You are on page 1of 32

THE NEED

Based on a survey by Symantec
 

Number of Adults exposed to Cyber Crimes in 2010-11 = 431 Million Number of Adults exposed to Cyber Crimes Daily = More than 1 Million Number of Adults exposed to Cyber Crimes Per Second = 14 69% people have been victims of Cyber Crimes Increase in mobile vulnerability by 42%

  

cocaine and heroin combined ($288bn) and approaching the value of all global drug trafficking ($411bn) The 2011 bill for cybercrime is more than 100 times the global annual expenditure of UNICEF ($3.65bn) o o   .Victims valued at the time they lost to cyber crimes The global black market in marijuana.Cost of Cyber Crime Apathy  Cost of ineffective online security by online adults in 24 countries in 2011=USD 338 Billion 114 Billion – Directly lost by victims 274 Billion .

Situation in India  In 2011.10% 19.50% .70% 17. 1791 Cyber crime cases were registered with the National Crime Records Bureau (NCRB) % out of 1791 cases with NCRB Rajasthan Karnataka Kerela Maharashtra Andhra Pradesh 7% 8.40% 13.

  In 2011. cases registered under the Indian Penal Code = 422 18.6 Chattisgarh 18 Maharashtra 20.6 .5% more than those registered in 2010 (356) Percentage of registered cases Delhi 11.

6 21. 147% higher than that in 2009 (347) Percentage of cases registered under IT Act 2000 Delhi Hyderabad Jaipur Pune Vishakhapatnam Bangalore 10 13.4 23.2 16. 53 mega cities have reported 858 cases under the IT Act 2000.4 .4 15.

Need to remove Apathy Percentage Victims of cybercrime 15% Victims of cybercrime 44% .

 According to the (Amended) IT Act 2008.       India is the 3rd most targeted country for Phishing attacks People in India need to step forward with their complaints as the number of cyber crime victims far outweigh the registered cases .9 million bot-infected systems 14348 website defacements Between January-September 2011 – 6850 .6 billion in time spent in solving the cases. 4 billion direct financial losses and 3.com domains were defaced Norton cybercrime report says 30 million people were cyber crime victims in 2010. Cert-In’s 2010 Annual report claims – 6. Cert-In (Indian Computer Emergency Response Team) is designated to serve as the national agency for cyber security.in and 4150 .

A partnership between the National White Collar Crime Center and the Federal bureau of Investigation.The E-Commerce Security Environment   Source of information Internet Crime Complaint Center (IC3) .   The Computer Security Institute’s Security product provider .

Security Threats in the E-commerce Environment Three key points of vulnerability:  Client  Server  Communications channel  Most common threats:  Malicious code  Hacking and cyber vandalism  Credit card fraud/theft  Spoofing  Denial of service attacks  Sniffing  Insider jobs  .

A Typical E-commerce Transaction .

Vulnerable Points in an E-commerce Environment .

but then does something other than expected Bad applets (malicious mobile code): malicious Java applets or ActiveX controls that may be downloaded onto client and activated merely by surfing to a Web site    .Malicious Code  Viruses: computer program that as ability to replicate and spread to other files. include macro viruses. file-infecting viruses and script viruses Worms: designed to spread from computer to computer Trojan horse: appears to be benign. most also deliver a “payload” of some sort (may be destructive or benign).

defacing or destroying a Web site Types of hackers include:  White hats – Members of “tiger teams” used by corporate security departments to test their own security measures  Black hats – Act with the intention of causing harm  Grey hats – Believe they are pursuing some greater good by breaking in and revealing system flaws .Hacking and Cybervandalism     Hacker: Individual who intends to gain unauthorized access to a computer systems Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably) Cyber vandalism: Intentionally disrupting.

use stolen data to establish credit under false identity One solution: New identity verification mechanisms   .Credit Card Fraud  Fear that credit card information will be stolen deters online purchases Hackers target credit card files and other customer information files on merchant servers.

Insight on Society: E-Signatures – Bane or Boon to E-commerce?  Electronic Signatures in Global and National Commerce Act (E-Sign Law): Went into effect October 2001 Gives as much legal weight to electronic signature as to traditional version Thus far not much impact Companies such as Silanis and others still moving ahead with new esignature options    .

DoS and dDoS Attacks.Spoofing. enables hackers to steal proprietary information from anywhere on a network Insider jobs:single largest financial threat  . Sniffing. Insider Jobs     Spoofing: Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points Sniffing: type of eavesdropping program that monitors information traveling over a network.

TWO LINES OF DEFENSE:   TECHNOLOGY SOLUTIONS POLICY SOLUTIONS .

Technology Solutions  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver. Purpose of Encryption:   Secure stored information Secure information transmission .

Encryption provides four key dimensions of e-commerce security:     Message integrity Nonrepudiation Authentication Confidentiality .

Symmetric Key Encryption: Both the sender and the receiver use the same key to encrypt and decrypt the message.1. secret key for transaction with every party is required.   . In commercial use. Common flaws in early methods of encryption:  Ancient means of encryption can be broken quickly in the digital age. Symmetric key encryption requires both the parties share the same key. Used extensively throughout world war 2.

Public Key Encryption: Solves the problem of exchanging keys.2. Two mathematically related digital keys are used:   Private key: Kept secret by the owner Public key: Widely disseminated. Drawbacks of public key encryption:    No authentication of the sender No assurance the message was altered in transit Potential lack of integrity in the system .

PKE using Digital Signatures and Hash Digests  Hash Function: Algorithm that produces a fixed-length number called a hash or message digest.3.  . Digital Signature: “signed” cipher text that can be sent over the internet.

4. a digital certificate serial number and other identifying information. Public Key Infrastructure: refers to the CAs and digital certificate procedures that are accepted by all parties. but public key encryption to encrypt and send the symmetric key 5. . Digital Envelopes: A technique that uses symmetric encryption for large documents. the subject’s public key. Digital certificates: digital document issued by a certification authority that contains the name of the subject. 6. company .

Virtual private networks: Allows remote users to securely access internal networks via the internet. optional client authentication and message integrity for TCP/IP connections. server authentication.  .Methods of securing communication channels  Secure Sockets Layer(SSL): Provides data encryption. using the point-to-point tuneling protocol.  Secure Hypertext transfer Protocol(S-HTTP): A secure message-oriented communications protocol designed for use in conjunction with HTTP.

Proxy servers: Software server that handles all communications originating from or being sent to the Internet.Protecting Networks:  Firewall: Refers to either hardware or software that filters communication packets and prevents some packets from entering the network based on a security policy. acting as a spokesperson or bodyguard for the organization.  .

 . Symantec etc. Anti-virus Software: Inexpensive tools to identify and eradicate the most common types of malicious codes.Protecting Servers and Clients  Operating System Security enhancements: Automatic computer security upgrades provided by the Microsoft Windows and Apple’s OS.g: McAfee. E.

.Online Gateway        A payment gateway is an e-commerce application service provider service that authorizes payments for e-businesses online retailers bricks and clicks. to ensure that information is passed securely between the customer and the merchant and also between merchant and the payment processor. Payment gateways protect credit card details by encrypting sensitive information. such as credit card numbers. It is the equivalent of a physical point of sale terminal located in most retail outlets. or traditional brick and mortar.

How Payment Gateway Works? .

Dimensions of E-Commerce Security       Integrity Nonrepudiation Authenticity Confidentiality Privacy Availability .

….Thank you .