This action might not be possible to undo. Are you sure you want to continue?
Security encompasses a set of measures and procedures to guard against theft, attack, crime, and sabotage. The goal of computer security is to maintain the integrity, availability, and privacy of information entrusted to the system. Unauthorized access, revelation, or destruction of data can violate individual privacy. Corruption of business data can result in significant and potentially catastrophic losses to Companies. In order to build a secure e-Commerce system, we need to employ cryptographic techniques. Cryptography is originally about keeping messages secret.
1. 2. 3. 4. 5.
Unauthorized disclosure of information Unauthorized alteration or destruction of information Unauthorized use of service Denial of service to legitimate users Interruption & disruption in communications
A computer is secure if you can depend on it and its software to behave as you expect.
Logged-on Terminal Passwords Browsing Trap doors (secret points of entry without access authorization) Electronic eavesdropping (electromagnetic pickup of screen radiation) Mutual trust Trojan Horse (program may be written to steal user passwords) Computer Worms (programs can attack via a network and deny service) Computer Viruses Trial & Error .
Government and Other Institutions mean: •Protection of Information •Protection of Systems (* The type of information and systems for corporate. Government and other institutions are different) .E-Security according to Consumers mean: •Protection of Personal Information •Protection of Assets E-Security according to Corporate.
•Banks •Financial Companies •Insurance companies •Brokerage Houses •Consultants •Network Service Providers •Textile Business •Wholesale/ Retail Traders •Government Contractors •Government agencies •Hospitals •Medical Laboratories •Utility Companies •Universities. etc………. (The list goes on as no firm is fully immune to e-threats) .
•Uncover confidentiality •Leak Authentication and Access Control • Conduct ID theft •Hacking •Virus •Client based security threats •Server based security threats •Other threats .
Integrity 3. Is this the real company X? The aforementioned worries can be summarized into three security requirements namely : 1. Authentication . Will this payment information be captured and changed by someone on the internet? Worry 3: This company claims itself to be company X.for the goods. Can people other than the intended recipient read it? Worry 2: I agree to pay Rs 10000/. Confidentiality 2.Worry 1: I transmit my credit card information over the internet.
AUTHENTICATION (THE RECEIVER NEEDS TO BE SURE OF SENDERS IDENTITY) 4.• MESSAGE : 1. NONREPUDIATION (A SENDER MUST NOT BE ABLE TO DENY SENDING A MESSAGE THAT HE SENT) • ENTITY : AUTHENTICATION (USER IDENTIFICATION) . CONFIDENTIALITY (SENDER AND RECEIVER EXPECT PRIVACY) 2. INTEGRITY (DATA MUST ARRIVE AT THE RECEIVER EXACTLY AS SENT) 3.
. Non-Repudiation: Proof is needed that the message was indeed received. Authenticity: Sender and recipient must prove their identities to each other.Privacy and Confidentiality: Information must be kept away from unauthorized parties. Security and Integrity: Message must not be altered or tampered with.
Use firewall Use virus protection software Use strong passwords Back up your files on a regular basis Do not keep a computer online when not in use Do not open e-mail attachments from strangers Disable scripts .
Secure socket layer (SSL) Secure electronic transaction (SET) Secure access (password authentication) Secure interconnection Secure personal connection Secure networking (VPNs) Secure managed services Secure Hypertext Transfer Protocol (S-HTTP) Secure/Multipurpose Internet mail Extensions (S/MIME) .
and Microsoft and designed to provide secure Web credit card transactions for both consumers and merchants. Master card. understanding SSL Is understanding foundation of SET. Netscape. SET is established on top of SSL. This protocol makes secure Web transmissions transparent to end users. The protocol SHTTP applies SSL between Web servers and browsers . SSL protocol performs message exchanges. Secure electronic transaction (SET) a set of cryptographic protocols jointly developed by Visa. . which communicated by HTTP protocol.Secure socket layer (SSL) A special communication protocol used by Web browsers and servers to encrypt all communications online.
It is based on a 56 bit key. It applies transformation on blocks of 64 bit corresponding to binary encoding . Government in 1977. It is of two categories •Symmetric encryption/Secret Key cryptography (uses the same key for encryption and decryption) •Asymmetric encryption/Public Key Cryptography (uses a public key and a private key) •Data Encryption Standard(DES): It is a symmetric algorithm Designed by IBM for the U.CRYPTOGRAPHY Cryptography is the science of using mathematics to encrypt and decrypt data. It is reasonably secure since all possible keys are exhaustively tried to break the code and it takes a long time even with fast computers.S.
even those who can see the encrypted data. The process of reverting cipher text to its original plaintext is called decryption Plain Text Encryption Cipher Text Decryption Plain Text .Data that can be read and understood without any special measures is called plain text or clear text. Encrypting plaintext results in unreadable gibberish called cipher text. You use encryption to ensure that information is hidden from anyone for whom it is not intended. The method of disguising plaintext in such a way as to hide its substance is called encryption.
The RSA Algorithm The RSA algorithm. and Leonard Adleman. is currently one of the favorite public key encryption methods. named for its creators Ron Rivest. . Adi Shamir.
Example of how an encrypted message may look after using RSA Algorithm: Recipient: Bob Key Encryption Algorithm: rsaEncryption Encrypted Key: 3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD73 9492C9CE5 8B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8 DBC6E621 EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3 CB99AC7E 609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177C BA3A435B Content Encryption Algorithm: aes128-cbc IV: 5732164B3ABB6C4969ABA381C1CA75BA Encrypted Content: 67290EF00818827C777929A56BC3305B .
a sender encrypts a message with his private key. It must be impossible for anyone to forge A’s signature 3. •Assuming that B receives a message M signed by A the digital signature must satisfy the following requirements : 1. used to verify the origin and contents of the message.DIGITAL SIGNATURES •A digital signature is a cryptographic mechanism that performs a similar function like a written signature. It must be impossible for A to repudiate the message M . It must be possible for B to validate A’s signature on M 2. •It may be implemented with the use of RSA public key encryption in a way that provides both security and authentication of message. To make a DS.
one time passwords .smart cards Electronic mail Server security • • • Network security .• Secure transport stacks • • • • Kerberos Secure transactions over the internet UNIX security Password security systems .
Australian Government Initiative ICICI PRUDENTIAL .
E-security can never be perfect because a better system will be broken into by a better cracker Solutions? Better education of people using system Better system usage and monitoring Better enforcement and legislation without infringing on privacy “The price of freedom is eternal vigilance” .
KING & CHUNG Electronic Commerce By CHAN.Operating Systems By MILAN MILENKOVIC Data Communications & Networking By B.LEE.DILLON & CHANG .LEE. A. FOROUZAN Electronic Commerce By TURBAN.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.