Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Published byPaula White Modified over 9 years ago

Similar presentations

Presentation on theme: "CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton."— Presentation transcript:

1 CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton

2 List Some Bad Things We Don’t Want to Happen

3 What Can Go Wrong? Exposure of confidential data –Yours, customer’s Loss, modification or destruction of data Denial of Service –And other “sabotage” Inability to insure integrity –Transaction completed? –Data valid?

4 Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed and correct Availability –System functions cannot be denied

5 Security in the Real World Professionals must address: –Specification/Policy Requirements, analysis, planning,… –Implementation/mechanisms Algorithms, protocols, components, etc. –Correctness/assurance Proof, testing, verification, attacks, etc. –The Human Factor Protecting against “bad” users and clever attackers All critical: CS453 focuses on the 2nd item

6 Terms for Activities Related to E-Commerce Security Authentication –Identification of a user for access Authorization –Defining and enforcing rules or levels of access Repudiation –A party later denying a transaction has occurred –Goal: insuring non-repudiation

7 Briefly: Security Policy You should define a security policy document for your site or application –A form of non-functional requirements Might include: –General philosophy toward security (high-level goals etc.) –Items to be protected –Who’s responsible for protecting them –Standards and measures to be used: how to measure to say you’ve built a secure system

8 What’s Coming in this Unit?

9 Authentication Proving a user is who they say they are Methods? –Passwords –Digital signatures, digital certificates –Biometrics (fingerprint readers etc.) –Smart cards and other HW We’ll discuss –Cryptography –Mechanisms: algorithms, web servers, biometrics, SSL

10 Authorization We won’t say much about this Approaches include: –Access control lists –Capabilities –Multi-level security systems

11 Non-Repudiation Non-repudiation of origin –proves that data has been sent Non-repudiation of delivery –proves it has been received Digital signatures –And more crypto

12 Digital Certificates “On the Internet, no one knows you’re a dog.” –Or do they? –For commerce, we can’t always allow anonymity How does UVa’s NetBadge work? –http://www.itc.virginia.edu/netbadge/http://www.itc.virginia.edu/netbadge/ Public Key Infrastruction (PKI) Certifying Authorities in the commercial world –E.g. VeriSign

13 SSL: Secure Socket Layer A network protocol layer between TCP and the application. Provides: Secure connection – client/server transmissions are encrypted, plus tamper detection Authentication mechanisms –From both client’s point of view and also server’s –Is the other side trusted, who they say they are? Using certificates –Is the Certificate Authority trusted?

14 Cryptography Cryptography underlies much of this Interesting computer science –And historical interest too We’ll touch on that –But always try to come back to the practical and e-commerce Topics: –Symmetric Key Crypto.; Public Key Crypto.; Digital Signatures; Digital Certificates; SSL

Download ppt "CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Similar presentations

Ads by Google