1 / 37

E-Commerce Engineer - Security in E-Commerce

E-Commerce Engineer - Security in E-Commerce. Encryption and Security Measures. Definition of Security problems. A security-system is correct, if it has the following parameters: Closeness Holistic Continuity Venture proportion. General problems of the information-security.

aurelia-valenzuela
Download Presentation

E-Commerce Engineer - Security in E-Commerce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-Commerce Engineer - Security in E-Commerce Encryption and Security Measures Database Models Ver: 1.0

  2. Definition of Security problems A security-system is correct, if it has the following parameters: • Closeness • Holistic • Continuity • Venture proportion Database Models Ver: 1.0

  3. General problems of the information-security • Security problems of the design and the development procedure • Information-security • Data-security • Dependable working Database Models Ver: 1.0

  4. Security problems of the design and the development • Documentation, documents • security classification • critical hardware and network items Database Models Ver: 1.0

  5. The information-security • Regulation of the data-access rights • Identification and validation • Information-security on the information-system level • Virus defence Database Models Ver: 1.0

  6. Data-manipulating rights control • Scope of authority issue • Control • Data-access rights • Unauthorized data-access attempt • Firewall configuration Database Models Ver: 1.0

  7. Identification and validation • User identification • Validation • Secession • Multilevel identification and validation system • Misregistration Database Models Ver: 1.0

  8. Information-security on the informatics-system level • Information-security on the level of: • Operating system • Application defence • Menu-system • File system Database Models Ver: 1.0

  9. Virus defence • System-servers • Application servers • Data medium • New software • For a longer time unused software Database Models Ver: 1.0

  10. The data-security • Security of the data-recording • Security of the data-storage • Security of the data-access Database Models Ver: 1.0

  11. Security of the data-recording • Input-data accuracy • Data-transmission • Development of the data-recording policy • Logging of the data-recording events • Data-recording rights • Input warrants • Semantic and syntax monitoring of input data Database Models Ver: 1.0

  12. Security of data-storage • Development of data-storage policies • After-processing control • Redundant-storage • Data encryption Database Models Ver: 1.0

  13. Security of data-access • Development of data distribution policies • Development of the data-access rights • Data-integration Database Models Ver: 1.0

  14. Dependable working 1 • Infrastructure • physical defence of storage and computer rooms • dependable power supply • bias control • HRM- human resource management • staff  trusty operation • viewpoints • personal factors Database Models Ver: 1.0

  15. Dependable working 2 • Audition of reliability • Restart • Data medium • storage • security copies • archiving Database Models Ver: 1.0

  16. Dependable working 3 • Hardware • physical defence • conditions of the dependable operation • floppy-drive disabling • service • bound of workstation • communication network Database Models Ver: 1.0

  17. Dependable working 4 • Software • legality • virus defence • testing for fail-safe operation • documentation • source-code availability Database Models Ver: 1.0

  18. IT security in the the running system • Access regulation • Access control • Integration control • Data-security • Fail-spanning • Restart • Development and observance of operating policies • Disaster-plan Database Models Ver: 1.0

  19. Cryptographic-protocol of e-commerce 1 • Identification • partner-identification • server- identification • client- identification • Message-authentication • Verifying digital signatures • Secret-sharing Database Models Ver: 1.0

  20. Cryptographic-protocol of e-commerce 2 • Encryption-key maintenance • generation • allocation • authentication • revocation • key server • Time-stamp Database Models Ver: 1.0

  21. Developers and products of the cryptographic standards 1 • ANSI standards • DSA-based digital signature • RSA -based digital signature • Ellipse-curve based digital signature (ECDSA) Database Models Ver: 1.0

  22. Developers and products of the cryptographic standards 2 • FIPS (US) standards • Escrowed encryption standard (EES) • Data encryption standard (DES) • Advanced encryption standard (AES) • Hash standard for digital signature (SHS) • Digital signature standard (DDS) using a Digital signature algorithm (DSA) Database Models Ver: 1.0

  23. Developers and products of the cryptographic standards 3 • RSA Laboratories specifications, PKCS (Public-Key Cryptography Standards) • RSA standard • Diffie-Helmann key standard • ITU (International Telecommunication Union) • X.509 authentication framework Database Models Ver: 1.0

  24. Developers and products of the cryptographic standards 4 • PEM (privacy-enchanted mail) • W3C commendations • ETSI (European Telecommunications Standards Institute) standards Database Models Ver: 1.0

  25. The RSA-based encryption 1 • Algorithm of the RSA • selection of parameters • encryption keys • message-handling Database Models Ver: 1.0

  26. Message-handling • The message encryption: Encoding the m (0<m<n, (m,n)=1) message: c ≡ me mod n, c - the encrypted message • Decoding of c(0<c<n) encrypted message: m ≡ cd mod n, m - the resolved message The condition (m,n)=1 ensures the unambiguous coding Database Models Ver: 1.0

  27. The RSA-based encryption 2 • The RSA attributes (algorithms) • the RSA algorithm can be easily computerized • its security is adequate • simple mathematical background • well known • typical parameters • applied acceleration • Wassenaar command • patent Database Models Ver: 1.0

  28. The RSA-based encryption 3 • RSA attributes (offensives) • factorisation of n : full-hacking • selection small d : full-hacking • selection of small e : some of the messages can be hacked Database Models Ver: 1.0

  29. The RSA-based encryption 4 • Preparation of the RSA parameters • methods for selection of p and q and for the factorisation of n • the prime-dissociation current highest efficiency • finding primes • selection of parameter d • selection of parameter e • the RSA summing up and evaluation Database Models Ver: 1.0

  30. Functional encrypting • Encrypting data files • RSA SecurID method • advantages • disadvantages Database Models Ver: 1.0

  31. The SHIELD-system 1 • Inventor and developer of the SHIELD-program is: Balogh Zoltán • The SHIELD function • Operation • Attributes • countermoves • signal • notes Database Models Ver: 1.0

  32. The SHIELD-system 2 • Comparison with other defence systems • with the DES • with the RSA Database Models Ver: 1.0

  33. Firewall and e-mail screening 1 • The structure of the security system of a local area networked organisation • Usually steps of building up the security system • Security-policy • E-mail • Outer connection from the Internet Database Models Ver: 1.0

  34. Firewall and e-mail screening 2 • The firewall configuration • The network tools of the firewall • Risks you want to avoid using a firewall • Filtering options • Firewall types • Downloads • AVG FREE EDITION Database Models Ver: 1.0

  35. Firewall and e-mail screening 3 • E-mail screening • Arrange of scope of the screening • User-level screening • Spam notification • The attachment-screening Database Models Ver: 1.0

  36. Laws for data-security • Current laws in Hungary • Current laws in the European Union Database Models Ver: 1.0

  37. Other information • MTA SZTAKI • Post Address: H-1518 Budapest, P.O. Box 63. • Phone: +36 (1) 279-6000 • Telefax: +36 (1) 466-7503 • Éva Feuer • Post Address: H-1518 Budapest, P.O. Box 63. • Phone: +36 (1) 279-6285 • Telefax: +36 (1) 466-7503 Database Models Ver: 1.0

More Related