Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Electronic Commerce The need for Public Key Infrastructure Budi Rahardjo Presented at BPPT, Jakarta, Indonesia 10 February 2000.

Similar presentations


Presentation on theme: "Security in Electronic Commerce The need for Public Key Infrastructure Budi Rahardjo Presented at BPPT, Jakarta, Indonesia 10 February 2000."— Presentation transcript:

1 Security in Electronic Commerce The need for Public Key Infrastructure Budi Rahardjo Presented at BPPT, Jakarta, Indonesia 10 February 2000

2 v1.0Security in ecommerce - Budi Rahardjo2 Outline Brief intro on {computer, network, information} security and its relation to electronic commerce The need for Public Key Infrastructure, Certification Authority (CA), Incident Response Team Security issues in Indonesia

3 v1.0Security in ecommerce - Budi Rahardjo3 Introduction No need to introduce on Electronic Commerce. [Has been presented by previous speakers.] Trust, Security and Confidence are esential to underpin Electronic Commerce Ecommerce will succeed if security level is acceptable.

4 v1.0Security in ecommerce - Budi Rahardjo4 Security Issues Security services: –Confidentiality / privacy –Integrity –Non-repudiation –Authentication –Access control –Availability Some can be achived with cryptography –Encryption & Decryption –Private key system vs Public key system

5 v1.0Security in ecommerce - Budi Rahardjo5 Private [symmetric, shared] key cryptosystem EncryptionDecryption Plaintext Ciphertext Shared (secret) key phone Plaintext

6 v1.0Security in ecommerce - Budi Rahardjo6 Private key cryptosystem Uses one (secret) key to encrypt and decrypt. Problem in key distribution and management –The number of keys increases exponentially (n)(n-1)/2 –Key distribution requires separate secure channel Advantage: faster operation compared to public key Examples: DES, IDEA

7 v1.0Security in ecommerce - Budi Rahardjo7 Public (asymmetric) key cryptosystem EncryptionDecryption Plaintext Ciphertext My phone Public key Private key Public key repository Certificate Authority (CA)

8 v1.0Security in ecommerce - Budi Rahardjo8 Public key cryptosystem Use different keys to encrypt and decrypt. Less number of keys. Require key repository. Management of keys may be more complicated. Disadvantage: –requires extensive computing power to calculate Examples: RSA, ECC

9 v1.0Security in ecommerce - Budi Rahardjo9 Certification Authority (CA) The need for Public Key Infrastructure The need to have a National Certification Authority –An Indonesian National CA initiative is under progress Indosat/Indosatcom, Pos/Wasantara, Telkom, Deprindag (MITI), ITB, UI There may be more than one Cas Other CAs –Verisign –Entrust –International Secure Electronic Transaction Organisation (ISETO)

10 v1.0Security in ecommerce - Budi Rahardjo10 Incident Response Team ID-CERT: cert.or.id Indonesia Computer Emergency Response Team Modeled after CERT, COAST Purdue –Public services –Research & development, education –Commercial services

11 v1.0Security in ecommerce - Budi Rahardjo11 Security incidents in Indonesia Many web sites have been vandalized. The following are recent hacked –Jackarta Stock Exchange –Bank Central Asia –Indosatnet Other incidents –Port scanning / probing –Mail spamming

12 v1.0Security in ecommerce - Budi Rahardjo12 Other security issues Standarization –X509 Law, cyberlaw –cryptography usage? Digital signature law? Intellectual property rights? Privacy issues? Critical Infrastructure

13 v1.0Security in ecommerce - Budi Rahardjo13 Budi Rahardjo PPAU Mikrolektronika - InterUniversity Research on Microelectronics Institut Teknologi Bandung Phone: (62-22) PIKSI ITB - Computing Services Phone: (62-22) IDNIC IDCERT Affiliation


Download ppt "Security in Electronic Commerce The need for Public Key Infrastructure Budi Rahardjo Presented at BPPT, Jakarta, Indonesia 10 February 2000."

Similar presentations


Ads by Google