2. Electronic Commerce COMP3210 Dr. Paul Walcott 08/11/04 The Department of Computer Science Mathematics and Physics, University of the West Indies, Cave Hill Campus, Barbados

3. Contents Online Security Issues Client computer security Communication Channel Security Server Computer Security

4. Man-in-The-Middle Exploit Imagine sending an important containing valuable information to a colleague A person intercepts this email and changes its contents The intended recipient receives the email and acts on the wrong information. This is called the man-in-the-middle exploit

5. Definitions We first list a number of important definitions [Sch2004]: Computer security is the protection of assets from unauthorized access, use, alteration or destruction Physical security includes tangible protection devices, such as alarms, guards, fireproof doors, and safes Protection of assets using nonphysical means is called logical security

6. Definitions (I) A security threat is any act or object that poses a danger to computer assets Countermeasure is the general name for a procedure, either physical or logical, that recognises, reduces, or eliminates a threat An eavesdropper is a person or device that can listen in on and copy Internet transmissions Crackers/hackers are people who write software to gain unauthorised access to computers and networks

7. Physical Security In the old days (50 years ago), computer security was more about physical security Security guards Security badges Alarm systems Surveillance systems All terminals tended to be dumb and computers were not networked

8. Managing Risk It does not make sense to protect against threats that are deemed low risk – especially if the cost to protect the asset exceeds the cost of the asset Example: it would be sensible to protect a network from a hurricane in Barbados, but not protect it from low (below 0 degrees) temperatures

9. Risk Management Model Contain and control I III Ignore Prevent II IV Insurance or backup plan High probability Low probability Low impact (cost) High impact (cost)

10. Risk Management Model (I) This model shows four actions an organisation can take depending on the cost and probability of the physical threat In this model The threat posed by a hurricane in Barbados would be in quadrant II The threat posed by temperatures dropping below freezing would be in quadrant IV

11. Good Security Schemes To implement a good security scheme you must Identify risks Determine how to protect those assets at risk Calculate the amount to spend to protect against the identified risks

12. Computer Security Classifications There three main security classifications: Secrecy Protecting against unauthorised access Integrity Protecting against unauthorised modification Necessity (denial of service/or avaliability) Preventing data delays or denials (removals); e.g. if important information had to be received at a given time but a hacker delayed it by flooding an e-mail sever with email

13. Security Policy Every company concerned about protecting its assets should have a security policy This is a document which describes Which assets require protection and why The person who is responsible for protecting it And which behaviours are permissible and which are not

14. Security Policy (I) The security policy typically addresses: Physical security Network security Access authorisation Virus protection And disaster recovery This document should be updated regularly

15. Requirements for Secure E- commerce Secrecy Prevent unauthorised individuals from reading messages and business plans, obtaining credit card numbers or accessing confidential information Integrity Provide a way of digitally determining whether information has been altered Availability Provide delivery assurance for each message so that a loss will not go undetected

16. Requirements for Secure E- commerce Key Management All key information must be distributed and managed securely Nonrepudiation Provide undeniable, end-to-end proof of each message’s origin and recipient Authentication Securely identify clients and servers with digital signature and certificates

17. Client Computer Security This section outlines security threats that may occur on client computers how they work and how to protect against them

18. Active Content Active content refers to programs that are embedded transparently in Web pages that cause actions to occur [Sch2004] E.g. displaying moving graphics and downloading and playing audio In e-commerce it is used to place items in a shopping cart and compute total invoice amounts

19. Active Content (I) Active content also extends HTML functionality Since they are programs that run on client computers they pose a security risk

20. Active Content (II) The best known examples are: Cookies Java applets JavaScript VBScript ActiveX controls Other examples include graphics, Web browser plug-ins and email attachments

21. Active Content (III) Since active content is embedded in Web pages (e.g. scripting languages) they can be transparent to browsers of the Web page Crackers for example can include a Trojan horse A Trojan horse is a program hidden inside another program or Web page that masks its true purpose

22. Active Content (IV) A Trojan horse could Send private information on the client’s computer back to a server (a secrecy violation) Could alter or erase information on the client’s computer (an integrity violation) Alternatively, a zombie attack is a program that takes over another computer to launch an attack on other computers

23. Cookies and Web Pages Allowing active content to be added to Web Pages used for e-commerce can be dangerous since Cookies (files) frequently store credit card numbers, usernames and passwords Information stored in cookies can be read by the Server computer that stored then there See http://www.cookiecentral.com/

24. Cookies Cookies were designed to solve the problem of the stateless nature of the HTTP protocol To save information between one session and another

25. Cookies There are two types of time duration cookies Session cookies These exist until the Web client ends the session (or connection) Persistent cookies These remain on the client’s computer indefinitely E-commerce uses both types of these cookies

26. Cookies (I) Cookies can also be categorised by source: First-party cookies are cookies put on the client computer by the Web server Third-party cookies are cookies put on the client computer by some other Web site The third-party Web site usually provides some content on the Web site being viewed

27. Cookies (II) These third party Web site can then track visitors from one site to the next (because they have ads and cookies set up on many of these sites)

28. Cookies (III) To protect yourself against cookies (or cookie monsters) is to Disable cookies altogether, however this will stop some sites from functioning correctly Users would have to re-enter information every time they visit the Web site Disable third-party cookies Or use a third-party cookie blocker program that stores cookies selectively

29. Java Applets Applets are downloaded with Web pages and run on client computers Once downloaded Java code can run on the clients computer which introduces a security hole To counteract this Java has a security model called the Java sandbox which prevents applets from performing certain functions Also applets are classified as “untrusted” if they have not been established as being secure

30. Java Applets (I) When running in the sandbox Java applets can not perform file input, output or delete operations This scheme provides secrecy and integrity

31. JavaScript JavaScript is a scripting language developed by Netscape When a Web page is downloaded and contains embedded JavaScript code, it runs on the user’s (client) computer This code can be used to attack the client’s computer destroy a user’s hard disk Disclose email stored in mailboxes Capture information stored in Web forms (e.g. credit card information)

32. JavaScript (I) Try the following JavaScript code: askmeagain(); function askmeagain() { alert("Ouch!"); askmeagain(); }

33. ActiveX Controls An ActiveX control is an object that contains programs Only runs on Windows operating system When downloaded the control is run on the client’s computer like any other program They have full access to system resources Can reformat hard disk Rename or delete files Shut down the computer

34. ActiveX Controls (I) Execution of ActiveX controls can not be halted once started Web browsers can be configured to warn users when ActiveX controls are about to be downloaded

35. Graphics and Plug-ins Graphics, browser plug-ins and email attachments can include executable content Some graphic file formats contain special instructions on how to render the graphic The embedded code can be used to attack your computer Plug-ins enhance your browser’s capabilities but can also pose a threat

36. Viruses, Worms and Antivirus Software A virus is software that attaches itself to another program A macro virus is a type of virus that is coded as a macro A worm is a type of virus that replicates itself on the computer it affects Email attachments may include word processing files, spreadsheets, databases, images which may contain viruses Viruses within Word and Excel macros (Visual Basic for Applications) can damage your computer

37. Viruses, Worms and Antivirus Software Viruses tend to prey on operating system (or Web server) vulnerabilities To counteract viruses Ensure you have installed the latest security patches Ensure that you are running the latest Antivirus software with the latest virus updates

38. Digital Certificates A digital certificate is an attachment to a message which verifies the sender of the message It also provides a means of sending encrypted messages

39. Digital Certificates (I) A digital certificate contains an encrypted message that identifies the author Indicates whether the certificate is valid or not This provides a way to sign a message In many countries including Barbados this is accepted as a signature

40. Digital Certificates (II) Digital certificates are issued by a certification authority (CA) To individuals or organisations Appropriate proof of identity must be provided

41. Digital Certificates (III) A digital certificate contains six main elements [Sch2004]: The certificate’s owner’s identifying information, such as name, organisation and address The certificate owner’s public key Dates between which the certificate is valid Serial number of the certificate Name of the certificate issuer Digital signature of the certificate issuer

42. Digital Certificates (IV) One of the oldest and best know CA is VeriSign

43. Communication Channel Security These threats come from various sources including: Sniffer Programs Backdoors CyberVandalism Masquerading or Spoofing Denial-of-Service

44. Sniffer Programs These programs provide a means of recording packets passing through a computer or router It is similar to telephone line tapping Sniffer programs can Read email messages Read user logins and passwords Read credit card numbers

45. Backdoors Some e-commerce programs contain backdoors These backdoors are left intentionally or unintentionally by software developers Backdoors provide a way for an unauthorised user to gain access to protected information including: Credit card information Proprietary company information (which could be sold for millions to competitors)

46. CyberVandalism This is the electronic defacing of Web site pages Replace regular content It’s parallel is the spraying of graffiti on public property

47. Masquerading or Spoofing This is when a person impersonates someone else E.g. pretending that a Web site belongs to someone else, when it does not On a domain name server a perpetrator might use a security hole in order to change the IP address of a given Web page Any order entered on this new page could then be modified (e.g. change the shipping address of the goods) and the modified order sent to the original Web site.

48. Denial-of-Service Threat This threat disrupts normal computer processing For example a zombie computer was used to flood a Web site with packets This prevented legitimate users from using the Web site This also may lead to a loss in business

49. Communication Channel Security (I) Solutions are provided in the form of (discussed in the next section): Symmetric Encryption Asymmetric Encryption Digital Signatures Message Hashing Digital Certificates Secure Socket Layer

50. Server Computer Security Server vulnerabilities come from Web servers and their software Backend programs such as Databases programs

51. Web Server Threats The more complex this software the more chance it contains errors which might lead to vulnerabilities A Web server can compromise secrecy if it allows automatic directory listings Passwords users select could be a threat since a dictionary attack might reveal it

52. Database Threats These databases store confidential information Some databases store username/passwords in unencrypted tables, or do not enforce security at all

53. Other Threats Threats may arise when programs are executed by the server E.g. buffer overrun or buffer overflow Buffers can overflow into critical memory locations causing the Web server to run an attacker’s program Mail bombs cause mail servers to malfunction by overloading them with email

54. Physical Security All Web servers and associated machines require physical protection Backup servers and store at remote locations The use of fingerprint readers, and biometric security help provide physical security Writing pads that measure the pressure and form of hand writing Eye scanners Palm scanners (entire palm rather than single finger)

55. Access Control Only allow permitted users to access services. This can be controlled through Digital certificates Ensure the digital signature is valid Check the time stamp on the digital certificate Usernames and passwords

56. Firewalls For information on firewalls see: http://scitec.uwichill.edu.bb/cmp/online/co mp3210/presentations/AntonioArthur.ppt http://scitec.uwichill.edu.bb/cmp/online/co mp3210/presentations/AntonioArthur.ppt

57. References [Sch2004] Schneider, Gary, P., “Electronic Commerce: The second wave”, Thomson Course Technology, Fifth Annual Edition, 2004