Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography and Network Security

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Confidentiality and Privacy Controls

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Security+ Guide to Network Security Fundamentals

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Supporting Technologies III: Security 11/16 Lecture Notes.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

CIS 1310 – HTML & CSS 12 E-Commerce Overview. CIS 1310 – HTML & CSS Learning Outcomes  Define E-commerce  Identify Benefits & Risks of E-Commerce 

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.

每时每刻可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Web Security : Secure Socket Layer Secure Electronic Transaction.

Types of Electronic Infection

Chapter 21 Distributed System Security Copyright © 2008.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Authentication 3: On The Internet. 2 Readings URL attacks

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

1 Thuy, Le Huu | Pentalog VN Web Services Security.

Digital Signatures and Digital Certificates Monil Adhikari.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

BY GAWARE S.R. DEPT.OF COMP.SCI

Presentation transcript:

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

EBUSSJan Damsgaard, Introduction u Communications over Internet by default open and uncontrolled u Data can be seen and changed on the way u No means to know who is exactly doing what (service knows only IP address), anonymity and masquerade u No means to ensure that both parties know that a transaction has been completed and if not what is its state

EBUSSJan Damsgaard, Concerns u Primary concerns for E-business –Confidentiality: who gets to read data and conceal it –Integrity: data is changed in a specified manner and not deleted or altered during transfer –Availability: ensure continued access to information and resources –Non-repudiation: capability to identify legal persons and transactions in a trustful way –Legitimate use: data is not used for other or exterior purposes –Ease of use: User should not be controlled or use should not be too difficult

EBUSSJan Damsgaard, What we are looking for u Confidentiality t an envelope to prevent snooping u Integrity t a seal to ensure the message hasn’t been changed u Non-repudiation and authentication t the signature of the sender u Authentication of the recipient t no one else can open it but the intended recipient

EBUSSJan Damsgaard, Private Key Encryption or Symmetric Key Encryption u Both Sender and Receiver know the same key –Lock box to which people share keys u Challenge –How to secretly share the key?

EBUSSJan Damsgaard, Public Key Encryption u Two mathematically related keys –publication of one key provides no information about the other t one is kept secret t one is widely publicized –anything encrypted using the secret key can only be decrypted by using the public one, and vice versa

EBUSSJan Damsgaard, RSA (RivestShamirAdleman) u Authentication –encrypted with the secret key –decrypted with the public key, anyone can verify u Integrity: Virtual sealed envelope –encrypted with the public key and widely broadcast –unreadable to all but holder(s) of the secret key

Clear text message from Professor requesting a conference with Penelope. Because the professor encrypted the message with her private key, Penelope can be assured that the message really is from that professor by decrypting it with the professor’s public key. Professor’s Private Key Professor’s Public Key Sender - ProfessorReceiver - Penelope Encoded Message Transmitted Message decrypt encrypt Clear text message from Professor requesting a conference with Penelope.

Message from Professor requesting a conference with Penelope and disclosing her grade. By encrypting the message with the professor’s private key and Penelope’s publicly available key, Penelope can be assured that the message really is from that professor and that no one else can read the message containing her grade. Sender - ProfessorReceiver - Penelope Professor’s Private Key Professor’s Public Key Penelope’s Public Key Penelope’s Private Key encrypt Double encoded message Transmitted Message decrypt Message from Professor requesting a conference with Penelope and disclosing her grade. encrypt

EBUSSJan Damsgaard, Encryption Strengths u Weak –Password protected text documents. Can be broken with simple tools. u Robust –Using symmetric encryption technologies one can create robust encryption, but the weakness lies in the transmission of the key u Strong –Using public key infrastructure you can transmit the key over networks u Unbreakable –One-time pads. This systems uses a key that is as long as the message itself and and only be decrypted with the pad it has been encrypted on

EBUSSJan Damsgaard, Good Encryption Characteristics u 128 bit key length u Key management policies –Minimal Transmission Time –Compression Then Encryption –Trade-Off More Compression equals More Processing Time versus Less Data equals Faster Encryption

EBUSSJan Damsgaard, Digital Signatures u Digital Signatures - the private key of the sender is used to compute a message digest, similar to a hash code u Certification Authority - a trusted entity that issues and revokes public key certificates and certificate revocation lists

EBUSSJan Damsgaard, Public Certification Authority Individual Generate own key pair Keep private key Public CA Verify Individual Issue Certificate Maintain public key & certificate Provide key generating software Proof of identification Certificate

Certificate Authority Internet Merchant bearing a certificate Customer Visits merchant’s storefront & decides to make a purchase 1 Contacts certificate authority to verify the legitimacy of the storefront 2 Provides information for purchase 3 Contacts certificate authority to verify the legitimacy of the customer 4

EBUSSJan Damsgaard, Use of SSL (https) u Secure Socket Layer (SSL) was developed to provide security through encryption. Using SSL allows businesses to safely conduct e-Commerce, u The price for security is reduced server performance and increased infrastructure demands. u Common SSL sessions: –Shopping cart check out (B2C, B2B, C2C) –Intranet (Internal Corporate Network) –Extranet (Corporate partners)

Network Usage with SSL increase in network usage with SSL Each transaction requires more processing power increase in network usage with SSL Each transaction requires more processing power Client Server Request Data Transfer Standard Transaction: Request Server Public Key Client Server Session Key Encrypted Data Transfer Encryption Decryption Secure Transaction:

ConcernTechnological Solution Confidentiality Cryptography Strong authentication Integrity Cryptography Strong authentication Firewalls Availability Firewalls Trusted operating systems Non-repudiation Digital Signatures Trusted third party verification Smart cards Event logs, time stamping Legitimate use Authorization system Authentication Ease of use System configuration Means to log and maintain passwords Integrated solutions (smartcards, telephones) Biometric techniques

EBUSSJan Damsgaard, Conclusions u All major concerns can be addressed with technologies: the issue is balancing cost, and the business impact with the required level of concern u Conflicting and multiple goals, goals of different stakeholders u Problems how to integrate the solutions and manage them across diverse platforms u Obtain knowledge, skills and resources to do it u How to make management aware: ignorance vs. overkill