Professional Documents
Culture Documents
E-Commerce - Security
Resource Person
Amila N. Jayarathna
MSc in IT (UoM), BSc.Business IT.Sp (RUSL)
Integrity − Information should not be altered during its transmission over the network.
Availability − Information should be available wherever and whenever required within a time limit specified.
Authenticity − There should be a mechanism to authenticate a user before giving him/her an access to the required information.
Non-Repudiability − It is the protection against the denial of order or denial of payment. Once a sender sends a message, the sender
should not be able to deny sending the message. Similarly, the recipient of message should not be able to deny the receipt.
Auditability − Data should be recorded in such a way that it can be audited for integrity requirements.
Measures to ensure Security (Major security measures are following)
Encryption − It is a very effective and practical way to safeguard the data being transmitted
over the network. Sender of the information encrypts the data using a secret code and only
the specified receiver can decrypt the data using the same or a different secret code.
Digital Signature − Digital signature ensures the authenticity of the information. A digital
signature is an e-signature authenticated through encryption and password.
Security Certificates − Security certificate is a unique digital id used to verify the identity of
an individual website or user.
Security Protocols in Internet
We will discuss here some of the popular protocols used over the internet
to ensure secured online transactions.
• Authentication
• Encryption
• Integrity
• Non-reputability
Cryptography
Cryptocurrencies Digital Currencies
Secure web
Authentication
browsing
Electronic
signatures
Advantages
A digital signature is a
mathematical technique
used to validate the
authenticity and integrity of
a message, software, or
digital document.
Benefits of Digital Signatures
• Legal documents and contracts: Digital signatures are legally binding. This makes them ideal for any legal document that requires a
signature authenticated by one or more parties and guarantees that the record has not been altered.
• Sales contracts: Digital signing of contracts and sales contracts authenticates the identity of the seller and the buyer, and both parties
can be sure that the signatures are legally binding and that the terms of the agreement have not been changed.
• Financial Documents: Finance departments digitally sign invoices so customers can trust that the payment request is from the right
seller, not from a bad actor trying to trick the buyer into sending payments to a fraudulent account.
• Health Data: In the healthcare industry, privacy is paramount for both patient records and research data. Digital signatures ensure that
this confidential information was not modified when it was transmitted between the consenting parties.
• Federal, state, and local government agencies have stricter policies and regulations than many private sector companies. From
approving permits to stamping them on a timesheet, digital signatures can optimize productivity by ensuring the right person is
involved with the proper approvals.
• Shipping Documents: Helps manufacturers avoid costly shipping errors by ensuring cargo manifests or bills of lading are always correct.
However, physical papers are cumbersome, not always easily accessible during transport, and can be lost. By digitally signing shipping
documents, the sender and recipient can quickly access a file, check that the signature is up to date, and ensure that no tampering has
occurred.
Drawbacks of Digital Signatures
• Dependence on Key Management: Digital signatures rely on the secure management of cryptographic keys. This
means that the sender must keep their private key safe and secure from unauthorized access, while the recipient
must verify the sender’s public key to ensure its authenticity. Any failure in key management can compromise
the security of the digital signature.
• Complexity: Digital signatures require a complex process of key generation, signing, and verification. This can
make them difficult to implement and use for non-technical users.
• Compatibility: Different digital signature algorithms and formats may not be compatible with each other, making
it difficult to exchange signed messages across different systems and applications.
• Legal Recognition: Although digital signatures have legal recognition in many countries, their legal status may
not be clear in all jurisdictions. This can limit their usefulness in legal or regulatory contexts.
• Revocation: In case of key compromise or other security issues, digital signatures must be revoked to prevent
their misuse. However, the revocation process can be complex and may not be effective in all cases.
• Cost: Digital signatures may involve additional costs for key management, certificate issuance, and other related
services, which can make them expensive for some users or organizations.
• Limited Scope: Digital signatures provide authentication and integrity protection for a message, but they do not
provide confidentiality or protection against other types of attacks, such as denial-of-service attacks or malware.
Digital Certificate
Digital certificate is issued by a trusted third
party which proves sender’s identity to the
receiver and receiver’s identity to the sender.
A digital certificate is a certificate issued by a
Certificate Authority (CA) to verify the identity
of the certificate holder. The CA issues an
encrypted digital certificate containing the
applicant’s public key and a variety of other
identification information. Digital certificate is
used to attach public key with a particular
individual or an entity.
Digital certificate is also sent with the digital
signature and the message.
Digital certificate vs digital signature :
Digital signature is used to verify authenticity,
integrity, non-repudiation ,i.e. it is assuring
that the message is sent by the known user
and not modified, while digital certificate is
used to verify the identity of the user, maybe
sender or receiver.
Thus, digital signature and certificate are
different kind of things but both are used for
security. Most websites use digital certificate
to enhance trust of their users.
Authentication Protocols
Authentication protocols are
methods or procedures used to
verify the identity of a user, device,
or system. These protocols are
designed to ensure that only
authorized users or devices are able
to access protected resources, and
to prevent unauthorized access or
tampering.
Most common authentication protocols
Lightweight
Kerberos Directory Access OAuth2
Protocol (LDAP)
SAML RADIUS
Malicious
Websites
Phishing
What Is Payment Security?
Payment security involves the steps businesses take to make sure that their customers’ data
is protected and to avoid unauthorized transactions and data breaches. Important aspects of
payment security include following protocols such as PCI Compliance and 3-D Secure
(3DS).
01 02 03 04 05 06
Use two-factor Verify every Choose a secure e- Buy cyber liability Use a personal Don't store
authentication. ... transaction. ... commerce platform insurance. ... verification customer payment
and payment system. ... data.
provider. ...
End ..