Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic commerce Threats

Published byJames Melton Modified over 8 years ago

Similar presentations

Presentation on theme: "Electronic commerce Threats"— Presentation transcript:

1 Electronic commerce Threats

2 Communication Channel Security
Internet Not designed to be secure Designed to provide redundancy Remains unchanged from original insecure state Message traveling on the Internet Subject to secrecy, integrity, and necessity threats

3 Secrecy Threats Secrecy Privacy
Prevention of unauthorized information disclosure Technical issue Requiring sophisticated physical and logical mechanisms Privacy Protection of individual rights to nondisclosure Legal matter

4 Secrecy Threats (cont’d.)
message Secrecy violations protected using encryption Protects outgoing messages Privacy issues address whether supervisors are permitted to read employees’ messages randomly Electronic commerce threat Sensitive or personal information theft Sniffer programs Record information passing through computer or router

5 Secrecy Threats (cont’d.)
Electronic commerce threat (cont’d.) Backdoor: electronic holes Left open accidentally or intentionally Content exposed to secrecy threats Example: Cart32 shopping cart program backdoor Stolen corporate information Eavesdropper example Web users continually reveal information Secrecy breach Possible solution: anonymous Web surfing

6 Integrity Threats Also known as active wiretapping
Unauthorized party alters message information stream Integrity violation example Cybervandalism Electronic defacing of Web site Masquerading (spoofing) Pretending to be someone else Fake Web site representing itself as original

7 Integrity Threats (cont’d.)
Domain name servers (DNSs) Internet computers maintaining directories Linking domain names to IP addresses Perpetrators use software security hole Substitute their Web site address in place of real one Spoofs Web site visitors Phishing expeditions Capture confidential customer information Common victims Online banking, payment system users

8 Necessity Threats Also known as delay, denial, denial-of-service (DoS) attack Disrupt or deny normal computer processing Intolerably slow-speed computer processing Renders service unusable or unattractive Distributed denial-of-service (DDoS) attack Launch simultaneous attack on a Web site via botnets DoS attacks Remove information altogether Delete transmission or file information

9 Necessity Threats (cont’d.)
Denial attack examples: Quicken accounting program diverted money to perpetrator’s bank account High-profile electronic commerce company received flood of data packets Overwhelmed sites’ servers Choked off legitimate customers’ access

10 Threats to the Physical Security of Internet Communications Channels
Internet’s packet-based network design: Precludes it from being shut down By attack on single communications link Individual user’s Internet service can be interrupted Destruction of user’s Internet link Larger companies, organizations Use more than one link to main Internet backbone

11 Threats to Wireless Networks
Wireless Encryption Protocol (WEP) Rule set for encrypting transmissions from the wireless devices to the WAPs Wardrivers Attackers drive around in cars Search for accessible networks Warchalking Place chalk mark on building Identifies easily entered wireless network nearby Web sites include wireless access locations maps

12 Threats to Wireless Networks (cont’d.)
Example Best Buy wireless point-of-sale (POS) Failed to enable WEP Customer launched sniffer program Intercepted data from POS terminals

13 Encryption Solutions Encryption: coding information using mathematically based program, secret key Cryptography: science studying encryption Science of creating messages only sender and receiver can read Steganography Makes text undetectable to naked eye Cryptography converts text to other visible text With no apparent meaning

14 Encryption Solutions (cont’d.)
Encryption algorithms Encryption program Transforms normal text (plain text) into cipher text (unintelligible characters string) Encryption algorithm Logic behind encryption program Includes mathematics to do transformation Decryption program Encryption-reversing procedure

15 Encryption Solutions (cont’d.)
Encryption algorithms (cont’d.) National Security Agency controls dissemination U.S. government banned publication of details Illegal for U.S. companies to export Encryption algorithm property May know algorithm details Unable to decipher encrypted message without knowing key encrypting the message Key type subdivides encryption into three functions Hash coding, asymmetric encryption, symmetric encryption

16 Encryption Solutions (cont’d.)
Hash coding Process uses Hash algorithm Calculates number (hash value) from any length message Unique message fingerprint Good hash algorithm design Probability of collision is extremely small (two different messages resulting in same hash value) Determining message alteration during transit No match with original hash value and receiver computed value

17 Encryption Solutions (cont’d.)
Asymmetric encryption (public-key encryption) Encodes messages using two mathematically related numeric keys Public key: one key freely distributed to public Encrypt messages using encryption algorithm Private key: second key belongs to key owner Kept secret Decrypt all messages received

18 Encryption Solutions (cont’d.)
Asymmetric encryption (cont’d.) Pretty Good Privacy (PGP) Software tools using different encryption algorithms Perform public key encryption Individuals download free versions PGP Corporation site, PGP International site Encrypt messages Sells business site licenses

19 Encryption Solutions (cont’d.)
Symmetric encryption (private-key encryption) Encodes message with one of several available algorithms Single numeric key to encode and decode data Message receiver must know the key Very fast and efficient encoding and decoding Key must be guarded

20 Encryption Solutions (cont’d.)
Symmetric encryption (cont’d.) Problems Difficult to distribute new keys to authorized parties while maintaining security, control over keys Private keys do not work well in large environments Data Encryption Standard (DES) Encryption algorithms adopted by U.S. government Most widely used private-key encryption system Fast computers break messages encoded with smaller keys

21 Encryption Solutions (cont’d.)
Symmetric encryption (cont’d.) Triple Data Encryption Standard (Triple DES, 3DES) Stronger version of Data Encryption Standard Advanced Encryption Standard (AES) Alternative encryption standard Most government agencies use today Longer bit lengths increase difficulty of cracking keys

22 Encryption Solutions (cont’d.)
Comparing asymmetric and symmetric encryption systems Advantages of public-key (asymmetric) systems Small combination of keys required No problem in key distribution Implementation of digital signatures possible Disadvantages of public-key systems Significantly slower than private-key systems Do not replace private-key systems (complement them) Web servers accommodate encryption algorithms Must communicate with variety of Web browsers

23 FIGURE 10-8 Comparison of (a) hash coding, (b) private-key, and (c) public-key encryption

24 Encryption Solutions (cont’d.)
Comparing asymmetric and symmetric encryption systems (cont’d.) Secure Sockets Layer (SSL) Goal: secures connections between two computers Secure Hypertext Transfer Protocol (S-HTTP) Goal: send individual messages securely

25 Encryption Solutions (cont’d.)
Secure sockets layer (SSL) protocol Provides security “handshake” Client and server exchange brief burst of messages All communication encoded Eavesdropper receives unintelligible information Secures many different communication types HTTP, FTP, Telnet HTTPS: protocol implementing SSL Precede URL with protocol name HTTPS

26 Encryption Solutions (cont’d.)
Secure sockets layer (SSL) protocol (cont’d.) Encrypted transaction generates private session key Bit lengths vary (40-bit, 56-bit, 128-bit, 168-bit) Session key Used by encryption algorithm Creates cipher text from plain text during single secure session Secrecy implemented using public-key and private-key encryption Private-key encryption for nearly all communications

27 FIGURE 10-9 Establishing an SSL session

28 Encryption Solutions (cont’d.)
Secure HTTP (S-HTTP) Extension to HTTP providing security features Client and server authentication, spontaneous encryption, request/response nonrepudiation Symmetric encryption for secret communications Public-key encryption to establish client/server authentication Client or server can use techniques separately Client browser security through private (symmetric) key Server may require client authentication using public-key techniques

29 Encryption Solutions (cont’d.)
Secure HTTP (S-HTTP) (cont’d.) Establishing secure session SSL carries out client-server handshake exchange to set up secure communication S-HTTP sets up security details with special packet headers exchanged in S-HTTP Headers define security technique type Header exchanges state: Which specific algorithms that each side supports Whether client or server (or both) supports algorithm Whether security technique required, optional, refused

30 Encryption Solutions (cont’d.)
Secure HTTP (S-HTTP) (cont’d.) Secure envelope (complete package) Encapsulates message Provides secrecy, integrity, and client/server authentication

31 Ensuring Transaction Integrity with Hash Functions
Integrity violation Message altered while in transit Difficult and expensive to prevent Security techniques to detect Harm: unauthorized message changes undetected Apply two algorithms to eliminate fraud and abuse Hash algorithms: one-way functions No way to transform hash value back Message digest Small integer summarizing encrypted information

32 Ensuring Transaction Integrity with Digital Signatures
Hash functions: potential for fraud Solution: sender encrypts message digest using private key Digital signature Encrypted message digest (message hash value) Digital signature provides: Integrity, nonrepudiation, authentication Provide transaction secrecy Encrypt entire string (digital signature, message) Digital signatures: same legal status as traditional signatures

33 FIGURE 10-10 Sending and receiving a digitally signed message

Download ppt "Electronic commerce Threats"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Electronic Commerce Security Presented by: Chris Brawley Chris Avery.

Electronic Commerce Security Presented by: Chris Brawley Chris Avery.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Implementing Electronic Commerce Security

Implementing Electronic Commerce Security
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
Chapter 10: Electronic Commerce Security

Chapter 10: Electronic Commerce Security
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Implementing Security for Electronic Commerce

Implementing Security for Electronic Commerce
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Similar presentations

Ads by Google