Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security of E-commerce

Published byRoberta Tyler Modified over 6 years ago

Similar presentations

Presentation on theme: "Security of E-commerce"— Presentation transcript:

1 Security of E-commerce

2 What is computer security??
Computer security in general refers to the protection of data, networks, computer programs, computer power, and other elements of computerized information systems.

3 What is EC Security?? EC Security involves: -prevention, or at least minimization of the web attacks -encryption of information -protection of users (customers, visitors, byers)

4 Security risks 2014 and 2015 (IBM, 2014)
Cyberespionage and cyberwars are growing threats. Attacks are now also against mobile assets, including on smartphones, tablets, and other mobile devices. Enterprise mobile devices are a particular target. Attacks on social networks and social software tools. User-generated content is a major source of malware. Attacks on BYOD (“Bring Your Own Device”). Identity theft is exploding, increasing the criminal use of the stolen identities. Profit motive – as long as cybercriminals can make money, security threats and phishing attacks, will continue to grow. Social engineering tools such as phishing via are growing rapidly. Cybergang consolidation – underground groups are multiplying and getting bigger, especially in Internet fraud and cyberwars. Business-oriented spam (including imagebased spam). Attacks using spyware (e.g., using Denial-of- Service method). Attacks on new technologies such as cloud computing and virtualization. Attacks on Web and mobile applications (apps).

5 TYPES OF ATTACKS Cyber attacks can be classified into two major interrelated categories: Corporate espionage. Many attacks target energy-related companies because their inside information is valuable (McAfee 2011 ) Political espionage and warfare. Political espionage and cyberwars are increasing in magnitude.

6 EC Security Requirements
Authentication is a process used to verify (assure) the real identity of an EC entity, which could be an individual, software agent, computer program, or EC website. Authorization is the provision of permission to an authenticated person to access systems and perform certain operations in those specific systems. Auditing. When a person or program accesses a website or queries a database, various pieces of information are recorded or logged into a file. The process of maintaining or revisiting the sequence of events during the transaction, when,and by whom, is known as auditing.

7 Availability. Assuring that systems and
information are available to the user when needed Nonrepudiation. Closely associated with authentication is nonrepudiation , which is the assurance that online customers or trading partners will not be able to falsely deny (repudiate) their purchase, transaction, sale,

8 Factors that convert consumers who browse online into consumers who buy online:
security price comparative information searchability ease of ordering delivery time product presentation

9 Possible threats hacking viruses denial of service

10 Security is complex problem
Communication HW SW Security Procceses Personal (internal and external employees, hackers) Physical (fire, water…)

11 Software and hardware security

12 Technical security attack methods
Malware Unauthorized access Denial of Service Spam and spyware Hijacking servers Botnets (malicious SW to hijack number of different computers) Maladvertising

13 Non-technical threats
Phishing is a fraudulent process of acquiring confi dential information, such as credit card or banking details, from unsuspecting computer users. Pharming. Similarly to phishing, pharming is a scam where malicious code is installed on a computer and used to redirect victims to a bogus websites without their knowledge or consent

14

15 security and privacy elements
Authenticity Integrity Non-repudiation Auditing Confidentiality Availability

16 The methods by which a human can authenticate
Something the user is (e.g., fingerprint or retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), voice pattern (again several definitions), signature recognition or other biometric identifier) Something the user has (e.g., ID card, security token, software token or cell phone) (e.g. Digipass from VASCO, or RSA) Something the user knows (e.g., a password, a pass phrase or a personal identification number (PIN))

17 Example of security card and key

18 Methods Cryptography or cryptology is a field of mathematics and computer science concerned with information security and related issues, particularly encryption and authentication.

19 Encryption Decryption
obtained message transfered message plain message encrypted message nosy parker decryption encryption

20 The Ancient Greek scytale may have been one of the earliest devices used to implement a cipher.

21 The Enigma machine, used by Germany in World War II, implemented a complex cipher to protect sensitive communications.

22 Modern cryptography Symmetric-key cryptography Public-key cryptography

23 Symmetric-key cryptography
Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related cryptographic keys for both decryption and encryption

24 SYMMETRIC KEY ENCRYPTION

25 Public-key cryptography
Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key. This is done by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically

26 digital signatures secret key Original text hash function
signed document

27 Creating and veryfing a digital signature:
encrypt digital signature + plain message using recipients public key Plain message Create digest (hash) from message Transmit through internet Digest Encrypt digets using senders private key Decrypt encrypted digital signature and encrypted message using recipients private key Digital signature Plain message Digital signature Dencrypt digital siganature using senders public key Create digest (hash) from message Digest Digest

28 In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CA's are characteristic of many public key infrastructure (PKI) schemes

Download ppt "Security of E-commerce"

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 10 E-Commerce Security.

Chapter 10 E-Commerce Security.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

Similar presentations

Ads by Google