Scribd Logo
Upload

Welcome to Scribd!

  • GROUP 5 Ecommerce

    Uploaded by

    okware brian
    10 views15 pages

    Original Title

    GROUP 5 ecommerce

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views15 pages

    GROUP 5 Ecommerce

    Uploaded by

    okware brian

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    GROUP 5

    Okware Brian
    Kirabo Karen
    Kyeswa kent
    Topic: Security and Encryption.
    ◦ Security is an essential part of any transaction that takes place
    over the internet as it protects customer data during transactions.
    A customer may lose his/her faith in the e-business if the security
    is compromised.
    Dimensions of Ecommerce Security
    Following are the essential requirements for safe e-payments/
    Transactions;
    ◦ Confidentiality − Information should not be accessible to an unauthorized person. It should not be
    intercepted during the transmission.
    ◦ Integrity − Information should not be altered during its transmission over the network.
    ◦ Availability − Information should be available wherever and whenever required within a time limit
    specified.
    ◦ Authenticity − There should be a mechanism to authenticate a user before giving him/her an access
    to the required information.
    Continuation…
    ◦ Non-Repudiation − It is the protection against the denial of order or
    denial of payment. Once a sender sends a message, the sender should not
    be able to deny sending the message. Similarly, the recipient of message
    should not be able to deny the receipt.

    ◦ Encryption − Information should be encrypted and decrypted only by an


    authorized user.

    ◦ Auditability − Data should be recorded in such a way that it can be


    audited for integrity requirements.
    Threats to e-commerce security.
    ◦ Trojan horses. These are malicious codes that masquerade as legitimate programs to
    steal user data. They can steal user login credentials etc.
    ◦ Cross site scripting. This is where an attacker injects malicious code in the browser
    to be executed on the victim’s machine by the browser hence ending up stealing user
    data, session cookies and tokens or rerouting the user to a fake website.
    ◦ Hackers can also steal users’ information by gaining access to webservers.
    ◦ Sniffing attacks where the threat actors sniff traffic between the client and
    website in order to capture sensitive information.
    ◦ Cyber vandalism. Cyber vandalism takes place when an unauthorized person changes
    the content of a Web page, destroys it, defaces it, or replaces a Web site’s regular
    content with their own, for example, hacking into the server of the website.
    Continuation…
    ◦ DDOS attacks where large amounts of traffic are sent to sites in little
    time hence making the servers to go down and not serving the intended
    users.
    ◦ Phishing attacks where threat actors try lure clients into sending
    sensitive information in order to compromise there accounts.
    ◦ Financial frauds like credit card frauds where attackers use stolen credit
    card data to purchase products on an e-commerce site.
    Mitigation of Ecommerce security
    threats.
    ◦ Using Https instead of http is a good measure to encrypt traffic in order
    to avoid sniffing attacks.
    ◦ Sanitizing user input into web forms can help mitigates cross site scripting
    attacks.
    ◦ Conducting regular site security audits to avoid cyber vandalism
    ◦ Verifying Transactions. implementation of a personal verification system
    whereby users have to verify themselves with a form of ID, which could be
    a passport or driving licence.
    ◦ Filtering traffic on the server side to avoid DDOS attacks to the site.
    ◦ Patching all known security threats.
    Encryption
    Encryption is a way to conceal information by altering it so that it appears to be
    random data. It is essential for security on the Internet. Encryption works by
    converting plain text into random text which can not be read by a person(cypher
    text). This is done by using cypher keys to alter data into random data.

    There are mainly two types of encryption;


    ◦ Asymmetric encryption
    ◦ Symmetric encryption
    Symmetric encryption.
    ◦ This is also known as private key encryption. The key used to
    encrypt is the same as the one used to decrypt, making it best for
    individual users and closed systems. Otherwise, the key must be
    sent to the receiver. This increases the risk of compromise if it's
    intercepted by a third party, such as a hacker.
    Asymmetric encryption.
    ◦ In asymmetric or public key encryption, there are two keys: private and public keys public
    key is used for encryption, and a private key is used for decryption. The decryption key is
    kept private while the encryption key is shared publicly, for anyone to use.
    Benefits of encrypting data.
    ◦ Privacy: Encryption ensures that no one can read communications or data except the intended recipient or
    the rightful data owner. This prevents attackers, ad networks, Internet service providers, and in some
    cases governments from intercepting and reading sensitive data, protecting user privacy.

    ◦ Security: Encrypted communications enable the communicating parties to exchange sensitive data without
    leaking the data.

    ◦ Data integrity: Encryption also helps prevent malicious behavior such as on-path attacks. When data is
    transmitted across the Internet, encryption ensures that what the recipient receives has not been viewed
    or tampered with on the way.

    ◦ Regulations: For all these reasons, many industry and government regulations require companies that handle
    user data to keep that data encrypted. Examples of regulatory and compliance standards that require
    encryption include GDPR.
    Encryption algorithms
    ◦ An encryption algorithm is the method used to transform data into
    ciphertext. An algorithm will use the encryption key in order to
    alter the data in a predictable way, so that even though the
    encrypted data will appear random, it can be turned back into
    plaintext by using the decryption key.
    Examples of Encryption algorithms
    Examples of symmetric encryption algorithms include:
    • Advanced Encryption Standard(AES).
    • Data Encryption Standard (DES)

    Examples of asymmetric encryption algorithms include:


    • RSA
    • Elliptic curve cryptography
    Attacks on encryption.
    ◦ Brute force attacks. A brute force attack is
    when an attacker who does not know the decryption
    key attempts to determine the key by making millions
    or billions of guesses. Brute force attacks are much
    faster with modern computers, which is why encryption
    has to be extremely strong and complex. Most modern
    encryption methods, coupled with high-quality passwords,
    are resistant to brute force attacks, although they may
    become vulnerable to such attacks in the future as
    computers become more and more powerful. Weak
    passwords are still susceptible to brute force attacks.
    References

    https://www.teasoftware.com/articles/threats-to-e-commerce-servers-and-
    payment-systems
    https://www.solutionweb.in/communication-channel-threats-in-e-commerce/
    https://www.simplilearn.com/data-encryption-methods-article

    You might also like