E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: 102088 March 10, 2001.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

CP3397 ECommerce.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Computer and Network Security Risanuri Hidayat, Ir., M.Sc.
Chapter 8 Web Security.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
Supporting Technologies III: Security 11/16 Lecture Notes.
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
CIS 1310 – HTML & CSS 12 E-Commerce Overview. CIS 1310 – HTML & CSS Learning Outcomes  Define E-commerce  Identify Benefits & Risks of E-Commerce 
Secure Electronic Transaction (SET)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Types of Electronic Infection
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Jump to first page Internet Security in Perspective Yong Cao December 2000.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Cryptography and Network Security
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
BY GAWARE S.R. DEPT.OF COMP.SCI
Cryptography and Network Security
The Secure Sockets Layer (SSL) Protocol
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001

E-Commerce Security Much of the media coverage around the dangers of using a credit card on the internet centers around the interception of data being passed from the customer to the web store. In reality, the greatest risk arises from the theft of data from the web store's server after it has been transmitted, either by a hacker or a dishonest employee.

E-Commerce Security If you are storing sensitive information on a server that is connected to the internet, then ensure it is protected with a firewall. As an added precaution, whether you are building your own SSL-protected forms to capture credit card information or you are using a commercial e-commerce product, always make sure that credit card numbers and other sensitive information is encrypted if it is stored in your local system.

E-Commerce Security Security Issue Encryption Security Sockets Layer(SSL) Security Electronic Transaction(SET) The Keys to Safe Shopping

Security Issue Confidentiality Integrity Authenticity Non-Repudiability Privacy

Encryption (1) plaintext cryptographic algorithm or cipher key ciphertext

Encryption (2) Types of an encrytion system:  Secret-key encryption  Public-key encryption

Secret-key encryption some limitations  key distribution  inability to support non-repudiation  not suitable for web commerce

Public-key encryption (1) asymmetric encryption Privacy is ensured by encoding a message with the public key as it can only be decoded by the holder of the private key.

Public-key encryption (2) Privacy is ensured by encoding a message with the private key as it can only be decoded by the holder of the public key. One disadvantage of the public-key system is that it is relatively slow. not desirable to encrypt the too long message.

Digital signatures implemented through public-key encryption and are used to verify the origin and contents of a message. passing the message through a one-way cryptographic function to calculate the message digest(small). quickly encrypted with the private key to produce a signature which is then added to the original message. Authentication can be further strengthened by the use of digital certificates.

Digital certificates Use a trusted third party or certificate authority (CA). Owners of public keys submit them to a CA along with proof of identity and the CA then digitally signs and issues a certificate which verifies that the public key attached to the certificate belongs to the party stated.

Secure Sockets Layer(1) Currently the most widely used method for performing secure transactions SSL is secret-key encryption nested within public-key encryption, authenticated through the use of certificates. The client and server exchange public keys; Client generates a private encryption key (session key ) Encrypts the session key with the server's public key and sends it to the server

Secure Sockets Layer(2) Client and the server can use the session key for private- key encryption An SSL connection is sent through the HTTPS protocol HTTPS stands for Secure Hypertext Transfer Protocol HTTPs =Encryption+ HTTP  HTTPS is a version of HTTP using a Secure Socket Layer (SSL).

Secure Sockets Layer(3) Client sends a request for a document to be transmitted using the HTTP protocol Server sends its certificate the client Client checks if the certificate was issued by a Certificate Authority it trusts Client compares the information in the certificate with the information it just received concerning the site Client tells the server what ciphers, or encryption algorithms, it can communicate with

Secure Sockets Layer(4) Server chooses the strongest common cipher and informs the client Client generates a private key using the agreed cipher Client encrypts the session key using the server’s public key and sends it to the server Server receives the encrypted session key and decrypts it with its private key Client and the server then use session key for the rest of the transaction

Secure Electronic Transactions(SET) SET is a protocol for enabling secure credit card transactions on the Internet. Uses digital certificates to ensure the identities of all parties involved in a purchase and encrypts credit card information before sending it across the Internet Two kinds of private information to be included in a single, digitally signed transaction.

Secure Electronic transactions(SET) Three parts to the SET system:  a software "wallet" on the user's computer;  commerce server that runs at the merchant's Web site;  the payment server that runs at the merchant's bank.

Keys to Safe Shopping Digital Certificates: represent the heart of secure electronic transaction Public Key Encryption: publish in a sort of directory available to all Digital Signature: provides a way to associate the message with the sender, and is the cyberspace forum of “signing” for your purchases

Conclusions(1) Various security threats may hinder the healthy growth of the Internet. One of the biggest foes of the E-commerce is the Internet security concern. Security is considered achieved when it has the components of confidentiality, integrity, authenticity, non-repudiability, access control and audit trials.

Conclusions(2) The types of security problems include unauthorized access, user misrepresents identity, access to unauthorized data, data intercepted, read or modified, virus attacks, hacker attacks.

Conclusions(3) Widely security control measures:  Cryptography, digital signature, certificates of authority, and so on.

Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.