SlideShare a Scribd company logo

Online security & encryption

Download as PPT, PDF
Qamar Farooq
Qamar Farooq

E-commerce

TechnologyEducation
1 of 38
Introduction to Security Security and Encryption HCC Handouts 1
Goals of Security DATA DATA Confidentiality DATA Integrity HCC Handouts Availability 2
The Merchant Pays     HCC Handouts Many security procedures that credit card companies rely on are not applicable in online environment As a result, credit card companies have shifted most of the risks associated with e-commerce credit card transactions to merchant Percentage of Internet transactions charged back to online merchants much higher than for traditional retailers (3-10% compared to ½-1%) To protect selves, merchants can:  Refuse to process overseas purchases  Insist that credit card and shipping address match  Require users to input 3-digit security code printed on back of card  Use anti-fraud software 3
Internet Fraud Complaints Reported HCC Handouts 4
The E-commerce Security Environment HCC Handouts 5
Dimensions of E-commerce Security       HCC Handouts Integrity: ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online actions Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet Confidentiality: ability to ensure that messages and data are available only to those authorized to view them Privacy: ability to control use of information a customer provides about himself or herself to merchant Availability: ability to ensure that an e-commerce site continues to function as intended 6
Customer and Merchant Perspectives on the Different Dimensions of E-commerce Security HCC Handouts 7
The Tension Between Security and Other Values   HCC Handouts Security vs. ease of use: the more security measures that are added, the more difficult a site is to use, and the slower it becomes Security vs. desire of individuals to act anonymously 8
Security Threats in the E-commerce Environment   HCC Handouts Three key points of vulnerability:  Client  Server  Communications channel Most common threats:  Malicious code  Hacking and cybervandalism  Credit card fraud/theft  Spoofing  Denial of service attacks  Sniffing  Insider jobs 9
A Typical E-commerce Transaction HCC Handouts 10
Vulnerable Points in an E-commerce Environment HCC Handouts 11
Malicious Code     Viruses: computer program that as ability to replicate and spread to other files; most also deliver a “payload” of some sort (may be destructive or benign); include macro viruses, file-infecting viruses and script viruses Worms: designed to spread from computer to computer Trojan horse: appears to be benign, but then does something other than expected Bad applets (malicious mobile code): malicious Java applets or ActiveX controls that may be downloaded onto client and activated merely by surfing to a Web site HCC Handouts 12
Hacking and Cybervandalism     Hacker: Individual who intends to gain unauthorized access to a computer systems Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably) Cybervandalism: Intentionally disrupting, defacing or destroying a Web site Types of hackers include:  White hats – Members of “tiger teams” used by corporate security departments to test their own security measures  Black hats – Act with the intention of causing harm  Grey hats – Believe they are pursuing some greater good by breaking in and revealing system flaws HCC Handouts 13
Credit Card Fraud    HCC Handouts Fear that credit card information will be stolen deters online purchases Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity One solution: New identity verification mechanisms 14
Spoofing, DoS and dDoS Attacks, Sniffing, Insider Jobs      HCC Handouts Spoofing: Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points Sniffing: type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network Insider jobs:single largest financial threat 15
Technology Solutions     HCC Handouts Protecting Internet communications (encryption) Securing channels of communication (SSL, SHTTP, VPNs) Protecting networks (firewalls) Protecting servers and clients 16
Tools Available to Achieve Site Security HCC Handouts 17
Protecting Internet Communications: Encryption     HCC Handouts Encryption: The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver Purpose:  Secure stored information  Secure information transmission Provides:  Message integrity  Nonrepudiation  Authentication  Confidentiality Types  Symmetric key encryption  Public key encryption 18
Symmetric Key Encryption     HCC Handouts Also known as secret key encryption Both the sender and receiver use the same digital key to encrypt and decrypt message Requires a different set of keys for each transaction Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits 19
Public Key Encryption      HCC Handouts Public key cryptography solves symmetric key encryption problem of having to exchange secret key Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) Both keys are used to encrypt and decrypt message Once key is used to encrypt message, same key cannot be used to decrypt message For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it 20
Public Key Cryptography – A Simple Case HCC Handouts 21
Public Key Encryption using Digital Signatures and Hash Digests   HCC Handouts Application of hash function (mathematical algorithm) by sender prior to encryption produces hash digest that recipient can use to verify integrity of data Double encryption with sender’s private key (digital signature) helps ensure authenticity and nonrepudiation 22
Public Key Cryptography with Digital Signatures HCC Handouts 23
Digital Envelopes   HCC Handouts Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing time) and symmetric key encryption (faster, but more secure) Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key 24
Public Key Cryptography: Creating a Digital Envelope HCC Handouts 25
Digital Certificates and Public Key Infrastructure (PKI)   HCC Handouts Digital certificate: Digital document that includes:  Name of subject or company  Subject’s public key  Digital certificate serial number  Expiration date  Issuance date  Digital signature of certification authority (trusted third party (institution) that issues certificate  Other identifying information Public Key Infrastructure (PKI): refers to the CAs and digital certificate procedures that are accepted by all parties 26
Digital Certificates and Certification Authorities HCC Handouts 27
Limits to Encryption Solutions      PKI applies mainly to protecting messages in transit PKI is not effective against insiders Protection of private keys by individuals may be haphazard No guarantee that verifying computer of merchant is secure CAs are unregulated, self-selecting organizations HCC Handouts 28
Insight on Technology: Advances in Quantum Cryptography May Lead to the Unbreakable Key     HCC Handouts Existing encryption systems are subject to failure as computers become more powerful Scientists at Northwestern University have developed a high-speed quantum cryptography method Uses lasers and optical technology and a form of secret (symmetric) key encryption Message is encoded using granularity of light (quantum noise); pattern is revealed only through use of secret key 29
Secure Negotiated Sessions Using SSL HCC Handouts 30
Securing Channels of Communication    HCC Handouts Secure Sockets Layer (SSL): Most common form of securing channels of communication; used to establish a secure negotiated session (client-server session in which URL of requested document, along with contents, is encrypted) S-HTTP: Alternative method; provides a secure messageoriented communications protocol designed for use in conjunction with HTTP Virtual Private Networks (VPNs): Allow remote users to securely access internal networks via the Internet, using Point-to-Point Tunneling Protocol (PPTP) 31
Protecting Networks: Firewalls and Proxy Servers    HCC Handouts Firewall: Software application that acts as a filter between a company’s private network and the Internet Firewall methods include:  Packet filters  Application gateways Proxy servers: Software servers that handle all communications originating from for being sent to the Internet (act as “spokesperson” or “bodyguard” for the organization) 32
Firewalls and Proxy Servers HCC Handouts 33
Protecting Servers and Clients   HCC Handouts Operating system controls: Authentication and access control mechanisms Anti-virus software: Easiest and least expensive way to prevent threats to system integrity 34
Transactions 1. 2. 3. HCC Handouts Sensitive information has to be protected through at least three transactions: credit card details supplied by the customer, either to the merchant or payment gateway. Handled by the server's SSL and the merchant/server's digital certificates. credit card details passed to the bank for processing. Handled by the complex security measures of the payment gateway. order and customer details supplied to the merchant, either directly or from the payment gateway/credit card processing company. Handled by SSL, server security, digital certificates (and payment gateway sometimes). 35
PCI, SET, Firewalls and Kerberos     HCC Handouts Credit card details can be safely sent with SSL, but once stored on the server they are vulnerable to outsiders hacking into the server and accompanying network. A PCI (peripheral component interconnect: hardware) card is often added for protection, therefore, or another approach altogether is adopted SET SET (Secure Electronic Transaction). Developed by Visa and Mastercard, SET uses PKI for privacy, and digital certificates to authenticate the three parties: merchant, customer and bank. More importantly, sensitive information is not seen by the merchant, and is not kept on the merchant's server Firewalls Firewalls (software or hardware) protect a server, a network and an individual PC from attack by viruses and hackers. Equally important is protection from malice or carelessness within the system Kerberos many companies use the Kerberos protocol, which uses symmetric secret key cryptography to restrict access to authorized employees. 36
Developing an E-commerce Security Plan HCC Handouts 37
 https encrypts everything you do so that no one can read what you type but the recipient. The problem with encrypting data is that you cant just encrypt it and say only yahoo can read it. Both you and yahoo have to have a secret key so that yahoo can decrypt what you sent and encrypt private stuff for you to read. This is accomplised by an encryption scheme known as public key. Yahoo puts out a public key so that every one can encrypt stuff that only yahoo can read its like a one way key: you can package stuff up and send it to yahoo so that they can read it with theire private key but some one with a public key cant see what you encrypted. So you package up a key for yahoo to use to talk to you and you are all set. WHY ALL internet communication isn't done like this is because of what is known as the man in the middle attack, and its solution. It's quite simply to pretend to be yahoo.com if you know what you doing. so I pretend to be yahoo and all traffic you think is going to yahoo comes to me. you ask me for my public key I respond back with an fake public private key pair that I made then I ask yahoo for there public key and every thing you to I do I just watch for anything interesting like Credit cards etc, an you are non the wiser. We solved this problem by using what is called a certificate authority. A CA is some one who you pay to vouch for you; Verisign and GoDaddy are the biggest. So everytime you make a https connection to amazon you go to a CA and they comeback with amazons public key. And every thing is hunky doory. With the exception that this slowed you down considerable yahoo.com has to pay a CA bill every month, and joesmoh.com has to go through a lot of rigormarol to set all this up. And finally I will answer your question: So the reason is it would make every thing slow more expensive and more complicated to use exclusively https. Plus tying to get information from internet traffic once it is out of your local network is like trying to car jack someone on free way going 500 miles an hour. enough security for you typical fried chicken recipe. HCC Handouts 38

Recommended

Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMostafa Elgamala
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 

Recommended

Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMostafa Elgamala
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 
Cryptography on cloud
Cryptography on cloudCryptography on cloud
Cryptography on cloudkrprashant94
 
Cloud computing and Cloudsim
Cloud computing and CloudsimCloud computing and Cloudsim
Cloud computing and CloudsimManash Kumar Mondal
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Cloud computing
Cloud computingCloud computing
Cloud computingShiva Prasad
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacytmather
 
Cloud computing protocol
Cloud computing protocolCloud computing protocol
Cloud computing protocolKartik Kalpande Patil
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityForam Gosai
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securitypinkutinku26
 
On demand provisioning
On demand provisioningOn demand provisioning
On demand provisioningGOVERNMENT COLLEGE OF ENGINEERING,TIRUNELVELI
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cyber threats
Cyber threatsCyber threats
Cyber threatskelsports
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 
The Most Challenging economy in Decades
The Most Challenging economy in Decades The Most Challenging economy in Decades
The Most Challenging economy in Decades Qamar Farooq
 

More Related Content

What's hot

Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 
Cryptography on cloud
Cryptography on cloudCryptography on cloud
Cryptography on cloudkrprashant94
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacytmather
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securitypinkutinku26
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cyber threats
Cyber threatsCyber threats
Cyber threatskelsports
 

What's hot (20)

Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
 
Cryptography on cloud
Cryptography on cloudCryptography on cloud
Cryptography on cloud
 
Cloud computing and Cloudsim
Cloud computing and CloudsimCloud computing and Cloudsim
Cloud computing and Cloudsim
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Cia security model
Cia security modelCia security model
Cia security model
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacy
 
Cloud computing protocol
Cloud computing protocolCloud computing protocol
Cloud computing protocol
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computing
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor Authentication
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
On demand provisioning
On demand provisioningOn demand provisioning
On demand provisioning
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
 
Information security
Information securityInformation security
Information security
 

Viewers also liked

04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 
The Most Challenging economy in Decades
The Most Challenging economy in Decades The Most Challenging economy in Decades
The Most Challenging economy in Decades Qamar Farooq
 
Definitions of Econometric
Definitions of Econometric Definitions of Econometric
Definitions of Econometric Qamar Farooq
 
Conveying Verbal messages
Conveying Verbal messages Conveying Verbal messages
Conveying Verbal messages Qamar Farooq
 
International Business and Marketing
International Business and MarketingInternational Business and Marketing
International Business and MarketingQamar Farooq
 
The Most Challenging Economy in Decades
The Most Challenging Economy in DecadesThe Most Challenging Economy in Decades
The Most Challenging Economy in DecadesQamar Farooq
 
Entreprenuerial leadership final
Entreprenuerial leadership finalEntreprenuerial leadership final
Entreprenuerial leadership finalQamar Farooq
 
Monopolistic Competition
Monopolistic Competition Monopolistic Competition
Monopolistic Competition Qamar Farooq
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message SecurityNrapesh Shah
 
International Business and Marketing
International Business and Marketing International Business and Marketing
International Business and Marketing Qamar Farooq
 
change & stress management (Chapter No.19
change & stress management (Chapter No.19change & stress management (Chapter No.19
change & stress management (Chapter No.19Qamar Farooq
 
Client server security threats
Client server security threatsClient server security threats
Client server security threatsrahul kundu
 
Exports, counter trade
Exports, counter tradeExports, counter trade
Exports, counter tradeQamar Farooq
 
United bank ltd. by Qamar Farooq HCC lahore
United bank ltd. by Qamar Farooq HCC lahoreUnited bank ltd. by Qamar Farooq HCC lahore
United bank ltd. by Qamar Farooq HCC lahoreQamar Farooq
 

Viewers also liked (20)

04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slides
 
The Most Challenging economy in Decades
The Most Challenging economy in Decades The Most Challenging economy in Decades
The Most Challenging economy in Decades
 
Chapter 1 ob
Chapter 1 obChapter 1 ob
Chapter 1 ob
 
Sampling
SamplingSampling
Sampling
 
Chapter 1 ob
Chapter 1 obChapter 1 ob
Chapter 1 ob
 
Entrepreneurship
EntrepreneurshipEntrepreneurship
Entrepreneurship
 
Definitions of Econometric
Definitions of Econometric Definitions of Econometric
Definitions of Econometric
 
Conveying Verbal messages
Conveying Verbal messages Conveying Verbal messages
Conveying Verbal messages
 
International Business and Marketing
International Business and MarketingInternational Business and Marketing
International Business and Marketing
 
The Most Challenging Economy in Decades
The Most Challenging Economy in DecadesThe Most Challenging Economy in Decades
The Most Challenging Economy in Decades
 
Entreprenuerial leadership final
Entreprenuerial leadership finalEntreprenuerial leadership final
Entreprenuerial leadership final
 
Monopolistic Competition
Monopolistic Competition Monopolistic Competition
Monopolistic Competition
 
Chapter 2. ob
Chapter 2. obChapter 2. ob
Chapter 2. ob
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message Security
 
International Business and Marketing
International Business and Marketing International Business and Marketing
International Business and Marketing
 
change & stress management (Chapter No.19
change & stress management (Chapter No.19change & stress management (Chapter No.19
change & stress management (Chapter No.19
 
Client server security threats
Client server security threatsClient server security threats
Client server security threats
 
Exports, counter trade
Exports, counter tradeExports, counter trade
Exports, counter trade
 
United bank ltd. by Qamar Farooq HCC lahore
United bank ltd. by Qamar Farooq HCC lahoreUnited bank ltd. by Qamar Farooq HCC lahore
United bank ltd. by Qamar Farooq HCC lahore
 

Similar to Online security & encryption

Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Amit Fogla
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfjainutkarsh078
 
Ch12(revised 20071226)
Ch12(revised 20071226)Ch12(revised 20071226)
Ch12(revised 20071226)華穗 徐
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvanitrraincity
 
Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-securityMarya Sholevar
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityShitiz Upreti
 
Online voting job presentation
Online voting job presentationOnline voting job presentation
Online voting job presentationbondito
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptxRushikeshChikane2
 
ECDL Module 7: Web Browsing and Communication
ECDL Module 7: Web Browsing and Communication ECDL Module 7: Web Browsing and Communication
ECDL Module 7: Web Browsing and Communication Hassan Ayad
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)rosu555
 

Similar to Online security & encryption (20)

Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Mis jaiswal-chapter-11
Mis jaiswal-chapter-11
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & Encryption
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 
Chapter 4.ppt
Chapter 4.pptChapter 4.ppt
Chapter 4.ppt
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
 
Ch12(revised 20071226)
Ch12(revised 20071226)Ch12(revised 20071226)
Ch12(revised 20071226)
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
 
Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-security
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Online voting job presentation
Online voting job presentationOnline voting job presentation
Online voting job presentation
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
ECDL Module 7: Web Browsing and Communication
ECDL Module 7: Web Browsing and Communication ECDL Module 7: Web Browsing and Communication
ECDL Module 7: Web Browsing and Communication
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
Cryptography
CryptographyCryptography
Cryptography
 
E comm jatin
E comm jatinE comm jatin
E comm jatin
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)
 

More from Qamar Farooq

Lahore Electric Supply Company (LESCO).pdf
Lahore Electric Supply Company (LESCO).pdfLahore Electric Supply Company (LESCO).pdf
Lahore Electric Supply Company (LESCO).pdfQamar Farooq
 
Forms of Business Ownership and Organization
Forms of Business Ownership and Organization Forms of Business Ownership and Organization
Forms of Business Ownership and Organization Qamar Farooq
 
Contemporary business 13th edition
Contemporary business 13th edition Contemporary business 13th edition
Contemporary business 13th edition Qamar Farooq
 
Introduction to Supply Chain Management
Introduction to Supply Chain Management Introduction to Supply Chain Management
Introduction to Supply Chain Management Qamar Farooq
 
Today's Environment for Business Ethics and Related Social Issues
Today's Environment for Business Ethics and Related Social Issues Today's Environment for Business Ethics and Related Social Issues
Today's Environment for Business Ethics and Related Social Issues Qamar Farooq
 
Major problem of pakistan
Major problem of pakistanMajor problem of pakistan
Major problem of pakistanQamar Farooq
 
Small Medium Enterprise In Pakistan
Small Medium Enterprise In PakistanSmall Medium Enterprise In Pakistan
Small Medium Enterprise In PakistanQamar Farooq
 
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)Today's Environment for Business Ethics and Related Social Issues (Chapter 2)
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)Qamar Farooq
 
Supply Network Design Lecture 5
Supply Network Design Lecture 5Supply Network Design Lecture 5
Supply Network Design Lecture 5Qamar Farooq
 
Peachtree user guide 2009
Peachtree user guide 2009Peachtree user guide 2009
Peachtree user guide 2009Qamar Farooq
 
Excel 2013 guide book
Excel 2013 guide bookExcel 2013 guide book
Excel 2013 guide bookQamar Farooq
 
The Revenue Cycle
The Revenue Cycle The Revenue Cycle
The Revenue Cycle Qamar Farooq
 
Introduction to Transaction Processing Chapter No. 2
Introduction to Transaction Processing Chapter No. 2Introduction to Transaction Processing Chapter No. 2
Introduction to Transaction Processing Chapter No. 2Qamar Farooq
 
Globalization ( Chapter no. 1)
Globalization ( Chapter no. 1)Globalization ( Chapter no. 1)
Globalization ( Chapter no. 1)Qamar Farooq
 
Production and operations_management
Production and operations_managementProduction and operations_management
Production and operations_managementQamar Farooq
 
operation Performance & Operation stategy
operation Performance & Operation stategyoperation Performance & Operation stategy
operation Performance & Operation stategyQamar Farooq
 
Introduction to Operation & production Management
Introduction to Operation & production ManagementIntroduction to Operation & production Management
Introduction to Operation & production ManagementQamar Farooq
 
Social institutions ( Sociology )
Social institutions ( Sociology )Social institutions ( Sociology )
Social institutions ( Sociology )Qamar Farooq
 

More from Qamar Farooq (20)

Lahore Electric Supply Company (LESCO).pdf
Lahore Electric Supply Company (LESCO).pdfLahore Electric Supply Company (LESCO).pdf
Lahore Electric Supply Company (LESCO).pdf
 
Forms of Business Ownership and Organization
Forms of Business Ownership and Organization Forms of Business Ownership and Organization
Forms of Business Ownership and Organization
 
Contemporary business 13th edition
Contemporary business 13th edition Contemporary business 13th edition
Contemporary business 13th edition
 
Introduction to Supply Chain Management
Introduction to Supply Chain Management Introduction to Supply Chain Management
Introduction to Supply Chain Management
 
Today's Environment for Business Ethics and Related Social Issues
Today's Environment for Business Ethics and Related Social Issues Today's Environment for Business Ethics and Related Social Issues
Today's Environment for Business Ethics and Related Social Issues
 
Major problem of pakistan
Major problem of pakistanMajor problem of pakistan
Major problem of pakistan
 
Small Medium Enterprise In Pakistan
Small Medium Enterprise In PakistanSmall Medium Enterprise In Pakistan
Small Medium Enterprise In Pakistan
 
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)Today's Environment for Business Ethics and Related Social Issues (Chapter 2)
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)
 
Supply Network Design Lecture 5
Supply Network Design Lecture 5Supply Network Design Lecture 5
Supply Network Design Lecture 5
 
Peachtree user guide 2009
Peachtree user guide 2009Peachtree user guide 2009
Peachtree user guide 2009
 
Excel 2013 guide book
Excel 2013 guide bookExcel 2013 guide book
Excel 2013 guide book
 
The Revenue Cycle
The Revenue Cycle The Revenue Cycle
The Revenue Cycle
 
Introduction to Transaction Processing Chapter No. 2
Introduction to Transaction Processing Chapter No. 2Introduction to Transaction Processing Chapter No. 2
Introduction to Transaction Processing Chapter No. 2
 
Globalization ( Chapter no. 1)
Globalization ( Chapter no. 1)Globalization ( Chapter no. 1)
Globalization ( Chapter no. 1)
 
Production and operations_management
Production and operations_managementProduction and operations_management
Production and operations_management
 
operation Performance & Operation stategy
operation Performance & Operation stategyoperation Performance & Operation stategy
operation Performance & Operation stategy
 
Introduction to Operation & production Management
Introduction to Operation & production ManagementIntroduction to Operation & production Management
Introduction to Operation & production Management
 
Security threats
Security threatsSecurity threats
Security threats
 
Social institutions ( Sociology )
Social institutions ( Sociology )Social institutions ( Sociology )
Social institutions ( Sociology )
 
Takaful
Takaful Takaful
Takaful
 

Recently uploaded

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 

Recently uploaded (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Online security & encryption

  • 1. Introduction to Security Security and Encryption HCC Handouts 1
  • 3. The Merchant Pays     HCC Handouts Many security procedures that credit card companies rely on are not applicable in online environment As a result, credit card companies have shifted most of the risks associated with e-commerce credit card transactions to merchant Percentage of Internet transactions charged back to online merchants much higher than for traditional retailers (3-10% compared to ½-1%) To protect selves, merchants can:  Refuse to process overseas purchases  Insist that credit card and shipping address match  Require users to input 3-digit security code printed on back of card  Use anti-fraud software 3
  • 6. Dimensions of E-commerce Security       HCC Handouts Integrity: ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online actions Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet Confidentiality: ability to ensure that messages and data are available only to those authorized to view them Privacy: ability to control use of information a customer provides about himself or herself to merchant Availability: ability to ensure that an e-commerce site continues to function as intended 6
  • 7. Customer and Merchant Perspectives on the Different Dimensions of E-commerce Security HCC Handouts 7
  • 8. The Tension Between Security and Other Values   HCC Handouts Security vs. ease of use: the more security measures that are added, the more difficult a site is to use, and the slower it becomes Security vs. desire of individuals to act anonymously 8
  • 9. Security Threats in the E-commerce Environment   HCC Handouts Three key points of vulnerability:  Client  Server  Communications channel Most common threats:  Malicious code  Hacking and cybervandalism  Credit card fraud/theft  Spoofing  Denial of service attacks  Sniffing  Insider jobs 9
  • 10. A Typical E-commerce Transaction HCC Handouts 10
  • 11. Vulnerable Points in an E-commerce Environment HCC Handouts 11
  • 12. Malicious Code     Viruses: computer program that as ability to replicate and spread to other files; most also deliver a “payload” of some sort (may be destructive or benign); include macro viruses, file-infecting viruses and script viruses Worms: designed to spread from computer to computer Trojan horse: appears to be benign, but then does something other than expected Bad applets (malicious mobile code): malicious Java applets or ActiveX controls that may be downloaded onto client and activated merely by surfing to a Web site HCC Handouts 12
  • 13. Hacking and Cybervandalism     Hacker: Individual who intends to gain unauthorized access to a computer systems Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably) Cybervandalism: Intentionally disrupting, defacing or destroying a Web site Types of hackers include:  White hats – Members of “tiger teams” used by corporate security departments to test their own security measures  Black hats – Act with the intention of causing harm  Grey hats – Believe they are pursuing some greater good by breaking in and revealing system flaws HCC Handouts 13
  • 14. Credit Card Fraud    HCC Handouts Fear that credit card information will be stolen deters online purchases Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity One solution: New identity verification mechanisms 14
  • 15. Spoofing, DoS and dDoS Attacks, Sniffing, Insider Jobs      HCC Handouts Spoofing: Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points Sniffing: type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network Insider jobs:single largest financial threat 15
  • 16. Technology Solutions     HCC Handouts Protecting Internet communications (encryption) Securing channels of communication (SSL, SHTTP, VPNs) Protecting networks (firewalls) Protecting servers and clients 16
  • 17. Tools Available to Achieve Site Security HCC Handouts 17
  • 18. Protecting Internet Communications: Encryption     HCC Handouts Encryption: The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver Purpose:  Secure stored information  Secure information transmission Provides:  Message integrity  Nonrepudiation  Authentication  Confidentiality Types  Symmetric key encryption  Public key encryption 18
  • 19. Symmetric Key Encryption     HCC Handouts Also known as secret key encryption Both the sender and receiver use the same digital key to encrypt and decrypt message Requires a different set of keys for each transaction Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits 19
  • 20. Public Key Encryption      HCC Handouts Public key cryptography solves symmetric key encryption problem of having to exchange secret key Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) Both keys are used to encrypt and decrypt message Once key is used to encrypt message, same key cannot be used to decrypt message For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it 20
  • 21. Public Key Cryptography – A Simple Case HCC Handouts 21
  • 22. Public Key Encryption using Digital Signatures and Hash Digests   HCC Handouts Application of hash function (mathematical algorithm) by sender prior to encryption produces hash digest that recipient can use to verify integrity of data Double encryption with sender’s private key (digital signature) helps ensure authenticity and nonrepudiation 22
  • 23. Public Key Cryptography with Digital Signatures HCC Handouts 23
  • 24. Digital Envelopes   HCC Handouts Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing time) and symmetric key encryption (faster, but more secure) Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key 24
  • 25. Public Key Cryptography: Creating a Digital Envelope HCC Handouts 25
  • 26. Digital Certificates and Public Key Infrastructure (PKI)   HCC Handouts Digital certificate: Digital document that includes:  Name of subject or company  Subject’s public key  Digital certificate serial number  Expiration date  Issuance date  Digital signature of certification authority (trusted third party (institution) that issues certificate  Other identifying information Public Key Infrastructure (PKI): refers to the CAs and digital certificate procedures that are accepted by all parties 26
  • 27. Digital Certificates and Certification Authorities HCC Handouts 27
  • 28. Limits to Encryption Solutions      PKI applies mainly to protecting messages in transit PKI is not effective against insiders Protection of private keys by individuals may be haphazard No guarantee that verifying computer of merchant is secure CAs are unregulated, self-selecting organizations HCC Handouts 28
  • 29. Insight on Technology: Advances in Quantum Cryptography May Lead to the Unbreakable Key     HCC Handouts Existing encryption systems are subject to failure as computers become more powerful Scientists at Northwestern University have developed a high-speed quantum cryptography method Uses lasers and optical technology and a form of secret (symmetric) key encryption Message is encoded using granularity of light (quantum noise); pattern is revealed only through use of secret key 29
  • 30. Secure Negotiated Sessions Using SSL HCC Handouts 30
  • 31. Securing Channels of Communication    HCC Handouts Secure Sockets Layer (SSL): Most common form of securing channels of communication; used to establish a secure negotiated session (client-server session in which URL of requested document, along with contents, is encrypted) S-HTTP: Alternative method; provides a secure messageoriented communications protocol designed for use in conjunction with HTTP Virtual Private Networks (VPNs): Allow remote users to securely access internal networks via the Internet, using Point-to-Point Tunneling Protocol (PPTP) 31
  • 32. Protecting Networks: Firewalls and Proxy Servers    HCC Handouts Firewall: Software application that acts as a filter between a company’s private network and the Internet Firewall methods include:  Packet filters  Application gateways Proxy servers: Software servers that handle all communications originating from for being sent to the Internet (act as “spokesperson” or “bodyguard” for the organization) 32
  • 33. Firewalls and Proxy Servers HCC Handouts 33
  • 34. Protecting Servers and Clients   HCC Handouts Operating system controls: Authentication and access control mechanisms Anti-virus software: Easiest and least expensive way to prevent threats to system integrity 34
  • 35. Transactions 1. 2. 3. HCC Handouts Sensitive information has to be protected through at least three transactions: credit card details supplied by the customer, either to the merchant or payment gateway. Handled by the server's SSL and the merchant/server's digital certificates. credit card details passed to the bank for processing. Handled by the complex security measures of the payment gateway. order and customer details supplied to the merchant, either directly or from the payment gateway/credit card processing company. Handled by SSL, server security, digital certificates (and payment gateway sometimes). 35
  • 36. PCI, SET, Firewalls and Kerberos     HCC Handouts Credit card details can be safely sent with SSL, but once stored on the server they are vulnerable to outsiders hacking into the server and accompanying network. A PCI (peripheral component interconnect: hardware) card is often added for protection, therefore, or another approach altogether is adopted SET SET (Secure Electronic Transaction). Developed by Visa and Mastercard, SET uses PKI for privacy, and digital certificates to authenticate the three parties: merchant, customer and bank. More importantly, sensitive information is not seen by the merchant, and is not kept on the merchant's server Firewalls Firewalls (software or hardware) protect a server, a network and an individual PC from attack by viruses and hackers. Equally important is protection from malice or carelessness within the system Kerberos many companies use the Kerberos protocol, which uses symmetric secret key cryptography to restrict access to authorized employees. 36
  • 37. Developing an E-commerce Security Plan HCC Handouts 37
  • 38.  https encrypts everything you do so that no one can read what you type but the recipient. The problem with encrypting data is that you cant just encrypt it and say only yahoo can read it. Both you and yahoo have to have a secret key so that yahoo can decrypt what you sent and encrypt private stuff for you to read. This is accomplised by an encryption scheme known as public key. Yahoo puts out a public key so that every one can encrypt stuff that only yahoo can read its like a one way key: you can package stuff up and send it to yahoo so that they can read it with theire private key but some one with a public key cant see what you encrypted. So you package up a key for yahoo to use to talk to you and you are all set. WHY ALL internet communication isn't done like this is because of what is known as the man in the middle attack, and its solution. It's quite simply to pretend to be yahoo.com if you know what you doing. so I pretend to be yahoo and all traffic you think is going to yahoo comes to me. you ask me for my public key I respond back with an fake public private key pair that I made then I ask yahoo for there public key and every thing you to I do I just watch for anything interesting like Credit cards etc, an you are non the wiser. We solved this problem by using what is called a certificate authority. A CA is some one who you pay to vouch for you; Verisign and GoDaddy are the biggest. So everytime you make a https connection to amazon you go to a CA and they comeback with amazons public key. And every thing is hunky doory. With the exception that this slowed you down considerable yahoo.com has to pay a CA bill every month, and joesmoh.com has to go through a lot of rigormarol to set all this up. And finally I will answer your question: So the reason is it would make every thing slow more expensive and more complicated to use exclusively https. Plus tying to get information from internet traffic once it is out of your local network is like trying to car jack someone on free way going 500 miles an hour. enough security for you typical fried chicken recipe. HCC Handouts 38