Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School"— Presentation transcript:

1 Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School http://www.cbs.dk/staff/damsgaard/

2 EBUSSJan Damsgaard, 20042 Introduction u Communications over Internet by default open and uncontrolled u Data can be seen and changed on the way u No means to know who is exactly doing what (service knows only IP address), anonymity and masquerade u No means to ensure that both parties know that a transaction has been completed and if not what is its state

3 EBUSSJan Damsgaard, 20043 Concerns u Primary concerns for E-business –Confidentiality: who gets to read data and conceal it –Integrity: data is changed in a specified manner and not deleted or altered during transfer –Availability: ensure continued access to information and resources –Non-repudiation: capability to identify legal persons and transactions in a trustful way –Legitimate use: data is not used for other or exterior purposes –Ease of use: User should not be controlled or use should not be too difficult

4 EBUSSJan Damsgaard, 20044 What we are looking for u Confidentiality t an envelope to prevent snooping u Integrity t a seal to ensure the message hasn’t been changed u Non-repudiation and authentication t the signature of the sender u Authentication of the recipient t no one else can open it but the intended recipient

5 EBUSSJan Damsgaard, 20045 Private Key Encryption or Symmetric Key Encryption u Both Sender and Receiver know the same key –Lock box to which people share keys u Challenge –How to secretly share the key?

6 EBUSSJan Damsgaard, 20046 Public Key Encryption u Two mathematically related keys –publication of one key provides no information about the other t one is kept secret t one is widely publicized –anything encrypted using the secret key can only be decrypted by using the public one, and vice versa

7 EBUSSJan Damsgaard, 20047 RSA (RivestShamirAdleman) u Authentication –encrypted with the secret key –decrypted with the public key, anyone can verify u Integrity: Virtual sealed envelope –encrypted with the public key and widely broadcast –unreadable to all but holder(s) of the secret key

8 Clear text message from Professor requesting a conference with Penelope. Because the professor encrypted the message with her private key, Penelope can be assured that the message really is from that professor by decrypting it with the professor’s public key. Professor’s Private Key Professor’s Public Key Sender - ProfessorReceiver - Penelope Encoded Message Transmitted Message decrypt encrypt Clear text message from Professor requesting a conference with Penelope.

9 Message from Professor requesting a conference with Penelope and disclosing her grade. By encrypting the message with the professor’s private key and Penelope’s publicly available key, Penelope can be assured that the message really is from that professor and that no one else can read the message containing her grade. Sender - ProfessorReceiver - Penelope Professor’s Private Key Professor’s Public Key Penelope’s Public Key Penelope’s Private Key encrypt Double encoded message Transmitted Message decrypt Message from Professor requesting a conference with Penelope and disclosing her grade. encrypt

10 EBUSSJan Damsgaard, 200410 Encryption Strengths u Weak –Password protected text documents. Can be broken with simple tools. u Robust –Using symmetric encryption technologies one can create robust encryption, but the weakness lies in the transmission of the key u Strong –Using public key infrastructure you can transmit the key over networks u Unbreakable –One-time pads. This systems uses a key that is as long as the message itself and and only be decrypted with the pad it has been encrypted on

11 EBUSSJan Damsgaard, 200411 Good Encryption Characteristics u 128 bit key length u Key management policies –Minimal Transmission Time –Compression Then Encryption –Trade-Off More Compression equals More Processing Time versus Less Data equals Faster Encryption

12 EBUSSJan Damsgaard, 200412 Digital Signatures u Digital Signatures - the private key of the sender is used to compute a message digest, similar to a hash code u Certification Authority - a trusted entity that issues and revokes public key certificates and certificate revocation lists

13 EBUSSJan Damsgaard, 200413 Public Certification Authority Individual Generate own key pair Keep private key Public CA Verify Individual Issue Certificate Maintain public key & certificate Provide key generating software Proof of identification Certificate

14 Certificate Authority Internet Merchant bearing a certificate Customer Visits merchant’s storefront & decides to make a purchase 1 Contacts certificate authority to verify the legitimacy of the storefront 2 Provides information for purchase 3 Contacts certificate authority to verify the legitimacy of the customer 4

15 EBUSSJan Damsgaard, 200415 Use of SSL (https) u Secure Socket Layer (SSL) was developed to provide security through encryption. Using SSL allows businesses to safely conduct e-Commerce, u The price for security is reduced server performance and increased infrastructure demands. u Common SSL sessions: –Shopping cart check out (B2C, B2B, C2C) –Intranet (Internal Corporate Network) –Extranet (Corporate partners)

16 Network Usage with SSL increase in network usage with SSL Each transaction requires more processing power increase in network usage with SSL Each transaction requires more processing power Client Server Request Data Transfer Standard Transaction: Request Server Public Key Client Server Session Key Encrypted Data Transfer Encryption Decryption Secure Transaction:

17 ConcernTechnological Solution Confidentiality Cryptography Strong authentication Integrity Cryptography Strong authentication Firewalls Availability Firewalls Trusted operating systems Non-repudiation Digital Signatures Trusted third party verification Smart cards Event logs, time stamping Legitimate use Authorization system Authentication Ease of use System configuration Means to log and maintain passwords Integrated solutions (smartcards, telephones) Biometric techniques

18 EBUSSJan Damsgaard, 200418 Conclusions u All major concerns can be addressed with technologies: the issue is balancing cost, and the business impact with the required level of concern u Conflicting and multiple goals, goals of different stakeholders u Problems how to integrate the solutions and manage them across diverse platforms u Obtain knowledge, skills and resources to do it u How to make management aware: ignorance vs. overkill

Download ppt "Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Similar presentations

Ads by Google