 Pearson Education, Inc.Slide 5-50

51 E-commerce Payment Systems Credit cards  Still the dominant online payment method in United States Limitations of online credit card payment systems  Security, merchant risk  Cost  Social equity Copyright © 2014 Pearson Education, Inc.Slide 5-51

52 How an Online Credit Transaction Works Figure 5.10, Page 193 Copyright © 2014 Pearson Education, Inc.Slide 5-52

53 Alternative Online Payment Systems Online stored value systems  Based on value stored in a consumer’s bank, checking, or credit card account  e.g.: PayPal Other alternatives  Amazon Payments  Google Checkout Copyright © 2014 Pearson Education, Inc.Slide 5-53

54 Mobile Payment Systems Use of mobile phones as payment devices established in Europe, Japan, South Korea Near field communication (NFC)  Short-range (2”) wireless for sharing data between devices Expanding in United States  Google Wallet Mobile app designed to work with NFC chips  PayPal  Square Copyright © 2014 Pearson Education, Inc.Slide 5-54

55 Digital Cash and Virtual Currencies Digital cash  Based on algorithm that generates unique tokens that can be used in “real” world  e.g.: Bitcoin Virtual currencies  Circulate within internal virtual world  e.g.: Linden Dollars in Second Life, Facebook Credits Copyright © 2014 Pearson Education, Inc.Slide 5-55

56 Electronic Billing Presentment and Payment (EBPP) Online payment systems for monthly bills 50% of all bill payments Two competing EBPP business models:  Biller-direct (dominant model)  Consolidator Both models are supported by EBPP infrastructure providers Copyright © 2014 Pearson Education, Inc.Slide 5-56

57 Copyright © 2014 Pearson Education, Inc.Slide 5-57

Download ppt "ELC 200 Day 10. Agenda Questions? Assignment 2 Corrected  11 A’s, 2 B’s Assignment 3 is Due Assignment 4 will be posted soon Quiz 2 on March 7  Chap."

Similar presentations

CSC 330 E-Commerce Teacher Ahmed Mumtaz Mustehsan Ahmed Mumtaz Mustehsan GM-IT CIIT Islamabad GM-IT CIIT Islamabad CIIT Virtual Campus, CIIT COMSATS Institute.

CSC 330 E-Commerce Teacher Ahmed Mumtaz Mustehsan Ahmed Mumtaz Mustehsan GM-IT CIIT Islamabad GM-IT CIIT Islamabad CIIT Virtual Campus, CIIT COMSATS Institute.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2013 Pearson Education, Inc.

Copyright © 2013 Pearson Education, Inc.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
E-commerce business. technology. society. Kenneth C. Laudon

E-commerce business. technology. society. Kenneth C. Laudon
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Copyright © 2009 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Copyright © 2009 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol.
E-commerce: business. technology. society.

E-commerce: business. technology. society.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Copyright © 2015 Pearson Education, Inc.

Copyright © 2015 Pearson Education, Inc.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Chapter 5 E-commerce Security and Payment Systems.

Chapter 5 E-commerce Security and Payment Systems.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections

Similar presentations

Ads by Google