Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2010 Pearson Education, Inc.Copyright © 2007 Pearson Education, Inc. Slide 1-1 ELC 200 Day 10.

Published byScot Welch Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 2010 Pearson Education, Inc.Copyright © 2007 Pearson Education, Inc. Slide 1-1 ELC 200 Day 10."— Presentation transcript:

1 Copyright © 2010 Pearson Education, Inc.Copyright © 2007 Pearson Education, Inc. Slide 1-1 ELC 200 Day 10

2 Agenda Questions? Finish Online Security and payment systems Assignment 3 Due Assignment 4 posted  Assignment4.pdf Assignment4.pdf  Due October 18 @11:05 AM Exam 1 covering chaps 1-5 will be on Thursday, October 14  20 M/C, 4-5 short essay and one extra credit question  Extra Credit is about the infamous hacker MafiaBoy  On Blackboard  Open book, open notes  One hour

3 Reminder Students are having difficulty with the course concepts and skills should first seek assistance from the course instructor. The course instructor will attempt to find additional resources to assist student learning. Seeking assistance from fellow students is not encouraged unless that student has been designated as a subject matter tutor by the Academic and Counseling Service (834-7530) or vetted by the course instructor as capable of tutoring for this course. Overall, it is essential to keep the instructor informed of your progress as well as any difficulties you may be experiencing. Students are expected to maintain the highest standards of academic integrity. Behavior that violates these standards is not acceptable. Examples are the use of unauthorized material, communication with fellow students during an examination, attempting to benefit from the work of another student and similar behavior that defeats the intent of an examination or other class work. Cheating on examinations, plagiarism, improper acknowledgment of sources in essays, and the use of a single essay or paper in more than one course without permission are considered very serious offenses and shall be grounds for disciplinary action as outlined in the current UMFK Catalog. Students who produce nearly identical work products for grading will be suspect of violation of the UMFK Student Integrity Policy. Copyright © 2010 Pearson Education, Inc. Slide 5-3

4 Copyright © 2010 Pearson Education, Inc.Copyright © 2009 Pearson Education, Inc. Slide 5-4 Chapter 5 Online Security and Payment Systems

5 Copyright © 2010 Pearson Education, Inc. Tools Available to Achieve Site Security Figure 5.7, Page 287 Slide 5-5

6 Copyright © 2010 Pearson Education, Inc. Encryption  Transforms data into cipher text readable only by sender and receiver  Secures stored information and information transmission  Provides 4 of 6 key dimensions of e-commerce security: 1. Message integrity 2. Nonrepudiation 3. Authentication 4. Confidentiality Slide 5-6

7 12-7 © 2007 Prentice-Hall, Inc What Is Encryption? A way to transform a message so that only the sender and recipient can read, see, or understand it Plaintext (cleartext): the message that is being protected Encrypt (encipher): transform a plaintext into ciphertext Encryption: a mathematical procedure that scrambles data so that it is extremely difficult for anyone other than authorized recipients to recover the original message Key: a series of electronic signals stored on a PC’s hard disk or transmitted as blips of data over transmission lines  Plaintext + key = Ciphertext  Ciphertext – key = Plaintext

8 12-8 © 2007 Prentice-Hall, Inc Symmetric Key Encryption Message “Hello” Encryption Method & Key Symmetric Key Party A Party B Interceptor Network Encrypted Message Encryption uses a non-secret encryption method and a secret key

9 12-9 © 2007 Prentice-Hall, Inc Simple example (encrypt) Every letter is converted to a two digit number  A=1, Z = 26  ANTHONY  01 14 20 08 15 14 25  Produce any 4 digit key  3654 (10 N -1 choices = 9,999)  Add together in blocks of 4 digits  0114 + 3654 = 3768  2008 + 3654 = 5662  1514 + 3654 = 5168  2500 + 3654 = 6154 (pad with 00 to make even) Send 3768566251686154 to fellow Spy

10 12-10 © 2007 Prentice-Hall, Inc Simple example (Decrypt) Received 3768566251686154 from fellow Spy  Break down in 4 digits 3768 5662 5168 6154  Get right Key  3654  Subtract key from blocks of 4 digits  3768 - 3654 = 114  5662 - 3654 = 2008  5168 - 3654 = 1514  6154 - 3654 = 2500  If result is negative add 10000 Break down to 2 digits and decode  01 = A, 14 =N, 20 = T, 08 = H

11 Copyright © 2010 Pearson Education, Inc. Symmetric Key Encryption Sender and receiver use same digital key to encrypt and decrypt message Requires different set of keys for each transaction  The more often you use the same key the more likely it will be discovered Strength of encryption  Length of binary key used to encrypt data Advanced Encryption Standard (AES)  Most widely used symmetric key encryption  Uses 128-, 192-, and 256-bit encryption keys Other standards use keys with up to 2,048 bits Slide 5-11

12 Copyright © 2010 Pearson Education, Inc. Public Key Encryption Uses two mathematically related digital keys 1. Public key (widely disseminated) 2. Private key (kept secret by owner) Both keys used to encrypt and decrypt message Once key used to encrypt message, same key cannot be used to decrypt message Sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it Slide 5-12

13 Copyright © 2010 Pearson Education, Inc. Public Key Cryptography—A Simple Case Figure 5.8, Page 290 Slide 5-13

14 12-14 © 2007 Prentice-Hall, Inc Public Key Encryption Public Key Encryption for Confidentiality Encrypted Message Encrypted Message Party A Party B Encrypt with Party B’s Public Key Decrypt with Party B’s Private Key Decrypt with Party A’s Private Key Encrypt with Party A’s Public Key Note: Four keys are used to encrypt and decrypt in both directions

15 Copyright © 2010 Pearson Education, Inc. Public Key Encryption Using Digital Signatures and Hash Digests Hash function:  Mathematical algorithm that produces fixed-length number called message or hash digest Hash digest of message sent to recipient along with message to verify integrity Hash digest and message encrypted with recipient’s public key Entire cipher text then encrypted with recipient’s private key—creating digital signature—for authenticity, nonrepudiation Slide 5-15

16 12-16 © 2007 Prentice-Hall, Inc Digital Signature: Sender DS Plaintext MD Hash Sign (Encrypt) MD with Sender’s Private Key To Create the Digital Signature: 1.Hash the plaintext to create a brief message digest; This is NOT the digital signature 2. Sign (encrypt) the message digest with the sender’s private key to create the digital Signature

17 12-17 © 2007 Prentice-Hall, Inc Digital Signature Sender Receiver DSPlaintext Add Digital Signature to Each Message Provides Message-by-Message Authentication Encrypted for Confidentiality

18 12-18 © 2007 Prentice-Hall, Inc Digital Signature Sender Encrypts Receiver Decrypts Send Plaintext plus Digital Signature Encrypted with Public key of receiver DSPlaintext Transmission

19 12-19 © 2007 Prentice-Hall, Inc Digital Signature: Receiver DSReceived Plaintext MD 1. Hash 2. Decrypt with True Party’s Public Key 3. Are they Equal? 1. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest 2. Decrypt the digital signature with the sender’s public key. This also should give the message digest. 3. If the two match, the message is authenticated; The sender has the true Party’s private key

20 Copyright © 2010 Pearson Education, Inc. Public Key Cryptography with Digital Signatures Figure 5.9, Page 291 Slide 5-20

21 Copyright © 2010 Pearson Education, Inc. Digital Envelopes Addresses weaknesses of:  Public key encryption Computationally slow, decreased transmission speed, increased processing time  Symmetric key encryption Insecure transmission lines Uses symmetric key encryption to encrypt document Uses public key encryption to encrypt and send symmetric key Slide 5-21

22 Copyright © 2010 Pearson Education, Inc. Creating a Digital Envelope Figure 5.10, Page 293 Slide 5-22

23 Man in the Middle Attack Copyright © 2010 Pearson Education, Inc. Slide 5-23

24 12-24 © 2007 Prentice-Hall, Inc Public Key Deception Impostor “I am the True Person.” “Here is TP’s public key.” (Sends Impostor’s public key) “Here is authentication based on TP’s private key.” (Really Impostor’s private key) Decryption of message from Verifier encrypted with Impostor’s public key, so Impostor can decrypt it Verifier Must authenticate True Person. Believes now has TP’s public key Believes True Person is authenticated based on Impostor’s public key “True Person, here is a message encrypted with your public key.” Critical Deception

25 Copyright © 2010 Pearson Education, Inc. Slide 5-25 http://swiki.fromdev.com/2009/11/ssl-is-not-secure-anymore-serious.html

26 12-26 © 2007 Prentice-Hall, Inc Digital Signatures and Digital Certificates Public key authentication requires both a digital signature and a digital certificate to give the public key needed to test the digital signature DSPlaintext Applicant Verifier Certificate Authority Digital Certificate: True Party’s Public Key

27 Copyright © 2010 Pearson Education, Inc. Digital Certificates and Public Key Infrastructure (PKI) Digital certificate includes:  Name of subject/company  Subject’s public key  Digital certificate serial number  Expiration date, issuance date  Digital signature of certification authority (trusted third party institution) that issues certificate Public Key Infrastructure (PKI):  CAs and digital certificate procedures that are accepted by all parties Slide 5-27

28 Copyright © 2010 Pearson Education, Inc. Digital Certificates and Certification Authorities Figure 5.11, Page 294 Slide 5-28

29 Copyright © 2010 Pearson Education, Inc. Limits to Encryption Solutions Doesn’t protect storage of private key  PKI not effective against insiders, employees  Protection of private keys by individuals may be haphazard No guarantee that verifying computer of merchant is secure CAs are unregulated, self-selecting organizations Slide 5-29

30 Copyright © 2010 Pearson Education, Inc. Securing Channels of Communication Secure Sockets Layer (SSL):  Establishes a secure, negotiated client-server session in which URL of requested document, along with contents, is encrypted S-HTTP:  Provides a secure message-oriented communications protocol designed for use in conjunction with HTTP Virtual Private Network (VPN):  Allows remote users to securely access internal network via the Internet, using Point-to-Point Tunneling Protocol (PPTP), Uses encryption to protect data Slide 5-30

31 Copyright © 2010 Pearson Education, Inc. Secure Negotiated Sessions Using SSL Figure 5.12, Page 298 Slide 5-31

32 Copyright © 2010 Pearson Education, Inc. Protecting Networks Firewall  Hardware or software that filters packets  Prevents some packets from entering the network based on security policy  Two main methods: 1. Packet filters 2. Application gateways Proxy servers (proxies)  Software servers that handle all communications originating from or being sent to the Internet Slide 5-32

33 Copyright © 2010 Pearson Education, Inc. Firewalls and Proxy Servers Figure 5.13, Page 301 Slide 5-33

34 Copyright © 2010 Pearson Education, Inc. Protecting Servers and Clients Operating system security enhancements  Upgrades, patches  Zero Day Attacks Anti-virus software  Easiest and least expensive way to prevent threats to system integrity  Requires daily updates Slide 5-34

35 Copyright © 2010 Pearson Education, Inc. Management Policies, Business Procedures, and Public Laws U.S. firms and organizations spend 12% of IT budget on security hardware, software, services ($120 billion in 2009) Managing risk includes  Technology  Effective management policies  Public laws and active enforcement Slide 5-35

36 Copyright © 2010 Pearson Education, Inc. A Security Plan: Management Policies Risk assessment Security policy Implementation plan  Security organization  Access controls  Authentication procedures, including biometrics  Authorization policies, authorization management systems Security audit Slide 5-36

37 Copyright © 2010 Pearson Education, Inc. Developing an E-commerce Security Plan Figure 5.14, Page 303 Slide 5-37

38 Copyright © 2010 Pearson Education, Inc. The Role of Laws and Public Policy Laws that give authorities tools for identifying, tracing, prosecuting cybercriminals:  National Information Infrastructure Protection Act of 1996  USA Patriot Act  Homeland Security Act Private and private–public cooperation  CERT Coordination Center  US-CERT Government policies and controls on encryption software OECD (Organization for Economic Cooperation and Development) guidelines Slide 5-38

39 BRIEF HISTORY OF MONEY Barter Medium of Exchange  Tokens  Notational Money  Credit System

40 Copyright © 2010 Pearson Education, Inc. Types of Payment Systems Cash  Most common form of payment in terms of number of transactions  Instantly convertible into other forms of value without intermediation Checking transfer  Second most common payment form in the United States in terms of number of transactions Credit card  Credit card associations  Issuing banks  Processing centers Slide 5-40

41 Check Numbers http://en.wikipedia.org/wiki/Demand_draft http://www.qchex.com/

42 Copyright © 2010 Pearson Education, Inc. Types of Payment Systems Stored Value  Funds deposited into account, from which funds are paid out or withdrawn as needed, e.g., debit cards, gift certificates  Peer-to-peer payment systems Accumulating Balance  Accounts that accumulate expenditures and to which consumers make period payments  E.g., utility, phone, American Express accounts Slide 5-42

43 Copyright © 2010 Pearson Education, Inc. Table 5.6, Page 312 Source: Adapted from MacKie-Mason and White, 1996. Slide 5-43

44 Copyright © 2010 Pearson Education, Inc. E-commerce Payment Systems Credit cards  55% of online payments in 2009 Debit cards  28% of online payments in 2009 Limitations of online credit card payment  Security  Cost to vender and maybe to consumer  Social equity Slide 5-44

45 Copyright © 2010 Pearson Education, Inc. How an Online Credit Transaction Works Figure 5.16, Page 315 Slide 5-45

46 Copyright © 2010 Pearson Education, Inc. E-commerce Payment Systems Digital wallets  Emulates functionality of wallet by authenticating consumer, storing and transferring value, and securing payment process from consumer to merchant  Early efforts to popularize failed  Newest effort: Google Checkout Digital cash (David Chaum)  Value storage and exchange using tokens  Most early examples have disappeared; protocols and practices too complex Slide 5-46

47 Copyright © 2010 Pearson Education, Inc. E-commerce Payment Systems Online stored value systems  Based on value stored in a consumer’s bank, checking, or credit card account  PayPal, smart cards Digital accumulated balance payment  Users accumulate a debit balance for which they are billed at the end of the month Digital checking:  Extends functionality of existing checking accounts for use online Slide 5-47

48 Copyright © 2010 Pearson Education, Inc. Wireless Payment Systems Use of mobile handsets as payment devices well- established in Europe, Japan, South Korea Japanese mobile payment systems  E-money (stored value)  Mobile debit cards  Mobile credit cards Not as well established yet in the United States  Majority of purchases are digital content for use on cell phone Slide 5-48

49 Mobile-specific Transaction Architecture

50 Copyright © 2010 Pearson Education, Inc. Electronic Billing Presentment and Payment (EBPP) Online payment systems for monthly bills 40% + of households in 2009 used some EBPP; expected to grow significantly Two competing EBPP business models: 1. Biller-direct (dominant model) 2. Consolidator Both models are supported by EBPP infrastructure providers Slide 5-50

Download ppt "Copyright © 2010 Pearson Education, Inc.Copyright © 2007 Pearson Education, Inc. Slide 1-1 ELC 200 Day 10."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Copyright © 2013 Pearson Education, Inc.

Copyright © 2013 Pearson Education, Inc.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
E-commerce business. technology. society. Kenneth C. Laudon

E-commerce business. technology. society. Kenneth C. Laudon
E-commerce: business. technology. society.

E-commerce: business. technology. society.
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Chapter 6 E-commerce Payment Systems

Chapter 6 E-commerce Payment Systems
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Copyright © 2015 Pearson Education, Inc.

Copyright © 2015 Pearson Education, Inc.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Similar presentations

Ads by Google