Presentation is loading. Please wait.

Presentation is loading. Please wait.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Published byTheodore Stone Modified over 8 years ago

Similar presentations

Presentation on theme: "Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed."— Presentation transcript:

1 Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed and correct Availability –System functions cannot be denied

2 Security in the Real World Professionals must address: –Specification/Policy Requirements, analysis, planning,… –Implementation/mechanisms Algorithms, protocols, components, etc. –Correctness/assurance Proof, testing, verification, attacks, etc. –The Human Factor Protecting against “bad” users and clever attackers All critical: CS453 focuses on the 2nd item

3 Terms for Activities Related to E-Commerce Security Authentication –Identification of a user for access Authorization –Defining and enforcing rules or levels of access Repudiation –A party later denying a transaction has occurred –Goal: insuring non-repudiation

4 Briefly: Security Policy You should define a security policy document for your site or application –A form of non-functional requirements Might include: –General philosophy toward security (high-level goals etc.) –Items to be protected –Who’s responsible for protecting them –Standards and measures to be used: how to measure to say you’ve built a secure system

5 What’s Coming in this Unit?

6 Authentication Proving a user is who they say they are Methods? –Passwords –Digital signatures, digital certificates –Biometrics (fingerprint readers etc.) –Smart cards and other HW We’ll discuss –Cryptography –Mechanisms: algorithms, web servers, biometrics, SSL

7 Authorization We won’t say much about this Approaches include: –Access control lists –Capabilities –Multi-level security systems

8 Non-Repudiation Non-repudiation of origin –proves that data has been sent Non-repudiation of delivery –proves it has been received Digital signatures –And more crypto

9 Digital Certificates “On the Internet, no one knows you’re a dog.” –Or do they? –For commerce, we can’t always allow anonymity How does UVa’s NetBadge work? –http://www.itc.virginia.edu/netbadge/http://www.itc.virginia.edu/netbadge/ Public Key Infrastructure (PKI) Certifying Authorities in the commercial world –E.g. VeriSign

10 SSL: Secure Socket Layer A network protocol layer between TCP and the application. Provides: Secure connection – client/server transmissions are encrypted, plus tamper detection Authentication mechanisms –From both client’s point of view and also server’s –Is the other side trusted, who they say they are? Using certificates –Is the Certificate Authority trusted?

11 Cryptography Cryptography underlies much of this Interesting computer science –And historical interest too We’ll touch on that –But always try to come back to the practical and e-commerce Topics: –Symmetric Key Crypto.; Public Key Crypto.; Digital Signatures; Digital Certificates; SSL

Download ppt "Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google