Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELC 200 Day 11. Agenda Questions? Assignment 3 is Not Corrected  Missing assignments Assignment 4 is posted  Due March 9:30 AM  Assignment4.pdf.

Published byMaud Walters Modified over 9 years ago

Similar presentations

Presentation on theme: "ELC 200 Day 11. Agenda Questions? Assignment 3 is Not Corrected  Missing assignments Assignment 4 is posted  Due March 9:30 AM  Assignment4.pdf."— Presentation transcript:

1 ELC 200 Day 11

2 Agenda Questions? Assignment 3 is Not Corrected  Missing assignments Assignment 4 is posted  Due March 7 @ 9:30 AM  Assignment4.pdf Assignment4.pdf Quiz 2 on March 7  Chap 3-5  Same format as before  Extra credit question on Hackers convicted in Maine Finish discussion on E-Commerce Security and Payment systems

3 Chapter 5 E-commerce Security and Payment Systems Copyright © 2014 Pearson Education, Inc.

4 Learning Objectives Understand the scope of e-commerce crime and security problems. Describe the key dimensions of e-commerce security. Identify the key security threats in the e-commerce environment. Describe how technology helps protect the security of messages sent over the Internet. Identify the tools used to establish secure Internet communications channels, and protect networks, servers, and clients. Identify the major e-commerce payment systems in use today. Describe the features and functionality of electronic billing presentment and payment systems.

5 The E-commerce Security Environment Figure 5.1, Page 168 Copyright © 2014 Pearson Education, Inc.Slide 5-5

6 Copyright © 2014 Pearson Education, Inc.Slide 1-6

7 Technology Solutions Protecting Internet communications  Encryption Securing channels of communication  SSL, VPNs Protecting networks  Firewalls Protecting servers and clients Copyright © 2014 Pearson Education, Inc.Slide 5-7

8 Tools Available to Achieve Site Security Figure 5.4, Page 181 Copyright © 2014 Pearson Education, Inc.Slide 5-8

9 Encryption  Transforms data into cipher text readable only by sender and receiver  Secures stored information and information transmission  Provides 4 of 6 key dimensions of e-commerce security Message integrity Nonrepudiation Authentication Confidentiality Copyright © 2014 Pearson Education, Inc.Slide 5-9

10 Symmetric Key Encryption Sender and receiver use same digital key to encrypt and decrypt message Requires different set of keys for each transaction Strength of encryption  Length of binary key used to encrypt data Advanced Encryption Standard (AES)  Most widely used symmetric key encryption  Uses 128-, 192-, and 256-bit encryption keys Other standards use keys with up to 2,048 bits Copyright © 2014 Pearson Education, Inc.Slide 5-10

11 12-11 © 2007 Prentice-Hall, Inc What Is Encryption? A way to transform a message so that only the sender and recipient can read, see, or understand it Plaintext (cleartext): the message that is being protected Encrypt (encipher): transform a plaintext into ciphertext Encryption: a mathematical procedure that scrambles data so that it is extremely difficult for anyone other than authorized recipients to recover the original message Key: a series of electronic signals stored on a PC’s hard disk or transmitted as blips of data over transmission lines  Plaintext + key = Ciphertext  Ciphertext – key = Plaintext

12 12-12 © 2007 Prentice-Hall, Inc Symmetric Key Encryption Message “Hello” Encryption Method & Key Symmetric Key Party A Party B Interceptor Network Encrypted Message Encryption uses a non-secret encryption method and a secret key

13 12-13 © 2007 Prentice-Hall, Inc Simple example (encrypt) Every letter is converted to a two digit number  A=1, Z = 26  ANTHONY  01 14 20 08 15 14 25  Produce any 4 digit key  3654 (10 N -1 choices = 9,999)  Add together in blocks of 4 digits  0114 + 3654 = 3768  2008 + 3654 = 5662  1514 + 3654 = 5168  2500 + 3654 = 6154 (pad with 00 to make even) Send 3768566251686154 to fellow Spy

14 12-14 © 2007 Prentice-Hall, Inc Simple example (Decrypt) Received 3768566251686154 from fellow Spy  Break down in 4 digits groupings 3768 5662 5168 6154  Get right Key  3654  Subtract key from blocks of 4 digits  3768 - 3654 = 114  5662 - 3654 = 2008  5168 - 3654 = 1514  6154 - 3654 = 2500  If result is negative add 10000 Break down to 2 digits and decode  01 = A, 14 =N, 20 = T, 08 = H

15 Copyright © 2011 Pearson Education, Inc. Public Key Encryption Uses two mathematically related digital keys  Public key (widely disseminated)  Private key (kept secret by owner) Both keys used to encrypt and decrypt message Once key used to encrypt message, same key cannot be used to decrypt message Sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it Slide 5-15

16 Copyright © 2010 Pearson Education, Inc.Slide 1-16

17 12-17 © 2007 Prentice-Hall, Inc Public Key Encryption Public Key Encryption for Confidentiality Encrypted Message Encrypted Message Party A Party B Encrypt with Party B’s Public Key Decrypt with Party B’s Private Key Decrypt with Party A’s Private Key Encrypt with Party A’s Public Key Note: Four keys are used to encrypt and decrypt in both directions

18 Copyright © 2011 Pearson Education, Inc. Public Key Cryptography – A Simple Case Figure 5.8, Page 289 Slide 5-18

19 Public Key Encryption Using Digital Signatures and Hash Digests Hash function:  Mathematical algorithm that produces fixed-length number called message or hash digest Hash digest of message sent to recipient along with message to verify integrity Hash digest and message encrypted with recipient’s public key Entire cipher text then encrypted with recipient’s private key—creating digital signature—for authenticity, nonrepudiation Copyright © 2014 Pearson Education, Inc.Slide 5-19

20 12-20 © 2007 Prentice-Hall, Inc Digital Signature: Sender DS Plaintext MD Hash Sign (Encrypt) MD with Sender’s Private Key To Create the Digital Signature: 1.Hash the plaintext to create a brief message digest; This is NOT the digital signature 2. Sign (encrypt) the message digest with the sender’s private key to create the digital Signature

21 12-21 © 2007 Prentice-Hall, Inc Digital Signature Sender Receiver DSPlaintext Add Digital Signature to Each Message Provides Message-by-Message Authentication Encrypted for Confidentiality

22 12-22 © 2007 Prentice-Hall, Inc Digital Signature Sender Encrypts Receiver Decrypts Send Plaintext plus Digital Signature Encrypted with Public key of receiver DSPlaintext Transmission

23 12-23 © 2007 Prentice-Hall, Inc Digital Signature: Receiver DSReceived Plaintext MD 1. Hash 2. Decrypt with True Party’s Public Key 3. Are they Equal? 1. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest 2. Decrypt the digital signature with the sender’s public key. This also should give the message digest. 3. If the two match, the message is authenticated; The sender has the true Party’s private key

24 Copyright © 2011 Pearson Education, Inc. Public Key Cryptography with Digital Signatures Figure 5.9, Page 291 Slide 5-24

25 12-25 © 2007 Prentice-Hall, Inc Public Key Deception Impostor “I am the True Person.” “Here is TP’s public key.” (Sends Impostor’s public key) “Here is authentication based on TP’s private key.” (Really Impostor’s private key) Decryption of message from Verifier encrypted with Impostor’s public key, so Impostor can decrypt it Verifier Must authenticate True Person. Believes now has TP’s public key Believes True Person is authenticated based on Impostor’s public key “True Person, here is a message encrypted with your public key.” Critical Deception

26 Copyright © 2010 Pearson Education, Inc.Slide 5-26 http://swiki.fromdev.com/2009/11/ssl-is-not-secure-anymore-serious.html

27 Digital Certificates and Public Key Infrastructure (PKI) Digital certificate includes:  Name of subject/company  Subject’s public key  Digital certificate serial number  Expiration date, issuance date  Digital signature of CA Public Key Infrastructure (PKI):  CAs and digital certificate procedures  PGP Copyright © 2014 Pearson Education, Inc.Slide 5-27

28 Digital Certificates and Certification Authorities Figure 5.7, Page 187 Copyright © 2014 Pearson Education, Inc.Slide 5-28

29 Limits to Encryption Solutions Doesn’t protect storage of private key  PKI not effective against insiders, employees  Protection of private keys by individuals may be haphazard No guarantee that verifying computer of merchant is secure Copyright © 2014 Pearson Education, Inc.Slide 5-29

30 Copyright © 2011 Pearson Education, Inc.Slide 5-30

31 Insight on Society: Class Discussion Web Dogs and Anonymity: Identity 2.0 What are some of the benefits of continuing the anonymity of the Internet? Who are the groups involved in creating an identity system for the Internet? Who should control a central identity system? Copyright © 2014 Pearson Education, Inc.Slide 5-31

32 Securing Channels of Communication Secure Sockets Layer (SSL) and Transport Layer Security (TLS)  Establishes a secure, negotiated client-server session in which URL of requested document, along with contents, is encrypted Virtual Private Network (VPN)  Allows remote users to securely access internal network via the Internet Copyright © 2014 Pearson Education, Inc.Slide 5-32

33 Secure Negotiated Sessions Using SSL/TLS Figure 5.8, Page 189 Copyright © 2014 Pearson Education, Inc.Slide 5-33

34 Protecting Networks Firewall  Hardware or software  Uses security policy to filter packets Proxy servers (proxies)  Software servers that handle all communications originating from or being sent to the Internet Copyright © 2014 Pearson Education, Inc.Slide 5-34

35 Firewalls and Proxy Servers Copyright © 2012 Pearson Education, Inc.Slide 5-35

36 Protecting Servers and Clients Operating system security enhancements  Upgrades, patches Anti-virus software  Easiest and least expensive way to prevent threats to system integrity  Requires daily updates  http://anti-virus-software-review.toptenreviews.com/ http://anti-virus-software-review.toptenreviews.com/ Training of Personnel Copyright © 2014 Pearson Education, Inc.Slide 5-36

37 A Security Plan: Management Policies Risk assessment Security policy Implementation plan  Security organization  Access controls  Authentication procedures, including biometrics  Authorization policies, authorization management systems Security audit Copyright © 2012 Pearson Education, Inc.Slide 5-37

38 Developing an E-commerce Security Plan Copyright © 2012 Pearson Education, Inc.Slide 5-38

39 E-commerce Payment Systems Credit cards  Still the dominant online payment method in United States Limitations of online credit card payment systems  Security, merchant risk  Cost  Social equity Copyright © 2014 Pearson Education, Inc.Slide 5-39

40 How an Online Credit Transaction Works Figure 5.10, Page 193 Copyright © 2014 Pearson Education, Inc.Slide 5-40

41 Alternative Online Payment Systems Online stored value systems  Based on value stored in a consumer’s bank, checking, or credit card account  e.g.: PayPal Other alternatives  Amazon Payments  Google Checkout (Closed Nov. 20, 2013 )  Google Wallet Copyright © 2014 Pearson Education, Inc.Slide 5-41

42 Mobile Payment Systems Use of mobile phones as payment devices established in Europe, Japan, South Korea Near field communication (NFC)  Short-range (2”) wireless for sharing data between devices Expanding in United States  Google Wallet Mobile app designed to work with NFC chips  PayPal  Square Copyright © 2014 Pearson Education, Inc.Slide 5-42

43 Digital Cash and Virtual Currencies Digital cash  Based on algorithm that generates unique tokens that can be used in “real” world  e.g.: Bitcoin Virtual currencies  Circulate within internal virtual world  e.g.: Linden Dollars in Second Life, Facebook Credits Copyright © 2014 Pearson Education, Inc.Slide 5-43

44 Electronic Billing Presentment and Payment (EBPP) Online payment systems for monthly bills 50% of all bill payments Two competing EBPP business models:  Biller-direct (dominant model)  Consolidator Both models are supported by EBPP infrastructure providers Copyright © 2014 Pearson Education, Inc.Slide 5-44

Download ppt "ELC 200 Day 11. Agenda Questions? Assignment 3 is Not Corrected  Missing assignments Assignment 4 is posted  Due March 9:30 AM  Assignment4.pdf."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Copyright © 2013 Pearson Education, Inc.

Copyright © 2013 Pearson Education, Inc.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
E-commerce: business. technology. society.

E-commerce: business. technology. society.
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Copyright © 2015 Pearson Education, Inc.

Copyright © 2015 Pearson Education, Inc.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 24.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 24.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Similar presentations

Ads by Google