SlideShare a Scribd company logo

E commerce security

Download as PPT, PDF
Shakti Singh
Shakti Singh

This document discusses the dimensions of e-commerce security including integrity, nonrepudiation, authenticity, confidentiality, privacy, and availability. It outlines security threats like malicious code, hacking, credit card fraud, spoofing, and denial of service attacks. The document then describes technologies used to achieve security, including encryption, digital signatures, firewalls, and secure socket layer protocols. The goal of these technologies is to secure internet communications and channels of communication to protect against security vulnerabilities.

EngineeringTechnologyEducation
1 of 32
Slide 5-1 E-commerce business. technology. society.
Slide 5-2 Security and Encryption
Slide 5-3 The E-commerce Security Environment
Slide 5-4 Dimensions of E-commerce Security  Integrity: ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party  Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online actions  Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet  Confidentiality: ability to ensure that messages and data are available only to those authorized to view them  Privacy: ability to control use of information a customer provides about himself or herself to merchant  Availability: ability to ensure that an e-commerce site continues to function as intended
Slide 5-5 Customer and Merchant Perspectives on the Different Dimensions of E-commerce Security
Slide 5-6 The Tension Between Security and Other Values  Security vs. ease of use: the more security measures that are added, the more difficult a site is to use, and the slower it becomes  Security vs. desire of individuals to act anonymously
Slide 5-7 Security Threats in the E-commerce Environment  Three key points of vulnerability:  Client  Server  Communications channel  Most common threats:  Malicious code  Hacking and cybervandalism  Credit card fraud/theft  Spoofing  Denial of service attacks  Sniffing  Insider jobs
Slide 5-8 A Logical Design for a Simple Web Site
Slide 5-9 A Physical Design for a Simple Web Site
Slide 5-10 A Typical E-commerce Transaction
Slide 5-11 Vulnerable Points in an E-commerce Environment
Slide 5-12 Malicious Code  Viruses: computer program that as ability to replicate and spread to other files; most also deliver a “payload” of some sort (may be destructive or benign); include macro viruses, file-infecting viruses and script viruses  Worms: designed to spread from computer to computer  Trojan horse: appears to be benign, but then does something other than expected  Bad applets (malicious mobile code): malicious Java applets or ActiveX controls that may be downloaded onto client and activated merely by surfing to a Web site
Slide 5-13 Examples of Malicious Code
Slide 5-14 Hacking and Cybervandalism  Hacker: Individual who intends to gain unauthorized access to a computer systems  Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably)  Cybervandalism: Intentionally disrupting, defacing or destroying a Web site  Types of hackers include:  White hats – Members of “tiger teams” used by corporate security departments to test their own security measures  Black hats – Act with the intention of causing harm  Grey hats – Believe they are pursuing some greater good by breaking in and revealing system flaws
Slide 5-15 Credit Card Fraud  Fear that credit card information will be stolen deters online purchases  Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity  One solution: New identity verification mechanisms
Slide 5-16 Spoofing, DoS and dDoS Attacks, Sniffing, Insider Jobs  Spoofing: Misrepresenting oneself by using fake e- mail addresses or masquerading as someone else  Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network  Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points  Sniffing: type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network  Insider jobs:single largest financial threat
Slide 5-17 Technology Solutions  Protecting Internet communications (encryption)  Securing channels of communication (SSL (secure sockets layer), S-HTTP, VPNs) URL changes from HTTP to HTTPS  SSL: Protocol that provides secure communications between client and server  Protecting networks (firewalls)  Protecting servers and clients
Slide 5-18 Tools Available to Achieve Site Security
Slide 5-19 Protecting Internet Communications: Encryption  Encryption: The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver  Purpose:  Secure stored information  Secure information transmission  Provides:  Message integrity:  Nonrepudiation  Authentication  Confidentiality
Slide 5-20 Encryption ensures:  Message integrity: provides assurance that message has been altered  Nonrepudiation: prevents the user from denying he or she sent the message  Authentication: provides verification of the identity of the person or machine sending the message  Confidentiality: gives assurance that the message was not read by others
Slide 5-21 Symmetric Key Encryption  Also known as secret key encryption  Both the sender and receiver use the same digital key to encrypt and decrypt message  Requires a different set of keys for each transaction  Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits
Slide 5-22 Public Key Encryption  Public key cryptography solves symmetric key encryption problem of having to exchange secret key  Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner)  Both keys are used to encrypt and decrypt message  Once key is used to encrypt message, same key cannot be used to decrypt message  For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it
Slide 5-23 Public Key Cryptography – A Simple Case
Slide 5-24 Public Key Encryption using Digital Signatures and Hash Digests  Application of hash function (mathematical algorithm) by sender prior to encryption produces hash digest that recipient can use to verify integrity of data  Double encryption with sender’s private key (digital signature) helps ensure authenticity and nonrepudiation
Slide 5-25 Public Key Cryptography with Digital Signatures
Slide 5-26 Digital Envelopes  Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing time) and symmetric key encryption (faster, but more secure)  Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key
Slide 5-27 Public Key Cryptography: Creating a Digital Envelope
Slide 5-28 Digital Certificates and Public Key Infrastructure (PKI)  Digital certificate: Digital document that includes:  Name of subject or company  Subject’s public key  Digital certificate serial number  Expiration date  Issuance date  Digital signature of certification authority (trusted third party (institution) that issues certificate  Other identifying information  Public Key Infrastructure (PKI): refers to the CAs and digital certificate procedures that are accepted by all parties
Slide 5-29 Secure Negotiated Sessions Using SSL
Slide 5-30 Protecting Networks: Firewalls and Proxy Servers  Firewall: Software application that acts as a filter between a company’s private network and the Internet  Firewall methods include:  Packet filters  Application gateways  Proxy servers: Software servers that handle all communications originating from for being sent to the Internet (act as “spokesperson” or “bodyguard” for the organization)
Slide 5-31 Firewalls and Proxy Servers
Slide 5-32 Protecting Servers and Clients  Operating system controls: Authentication and access control mechanisms  Anti-virus software: Easiest and least expensive way to prevent threats to system integrity

Recommended

E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce Security
Syed Maniruzzaman Pabel
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerce
akhand Akhandenator
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and Challenges
Inderjeet Singh
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
Dattatreya Reddy Peram
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-Commerce
Hem Pokhrel
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
Mayank Kashyap
 
Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerce
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 

Recommended

E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce Security
Syed Maniruzzaman Pabel
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerce
akhand Akhandenator
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and Challenges
Inderjeet Singh
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
Dattatreya Reddy Peram
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-Commerce
Hem Pokhrel
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
Mayank Kashyap
 
Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerce
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
overview of electronic payment system
overview of electronic payment system overview of electronic payment system
overview of electronic payment system
Kavitha Ravi
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
Nuth Otanasap
 
Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-security
Marya Sholevar
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
E commerce business models
E commerce business modelsE commerce business models
E commerce business modelsVikram g b
 
E-commerce Security and Payment
E-commerce Security and PaymentE-commerce Security and Payment
E-commerce Security and Payment
Laguna State Polytechnic University
 
A presentation on e commerece
A presentation on e commerece A presentation on e commerece
A presentation on e commerece
Swarnima Tiwari
 
E-commerce security.ppt
E-commerce security.pptE-commerce security.ppt
E-commerce security.ppt
Susan130641
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security
Tawhid Rahman
 
Electronic Payment Systems in E Commerce
Electronic Payment Systems in E CommerceElectronic Payment Systems in E Commerce
Electronic Payment Systems in E Commerce
Vinay Chaithanya
 
1 introduction to e commerce
1 introduction to e commerce1 introduction to e commerce
1 introduction to e commerce
sajid ullah
 
Introduction to E - Commerce
Introduction to E - CommerceIntroduction to E - Commerce
Introduction to E - Commerce
Anoushka Srivastava
 
E commerce business model
E commerce business modelE commerce business model
E commerce business model
Aliasgar Mandsaurwala
 
Unit 1 overview
Unit 1 overviewUnit 1 overview
Unit 1 overview
Neelam Rawat
 
Frame work of e commerce
Frame work of e commerceFrame work of e commerce
Frame work of e commerceTej Kiran
 
E -COMMERCE
E -COMMERCEE -COMMERCE
E -COMMERCE
Souvik Das
 
E commerce 5_units_notes
E commerce 5_units_notesE commerce 5_units_notes
E commerce 5_units_notes
Vivek Kumar Sinha
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commerce
nikitaTahilyani1
 
E-Commerce PPT
E-Commerce PPTE-Commerce PPT
E-Commerce PPT
OTHERS
 
Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...
Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...
Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...
mohammedSALEH189
 
E comm jatin
E comm jatinE comm jatin
E comm jatin
Jatin Mandhyan
 

More Related Content

What's hot

overview of electronic payment system
overview of electronic payment system overview of electronic payment system
overview of electronic payment system
Kavitha Ravi
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
Nuth Otanasap
 
Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-security
Marya Sholevar
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
E commerce business models
E commerce business modelsE commerce business models
E commerce business modelsVikram g b
 
E-commerce Security and Payment
E-commerce Security and PaymentE-commerce Security and Payment
E-commerce Security and Payment
Laguna State Polytechnic University
 
A presentation on e commerece
A presentation on e commerece A presentation on e commerece
A presentation on e commerece
Swarnima Tiwari
 
E-commerce security.ppt
E-commerce security.pptE-commerce security.ppt
E-commerce security.ppt
Susan130641
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security
Tawhid Rahman
 
Electronic Payment Systems in E Commerce
Electronic Payment Systems in E CommerceElectronic Payment Systems in E Commerce
Electronic Payment Systems in E Commerce
Vinay Chaithanya
 
1 introduction to e commerce
1 introduction to e commerce1 introduction to e commerce
1 introduction to e commerce
sajid ullah
 
Introduction to E - Commerce
Introduction to E - CommerceIntroduction to E - Commerce
Introduction to E - Commerce
Anoushka Srivastava
 
E commerce business model
E commerce business modelE commerce business model
E commerce business model
Aliasgar Mandsaurwala
 
Unit 1 overview
Unit 1 overviewUnit 1 overview
Unit 1 overview
Neelam Rawat
 
Frame work of e commerce
Frame work of e commerceFrame work of e commerce
Frame work of e commerceTej Kiran
 
E -COMMERCE
E -COMMERCEE -COMMERCE
E -COMMERCE
Souvik Das
 
E commerce 5_units_notes
E commerce 5_units_notesE commerce 5_units_notes
E commerce 5_units_notes
Vivek Kumar Sinha
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commerce
nikitaTahilyani1
 
E-Commerce PPT
E-Commerce PPTE-Commerce PPT
E-Commerce PPT
OTHERS
 

What's hot (20)

overview of electronic payment system
overview of electronic payment system overview of electronic payment system
overview of electronic payment system
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
 
Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-security
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
E commerce business models
E commerce business modelsE commerce business models
E commerce business models
 
E-commerce Security and Payment
E-commerce Security and PaymentE-commerce Security and Payment
E-commerce Security and Payment
 
A presentation on e commerece
A presentation on e commerece A presentation on e commerece
A presentation on e commerece
 
E-commerce security.ppt
E-commerce security.pptE-commerce security.ppt
E-commerce security.ppt
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security
 
Electronic Payment Systems in E Commerce
Electronic Payment Systems in E CommerceElectronic Payment Systems in E Commerce
Electronic Payment Systems in E Commerce
 
1 introduction to e commerce
1 introduction to e commerce1 introduction to e commerce
1 introduction to e commerce
 
Introduction to E - Commerce
Introduction to E - CommerceIntroduction to E - Commerce
Introduction to E - Commerce
 
E commerce business model
E commerce business modelE commerce business model
E commerce business model
 
Unit 1 overview
Unit 1 overviewUnit 1 overview
Unit 1 overview
 
Frame work of e commerce
Frame work of e commerceFrame work of e commerce
Frame work of e commerce
 
E -COMMERCE
E -COMMERCEE -COMMERCE
E -COMMERCE
 
E commerce 5_units_notes
E commerce 5_units_notesE commerce 5_units_notes
E commerce 5_units_notes
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commerce
 
E-Commerce PPT
E-Commerce PPTE-Commerce PPT
E-Commerce PPT
 

Similar to E commerce security

Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...
Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...
Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...
mohammedSALEH189
 
E comm jatin
E comm jatinE comm jatin
E comm jatin
Jatin Mandhyan
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 
IS - User Authentication
IS - User AuthenticationIS - User Authentication
IS - User Authentication
FumikageTokoyami4
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
Lisa Olive
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
RushikeshChikane2
 
laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.pptlaudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.ppt
MohammedAliShakil
 
Online security & encryption
Online security & encryptionOnline security & encryption
Online security & encryption
Qamar Farooq
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
PROIDEA
 
E commerce security
E commerce securityE commerce security
E commerce security
mmousavi
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
itrraincity
 
Security environment
Security environmentSecurity environment
Security environmentJay Choudhary
 
Network Security
Network SecurityNetwork Security
Network Security
Beth Hall
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
jainutkarsh078
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
Gc university faisalabad
 
E-Business security
E-Business security E-Business security
E-Business security
Surendhranatha Reddy
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
STS
 
Website Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website SafeWebsite Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website Safe
Pixlogix Infotech
 

Similar to E commerce security (20)

Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...
Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...
Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio ...
 
E comm jatin
E comm jatinE comm jatin
E comm jatin
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 
IS - User Authentication
IS - User AuthenticationIS - User Authentication
IS - User Authentication
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.pptlaudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.ppt
 
Online security & encryption
Online security & encryptionOnline security & encryption
Online security & encryption
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
 
Security
SecuritySecurity
Security
 
E commerce security
E commerce securityE commerce security
E commerce security
 
Unit 2aa
Unit 2aaUnit 2aa
Unit 2aa
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
Security environment
Security environmentSecurity environment
Security environment
 
Network Security
Network SecurityNetwork Security
Network Security
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
 
E-Business security
E-Business security E-Business security
E-Business security
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
Website Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website SafeWebsite Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website Safe
 

Recently uploaded

Democratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek AryaDemocratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek Arya
abh.arya
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 
Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
MuhammadTufail242431
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
Kamal Acharya
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
obonagu
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSETECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
DuvanRamosGarzon1
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
seandesed
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
Jayaprasanna4
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
Kamal Acharya
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
Intella Parts
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
FluxPrime1
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
Kamal Acharya
 

Recently uploaded (20)

Democratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek AryaDemocratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek Arya
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 
Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSETECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
 

E commerce security

  • 3. Slide 5-3 The E-commerce Security Environment
  • 4. Slide 5-4 Dimensions of E-commerce Security  Integrity: ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party  Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online actions  Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet  Confidentiality: ability to ensure that messages and data are available only to those authorized to view them  Privacy: ability to control use of information a customer provides about himself or herself to merchant  Availability: ability to ensure that an e-commerce site continues to function as intended
  • 5. Slide 5-5 Customer and Merchant Perspectives on the Different Dimensions of E-commerce Security
  • 6. Slide 5-6 The Tension Between Security and Other Values  Security vs. ease of use: the more security measures that are added, the more difficult a site is to use, and the slower it becomes  Security vs. desire of individuals to act anonymously
  • 7. Slide 5-7 Security Threats in the E-commerce Environment  Three key points of vulnerability:  Client  Server  Communications channel  Most common threats:  Malicious code  Hacking and cybervandalism  Credit card fraud/theft  Spoofing  Denial of service attacks  Sniffing  Insider jobs
  • 8. Slide 5-8 A Logical Design for a Simple Web Site
  • 9. Slide 5-9 A Physical Design for a Simple Web Site
  • 10. Slide 5-10 A Typical E-commerce Transaction
  • 11. Slide 5-11 Vulnerable Points in an E-commerce Environment
  • 12. Slide 5-12 Malicious Code  Viruses: computer program that as ability to replicate and spread to other files; most also deliver a “payload” of some sort (may be destructive or benign); include macro viruses, file-infecting viruses and script viruses  Worms: designed to spread from computer to computer  Trojan horse: appears to be benign, but then does something other than expected  Bad applets (malicious mobile code): malicious Java applets or ActiveX controls that may be downloaded onto client and activated merely by surfing to a Web site
  • 13. Slide 5-13 Examples of Malicious Code
  • 14. Slide 5-14 Hacking and Cybervandalism  Hacker: Individual who intends to gain unauthorized access to a computer systems  Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably)  Cybervandalism: Intentionally disrupting, defacing or destroying a Web site  Types of hackers include:  White hats – Members of “tiger teams” used by corporate security departments to test their own security measures  Black hats – Act with the intention of causing harm  Grey hats – Believe they are pursuing some greater good by breaking in and revealing system flaws
  • 15. Slide 5-15 Credit Card Fraud  Fear that credit card information will be stolen deters online purchases  Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity  One solution: New identity verification mechanisms
  • 16. Slide 5-16 Spoofing, DoS and dDoS Attacks, Sniffing, Insider Jobs  Spoofing: Misrepresenting oneself by using fake e- mail addresses or masquerading as someone else  Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network  Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points  Sniffing: type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network  Insider jobs:single largest financial threat
  • 17. Slide 5-17 Technology Solutions  Protecting Internet communications (encryption)  Securing channels of communication (SSL (secure sockets layer), S-HTTP, VPNs) URL changes from HTTP to HTTPS  SSL: Protocol that provides secure communications between client and server  Protecting networks (firewalls)  Protecting servers and clients
  • 18. Slide 5-18 Tools Available to Achieve Site Security
  • 19. Slide 5-19 Protecting Internet Communications: Encryption  Encryption: The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver  Purpose:  Secure stored information  Secure information transmission  Provides:  Message integrity:  Nonrepudiation  Authentication  Confidentiality
  • 20. Slide 5-20 Encryption ensures:  Message integrity: provides assurance that message has been altered  Nonrepudiation: prevents the user from denying he or she sent the message  Authentication: provides verification of the identity of the person or machine sending the message  Confidentiality: gives assurance that the message was not read by others
  • 21. Slide 5-21 Symmetric Key Encryption  Also known as secret key encryption  Both the sender and receiver use the same digital key to encrypt and decrypt message  Requires a different set of keys for each transaction  Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits
  • 22. Slide 5-22 Public Key Encryption  Public key cryptography solves symmetric key encryption problem of having to exchange secret key  Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner)  Both keys are used to encrypt and decrypt message  Once key is used to encrypt message, same key cannot be used to decrypt message  For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it
  • 23. Slide 5-23 Public Key Cryptography – A Simple Case
  • 24. Slide 5-24 Public Key Encryption using Digital Signatures and Hash Digests  Application of hash function (mathematical algorithm) by sender prior to encryption produces hash digest that recipient can use to verify integrity of data  Double encryption with sender’s private key (digital signature) helps ensure authenticity and nonrepudiation
  • 25. Slide 5-25 Public Key Cryptography with Digital Signatures
  • 26. Slide 5-26 Digital Envelopes  Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing time) and symmetric key encryption (faster, but more secure)  Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key
  • 27. Slide 5-27 Public Key Cryptography: Creating a Digital Envelope
  • 28. Slide 5-28 Digital Certificates and Public Key Infrastructure (PKI)  Digital certificate: Digital document that includes:  Name of subject or company  Subject’s public key  Digital certificate serial number  Expiration date  Issuance date  Digital signature of certification authority (trusted third party (institution) that issues certificate  Other identifying information  Public Key Infrastructure (PKI): refers to the CAs and digital certificate procedures that are accepted by all parties
  • 29. Slide 5-29 Secure Negotiated Sessions Using SSL
  • 30. Slide 5-30 Protecting Networks: Firewalls and Proxy Servers  Firewall: Software application that acts as a filter between a company’s private network and the Internet  Firewall methods include:  Packet filters  Application gateways  Proxy servers: Software servers that handle all communications originating from for being sent to the Internet (act as “spokesperson” or “bodyguard” for the organization)
  • 31. Slide 5-31 Firewalls and Proxy Servers
  • 32. Slide 5-32 Protecting Servers and Clients  Operating system controls: Authentication and access control mechanisms  Anti-virus software: Easiest and least expensive way to prevent threats to system integrity