1 / 29

Security Issues in E-commerce

Explore the security challenges in e-commerce, including cryptography, web security, operating system security, network security, and more.

armstrong
Download Presentation

Security Issues in E-commerce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 3Mohammad Fozlul Haque BhuiyanAssistant ProfessorCITI Jahangirnagar University

  2. Security Issues in E-commerce A computer system composing of bare hardware and an OS responsible for safe guarding its data and applications resident in primary and secondary storage, proper management of other resources and establishing connection to other computer systems via the network. When the system is not hooked to the outside world, the computer system is only vulnerable to its bad users who abuse it with bad applications like virus, Trojan horses, etc. However, when it is open to outside world through networking, this becomes a major threat to the system. Security Issues Is E-commerce Secure? Cryptography Web security

  3. Security Issues • Operating System Security • Network Security • Internet Security • Middleware Security • Database Security • Others Fields of Computer System security

  4. Operating System Security The security models are classified into two major groups: • Mandatory security model: • Control the access to information by individuals on the basis of classification of subjects (active element) and objects (data). Bell Lapadula model, Biba model, and Dion model. • Discretionary security model: • Control user access on the basis of user identity and some rules guiding what type of access relationship can be established between the user (subject) and object. Access matrix model, take-grant model, ant action entity model. • Lattice model: • Based on flow control

  5. Operating System Security

  6. Network Security

  7. Network Security (Cont…) • As the network makes a computer system open to the world, communication becomes easy with the outside world at the cost of security. One of the major successes in tackling the distributed system security problem is Kerberos. • Kerberos uses encryption to enable secure communication. To be able to connect to the computers, users have to use programs that can use Kerberos. In order to authenticate to Kerberos, one needs to get ‘tickets’. • A ticket grants the user the right to use a service, such as accessing his/her files. A ‘ticket granting ticket’ is a ticket used to get other tickets.

  8. Internet Security

  9. Middleware Security • OSF’s DCE • OMG’s CORBA

  10. Database Security Figure: Distributed Database Model

  11. Other Fields of Computer System Security • E-cash

  12. Is E-commerce Secure ? When viewing digital information from the network perspective, information security contains the following characteristics: • Confidentiality or message transmission security. • Integrity of data content • Authentication of sender and receiver • Non-repudiation by the sender and receiver • Anonymity or secrecy • Availability

  13. Cryptography • Single Key (Symmetric) Cryptography • Public Key (Asymmetric) Cryptography • Digital Signature • Certification Authority • Digital Certificates

  14. Single Key (Symmetric) Cryptography

  15. Public Key (Asymmetric) Cryptography

  16. Public Key (Asymmetric) Cryptography (Cont..)

  17. Certification Authority

  18. Digital Certificate The digital certificate is basically the digitally signed triple: • Identity of user • Public key of user • Other attributes

  19. Digital Certificate (cont..) In addition to the signature, the public key certificate contains the following items: • version • serialNumber • signature • Issuer • validity • subject • subjectPublicKeyInfo • issuerUniqueidentifier • extensions

  20. Digital Signatures • What is Digital Signature? • Hash value of a message when encrypted with the private key of a person is his digital signature on that e-Document • Digital Signature of a person therefore varies from document to document thus ensuring authenticity of each word of that document. • As the public key of the signer is known, anybody can verify the message and the digital signature • Why Digital Signatures? • To provide Authenticity, Integrity and Non-repudiation to electronic documents • To use the Internet as the safe and secure medium for e-Commerce and e-Governance

  21. Digital Signatures Each individual generates his own key pair [Public key known to everyone & Private key only to the owner] Private Key – Used for making digital signature Public Key – Used to verify the digital signature

  22. Digital Signature:An application of public key cryptography

  23. Secure Socket Layer (SSL) Secure Electronic Transaction (SET) Web security

  24. Secure Socket Layer (SSL) The SSL protocol provides connection security that has three basic properties: The connection is private, Symmetric cryptography is used for data encryption (e.g. EDS, RC4, etc.)

  25. Secure Socket Layer (SSL) (cont…) • The peer’s identity can be authenticated using asymmetric, or public key, cryptography (e.g. RSA, DSS, etc.) • The connection is reliable. Message transport includes a message integrity check using a keyed MAC. Secure hash function (e.g. SHA, MD5, etc.)

  26. Secure Socket Layer (SSL) (cont..) Figure: SSL 3.0 information exchange between a client and a server

  27. Secure Electronic Transaction (SET) The SET specification is designed to meet three main objectives. First, it will enable payment security for involved, authenticate card holders and merchants, provide confidentiality of payment data, and define protocols for potential electronic security service providers.

  28. Secure Electronic Transaction (SET) (Cont…) Second, it will enable interoperability among applications developed by various vendors and among different operating systems and platforms. Third, it will strive to achieve market acceptance on a global scale.

  29. Thank You

More Related