Presentation is loading. Please wait.

Presentation is loading. Please wait.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

Published byEzra Holt Modified over 9 years ago

Similar presentations

Presentation on theme: "By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security."— Presentation transcript:

1 By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security

2 Main Points Web Security Threats Cryptography Encryption and Decryption SSL Digital Certificates

3 Introduction Even though online shopping has become largely accepted by most segments of the public, many people are wary of the security of the Internet. The explosive growth of the Internet has attracted countless thieves seeking to take advantages of weakness in the retail realm. Stolen customer data is extremely valuable to thieves and very costly to e-business that fail to protect their shopper's personal information.

4 Server Client Intranet Internet Extranet Communication Channels

5 BrowserRouter Server Router Hacker Sniffer Web Security Threats

6 BrowserRouter Server Router Hacker FAKE Server Cont.

7 Bank Katie sends Order Form Katie’s Bank CD Store Merchant’s Bank ISP Online CD Store CD Warehouse Web Server Internet Payment Network Katie’s order Order printed at CD warehouse CD arrives 2-3 days after order is received Typical B2C Transaction

8 ISP Online CD Store CD Warehouse Web Server Katie A Tapping line B Sniffer at ISP C Sniffer on Internet backbone E Breaking into store database D Internet Backbone Web Security Threats in B2C

9 What are the threats in E-commerce Security threats A to D can be handled by providing secure transmission - cryptographic methods Threat E and similar types managed by access control methods

10 Security Issues E-business security issues from customer (user) side: Is the web site owned and operated by trusted company? (Authentication) Is the form and the page contain malicious codes? (Privacy) Will the web site share my information to others? (Privacy) E-business security issues from the merchant (company) side: Will the customer attempt to break into the web site (server) or alter it? (Authorization, Integrity) Will the customer attempt to disrupt the web site so it will not be available to others? (Availability)

11 Cont. E-business issues from customer and merchant: Is network connection free from sniffers? (Privacy) Is the information sent back and forth between website and customer modified? (Integrity)

12 Cryptography To secure a house, keys are used to lock the doors It is assumed that an intruder can not easily obtain a copy of the key and enter the house o The intruder could search for all the keys in the world and try them one at a time, but this would take a long time Computer security uses a similar system ( symmetric key and public key cryptography) to secure messages passed between computers

13 Cryptography What is cryptography? It is the lock and key combination that prevents a non-key holder from decrypting a secret message What is most important is the strength of the lock and the number of possible keys

14 Cryptography To describe these cryptographic systems the following terms must first be defined: o A key is used in conjunction with a cipher to encrypt or decrypt a message. A key is simply a number (usually a binary number)‏ o A cipher is an algorithm used to encrypt a message o Ciphertext is the encrypted message o Plaintext is the unencrypted message

15 Cryptography Since a key is a binary number, a 56 bit key has about a quadrillion different key combinations Traditionally, a key length of 56 bits was considered secure since: o If one million keys were tried each second then it would take 1000 years to break the ciphertext However, due to increases in computing power a 56 bit key can now be broken in just 24 hours As a result key lengths of 128 bits or more are typical

16 Encryption and Decryption Encryption Overview o Plain text is converted to cipher text by use of an algorithm and key.  Algorithm is publicly known  Key is held private Two main categories of cryptography: 1.Symmetric key encryption single key is used to encrypt and decrypt information 2.Public Key encryption two keys are used: one for encryption (public key) and one for decryption (private key)‏

17 Encryption “The quick brown fox jumps over the lazy dog” “AxCv;5bmEseTfid3)f GsmWe#4^,sdgfMwir3 :dkJeTsY8R\s@!q3%” “The quick brown fox jumps over the lazy dog” Decryption Plain-text inputPlain-text output Cipher-text Same key (shared secret) Symmetric Key Encryption

18 “The quick brown fox jumps over the lazy dog” “Py75c%bn&*)9|fDe^b DFaq#xzjFr@g5=&nm dFg$5knvMd’rkvegMs ” “The quick brown fox jumps over the lazy dog” Clear-text inputClear-text output Cipher-text Different keys Recipient’s public key Recipient’s private key private public EncryptionDecryption Public key Encryption

19 Technologies Technologies used to solve E-Business Security issues: Security Socket Layer (SSL) IPSec VPN Firewall Intrusion Detection Systems (IDS)

20 Network Security SSL provides a secure way for client and server to transmit confidential information.

21 Secure Socket Layer (SSL) advantages 1.Confidentiality  provides privacy for messages and stored data by hiding(encrypted)‏ 2.Message Integrity  provides assurance to all parties that a message remains unchanged 3.Authentication  Identifies the sender and receiver of a message  identifies the origin of a message  verifies the identity of person using a computer system

22 Cont. Digital Certificates (for authentication) One way of verifying the source of information is through a digital certificate A digital certificate is an attachment to a message which verifies the sender of the message It contains an encrypted message that o identifies the author o Indicates whether the certificate is valid or not

23 Cont. Other information on the digital certificate is: o The certificate’s owner’s identifying information, such as name, organization and address o The certificate owner’s public key o Dates between which the certificate is valid o Serial number of the certificate o Name of the certificate issuer o Digital signature of the certificate issuer

24 Cont. Digital certificates are issued by a certification authority (CA)‏ o To individuals or organizations o Appropriate proof of identity must be provided One of the oldest and best know certification authority is VeriSign

Download ppt "By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Similar presentations

Ads by Google