SlideShare a Scribd company logo

E-Commerce security

Tawhid Rahman
Tawhid Rahman

Explain the six requirements of E-Commerce security and give a specific example.

Technology
1 of 5
Download to read offline
E-Commerce Explain the six requirements of E-Commerce security and give a specific example. Submitted By Mohammad Tawhidur Rahman Bangladesh Date of Submission: 22 September, 2015
Mohammad Tawhidur Rahman P-2 Question # 2 : Explain the six requirements of E-Commerce security and give a specific example. Answer # 2 : E-commerce is widely considered the buying and selling of products over the internet, but any transaction that is completed solely through electronic measures can be considered e- commerce. Day by day E-commerce playing very good role in online retail marketing and peoples are using this technology all over the world. E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. E-commerce Security is a part of the Information Security framework and is specifically applied to the components that affect e-commerce that include Computer Security, Data security and other wider realms of the Information Security framework. E-commerce security has its own particular nuances and is one of the highest visible security components that affect the end user through their daily payment interaction with business. Today, privacy and security are a major concern for electronic technologies. Privacy concerns have been found, revealing a lack of trust in a variety of contexts, including commerce, electronic health records, e-recruitment technology and social networking, and this has directly influenced users. Security is one of the principal and continuing concerns that restrict customers and organizations engaging with e-commerce. Basic Requirements of E-commerce Security- 1. Secrecy : ability to ensure that messages and data are available only to those authorized to view them. Also ensure that the trading party has the authority of transaction. It prevents the risks of transactions and economic damage 2. Authenticity : ability to identify the identity of a person or entity with whom you are dealing on the Internet assures that the “sender” of the message is actually the person he/she claims. The term “authentication” determines the user of the computer is actually who he/she claims. The term “authentication of the receiver” allows the sender to be sure that the party he/she intend to get the message is the one who is receives it. 3. Integrity : ability to ensure that information being displayed on a web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party. It assures that the communication between trading parties are not alerted by an enemy. 4. Availability : ability to ensure that an e-commerce site continues to function as intended. Enables exchanging parties to maintain and revisit the history/sequence of events during a period of transaction. In e-commerce, these could be computer time stamps, or records of different computer of different stage of transactions. 5. Un-refuse able : ability to ensure that e-commerce participants do not deny (refuse) online actions. Secure e-payment ensures that “commitment” to pay for goods/services over media are met.
Mohammad Tawhidur Rahman P-3 6. Privacy : ability to control use of information a customer provides about himself or herself to merchant. It assures that the communication between trading parties are not revealed to other, therefore unauthorized party can not read or understand the message. E-commerce Threats - Threats are anyone with the capability, technology, opportunity, and intent to do harm. Potential threats can be foreign or domestic, internal or external, state-sponsored or a single rogue element. E-commerce security tools-  Firewalls – Software and Hardware  Public Key infrastructure  Encryption software  Digital certificates  Digital Signatures  Biometrics – retinal scan, fingerprints, voice etc  Passwords  Locks and bars – network operations centers Each phase of E-commerce transaction has a security measure- Transaction phases Information phase Negotiation phase Payment phase Delivery phase Security Measures Confidentiality Secure Encryption Secure Access control Contract Decryption Delivery Integrity Identification Integrity Checks Digital signature Checks E-commerce threats and countermeasures in different avenues- Avenue Threats Countermeasure Intellectual property - Use existing materials found on the Internet without the owner's permission. e.g., music downloading, domain name (cybersquatting), software pirating  Legislature  Authentication Client computer  Trojan horse  Active contents  Viruses  Privacy: Cookie blockers; Anonymizer  Digital certificate  Browser protection  Antivirus software  Computer forensics expert Communication channel  Sniffer program  Backdoor  Spoofing  Denial-of-service  Encryption: - Public-key encryption (asymmetric) vs Private-key encryption (symmetric) - Encryption standard: Data Encryption Standard (DES), Advanced Encryption Standard (AES)
Mohammad Tawhidur Rahman P-4  Protocol: - Secure Sockets Layer (SSL) - Secure Hyper Text Transfer Protocol (S-HTTP)  Digital signature: Bind the message originator with the exact contents of the message - A hash function is used to transform messages into a 128-bit digest (message digest). - The sender’s private key is used to encrypt the message digest (digital signature) - The message + signature are sent to the receiver - The recipient uses the hash function to recalculate the message digest - The sender’s public key is used to decrypt the message digest - Check to see if the recalculated message digest = decrypted message digest Server  Privilege setting  Server Side Include (SSI), Common Gateway Interface (CGI)  File transfer  Spamming  Access control and authentication: - Digital signature from user - Username and password - Access control list  Firewalls: - Packet filter firewall: checks IP address of incoming packet and rejects anything that does not match the list of trusted addresses - Application level proxy server: examines the application used for each individual IP packet (e.g., HTTP, FTP) to verify its authenticity. - Stateful packet inspection: examines all parts of the IP packet to determine whether or not to accept or reject the requested communication. Example of Cryptography/ Encryption- Cryptography/ encryption is the process of converting ordinary information (called plaintext) into unintelligible text (called ciphertext). Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext.  Plaintext : means the message  Encryption :encoding(hiding the contents from outsiders) the message  Ciphertext :the encrypted message  Decryption :the process of retrieving the plaintext from the ciphertext  “Encryption” and “Decryption” makes use of a “key and a coding method”.
Mohammad Tawhidur Rahman P-5 Just as the development of computers and electronics helped in cryptanalysis, it made possible much more complex ciphers. Furthermore, computers allowed for the encryption of any kind of data represent able in any binary format, unlike classical ciphers which only encrypted written language texts; this was new and significant. Concept of Encryption and Decryption- The modern field of cryptography can be divided into several areas of study. Here I discussed about two major areas of cryptography. 1. Symmetric-key cryptography It refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way). This was the only kind of encryption publicly known until June 1976. 2. Asymmetric-key cryptography Asymmetric-key system is constructed that calculation of one key (the 'private key') is computationally infeasible from the other (the 'public key'), even though they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair. In asymmetric-key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret. In this system, the public key is used for encryption, while the private or secret key is used for decryption. The e-commerce industry is slowly addressing security issues on their internal networks. There are guidelines for securing systems and networks available for the e-commerce systems personnel to read and implement. Educating the consumer on security issues is still in the infancy stage but will prove to be the most critical element of the e-commerce security architecture. Privacy has become a major concern for consumers with the rise of identity theft and impersonation, and any concern for consumers must be treated as a major concern for e-commerce providers. -THANK YOU-

Recommended

E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce Security
Syed Maniruzzaman Pabel
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerce
akhand Akhandenator
 
Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerce
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
Gc university faisalabad
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and Challenges
Inderjeet Singh
 

Recommended

E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce Security
Syed Maniruzzaman Pabel
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerce
akhand Akhandenator
 
Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerce
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
Gc university faisalabad
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and Challenges
Inderjeet Singh
 
E commerce Security
E commerce Security E commerce Security
E commerce Security
Wisnu Dewobroto
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
Dattatreya Reddy Peram
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Web Security
Web SecurityWeb Security
Web Security
Bharath Manoharan
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...Rishav Gupta
 
Data encryption
Data encryptionData encryption
Data encryption
Deepam Goyal
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
Mayank Kashyap
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
Gopal Choudhary
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commerce
sadaf tst
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Cyber security
Cyber securityCyber security
Cyber security
Sajid Hasan
 
Encryption.ppt
Encryption.pptEncryption.ppt
Encryption.ppt
reshmy12
 
Encryption ppt
Encryption pptEncryption ppt
Encryption ppt
Anil Neupane
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
Nuth Otanasap
 
Web security
Web securityWeb security
Web security
Jatin Grover
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
rausdeen anfas
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 
2
22
2ttttttttttttt23
 

More Related Content

What's hot

E commerce Security
E commerce Security E commerce Security
E commerce Security
Wisnu Dewobroto
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
Dattatreya Reddy Peram
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Web Security
Web SecurityWeb Security
Web Security
Bharath Manoharan
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...Rishav Gupta
 
Data encryption
Data encryptionData encryption
Data encryption
Deepam Goyal
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
Mayank Kashyap
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
Gopal Choudhary
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commerce
sadaf tst
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Cyber security
Cyber securityCyber security
Cyber security
Sajid Hasan
 
Encryption.ppt
Encryption.pptEncryption.ppt
Encryption.ppt
reshmy12
 
Encryption ppt
Encryption pptEncryption ppt
Encryption ppt
Anil Neupane
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
Nuth Otanasap
 
Web security
Web securityWeb security
Web security
Jatin Grover
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
rausdeen anfas
 

What's hot (20)

E commerce Security
E commerce Security E commerce Security
E commerce Security
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
 
Phishing
PhishingPhishing
Phishing
 
Web Security
Web SecurityWeb Security
Web Security
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
 
Data encryption
Data encryptionData encryption
Data encryption
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commerce
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
Cyber security
Cyber securityCyber security
Cyber security
 
Encryption.ppt
Encryption.pptEncryption.ppt
Encryption.ppt
 
Encryption ppt
Encryption pptEncryption ppt
Encryption ppt
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
 
Web security
Web securityWeb security
Web security
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
 

Similar to E-Commerce security

Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 
Network Security
Network SecurityNetwork Security
Network Security
Beth Hall
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
Lisa Olive
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
Anne ndolo
 
Iaetsd network security and
Iaetsd network security andIaetsd network security and
Iaetsd network security and
Iaetsd Iaetsd
 
ebusiness digital,E business signature .
ebusiness digital,E business signature .ebusiness digital,E business signature .
ebusiness digital,E business signature .
SowmyaSomu8
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
SantosConleyha
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
AbbyWhyte974
 
E comm jatin
E comm jatinE comm jatin
E comm jatin
Jatin Mandhyan
 
Design and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemDesign and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA Cryptosystem
AM Publications,India
 
Top 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdfTop 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdf
AnanthReddy38
 
F16 cs61 cryptography
F16 cs61 cryptographyF16 cs61 cryptography
F16 cs61 cryptography
Muhammadalizardari
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
DEEPAK948083
 
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKINGIMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
International Journal of Technical Research & Application
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
Diane M. Metcalf
 
E-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithmE-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithm
gauravv7536
 
Aspects of Network Security
Aspects of Network SecurityAspects of Network Security
Aspects of Network Security
SHUBHA CHATURVEDI
 

Similar to E-Commerce security (20)

Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 
2
22
2
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
Iaetsd network security and
Iaetsd network security andIaetsd network security and
Iaetsd network security and
 
ebusiness digital,E business signature .
ebusiness digital,E business signature .ebusiness digital,E business signature .
ebusiness digital,E business signature .
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
 
E comm jatin
E comm jatinE comm jatin
E comm jatin
 
Design and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemDesign and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA Cryptosystem
 
Top 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdfTop 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdf
 
F16 cs61 cryptography
F16 cs61 cryptographyF16 cs61 cryptography
F16 cs61 cryptography
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKINGIMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
 
A01450131
A01450131A01450131
A01450131
 
security IDS
security IDSsecurity IDS
security IDS
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
E-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithmE-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithm
 
Aspects of Network Security
Aspects of Network SecurityAspects of Network Security
Aspects of Network Security
 

More from Tawhid Rahman

Sino-Bangla Relation
Sino-Bangla RelationSino-Bangla Relation
Sino-Bangla Relation
Tawhid Rahman
 
What is outsourcing?
What is outsourcing?What is outsourcing?
What is outsourcing?
Tawhid Rahman
 
Free trade policy
Free trade policyFree trade policy
Free trade policy
Tawhid Rahman
 
Status of Bangladesh’s foreign trade.
Status of Bangladesh’s foreign trade.Status of Bangladesh’s foreign trade.
Status of Bangladesh’s foreign trade.
Tawhid Rahman
 
Chinese undervalued exchange rate policy
Chinese undervalued exchange rate policyChinese undervalued exchange rate policy
Chinese undervalued exchange rate policy
Tawhid Rahman
 
Grobalization
GrobalizationGrobalization
Grobalization
Tawhid Rahman
 
Chinese vs. Bangladeshi education system
Chinese vs. Bangladeshi education systemChinese vs. Bangladeshi education system
Chinese vs. Bangladeshi education system
Tawhid Rahman
 
Evaluation of marketing role
Evaluation of marketing roleEvaluation of marketing role
Evaluation of marketing role
Tawhid Rahman
 
Micro-marketing segmentation
Micro-marketing segmentationMicro-marketing segmentation
Micro-marketing segmentation
Tawhid Rahman
 
General trend of cost curve.
General trend of cost curve.General trend of cost curve.
General trend of cost curve.
Tawhid Rahman
 
Economic Study of Television Advertising Market in Bangladesh
Economic Study of Television Advertising Market in BangladeshEconomic Study of Television Advertising Market in Bangladesh
Economic Study of Television Advertising Market in Bangladesh
Tawhid Rahman
 
Brand for Artist
Brand for ArtistBrand for Artist
Brand for Artist
Tawhid Rahman
 
Presentation on Foreign Direct Investment (FDI) in Bangladesh
Presentation on Foreign Direct Investment (FDI) in BangladeshPresentation on Foreign Direct Investment (FDI) in Bangladesh
Presentation on Foreign Direct Investment (FDI) in Bangladesh
Tawhid Rahman
 
LIFE is good in CHINA- A Memory book of JUFE IMIB & MIB 2015
LIFE is good in CHINA- A Memory book of JUFE IMIB & MIB 2015LIFE is good in CHINA- A Memory book of JUFE IMIB & MIB 2015
LIFE is good in CHINA- A Memory book of JUFE IMIB & MIB 2015
Tawhid Rahman
 
A Study on Brand Communication in Bangladesh Social Media.
A Study on Brand Communication in Bangladesh Social Media.A Study on Brand Communication in Bangladesh Social Media.
A Study on Brand Communication in Bangladesh Social Media.
Tawhid Rahman
 
Presentation on Bangladesh (Political, Legal and Economic system)
Presentation on Bangladesh (Political, Legal and Economic system)Presentation on Bangladesh (Political, Legal and Economic system)
Presentation on Bangladesh (Political, Legal and Economic system)
Tawhid Rahman
 
Negotiation Plan
Negotiation PlanNegotiation Plan
Negotiation Plan
Tawhid Rahman
 
Strategic Management & Competitiveness of Ford Motor Company
Strategic Management & Competitiveness of Ford Motor CompanyStrategic Management & Competitiveness of Ford Motor Company
Strategic Management & Competitiveness of Ford Motor Company
Tawhid Rahman
 
HUAWEI Success Story
HUAWEI Success StoryHUAWEI Success Story
HUAWEI Success Story
Tawhid Rahman
 
Study the Political, Legal and Economic system of Bangladesh.
Study the Political, Legal and Economic system of Bangladesh.Study the Political, Legal and Economic system of Bangladesh.
Study the Political, Legal and Economic system of Bangladesh.
Tawhid Rahman
 

More from Tawhid Rahman (20)

Sino-Bangla Relation
Sino-Bangla RelationSino-Bangla Relation
Sino-Bangla Relation
 
What is outsourcing?
What is outsourcing?What is outsourcing?
What is outsourcing?
 
Free trade policy
Free trade policyFree trade policy
Free trade policy
 
Status of Bangladesh’s foreign trade.
Status of Bangladesh’s foreign trade.Status of Bangladesh’s foreign trade.
Status of Bangladesh’s foreign trade.
 
Chinese undervalued exchange rate policy
Chinese undervalued exchange rate policyChinese undervalued exchange rate policy
Chinese undervalued exchange rate policy
 
Grobalization
GrobalizationGrobalization
Grobalization
 
Chinese vs. Bangladeshi education system
Chinese vs. Bangladeshi education systemChinese vs. Bangladeshi education system
Chinese vs. Bangladeshi education system
 
Evaluation of marketing role
Evaluation of marketing roleEvaluation of marketing role
Evaluation of marketing role
 
Micro-marketing segmentation
Micro-marketing segmentationMicro-marketing segmentation
Micro-marketing segmentation
 
General trend of cost curve.
General trend of cost curve.General trend of cost curve.
General trend of cost curve.
 
Economic Study of Television Advertising Market in Bangladesh
Economic Study of Television Advertising Market in BangladeshEconomic Study of Television Advertising Market in Bangladesh
Economic Study of Television Advertising Market in Bangladesh
 
Brand for Artist
Brand for ArtistBrand for Artist
Brand for Artist
 
Presentation on Foreign Direct Investment (FDI) in Bangladesh
Presentation on Foreign Direct Investment (FDI) in BangladeshPresentation on Foreign Direct Investment (FDI) in Bangladesh
Presentation on Foreign Direct Investment (FDI) in Bangladesh
 
LIFE is good in CHINA- A Memory book of JUFE IMIB & MIB 2015
LIFE is good in CHINA- A Memory book of JUFE IMIB & MIB 2015LIFE is good in CHINA- A Memory book of JUFE IMIB & MIB 2015
LIFE is good in CHINA- A Memory book of JUFE IMIB & MIB 2015
 
A Study on Brand Communication in Bangladesh Social Media.
A Study on Brand Communication in Bangladesh Social Media.A Study on Brand Communication in Bangladesh Social Media.
A Study on Brand Communication in Bangladesh Social Media.
 
Presentation on Bangladesh (Political, Legal and Economic system)
Presentation on Bangladesh (Political, Legal and Economic system)Presentation on Bangladesh (Political, Legal and Economic system)
Presentation on Bangladesh (Political, Legal and Economic system)
 
Negotiation Plan
Negotiation PlanNegotiation Plan
Negotiation Plan
 
Strategic Management & Competitiveness of Ford Motor Company
Strategic Management & Competitiveness of Ford Motor CompanyStrategic Management & Competitiveness of Ford Motor Company
Strategic Management & Competitiveness of Ford Motor Company
 
HUAWEI Success Story
HUAWEI Success StoryHUAWEI Success Story
HUAWEI Success Story
 
Study the Political, Legal and Economic system of Bangladesh.
Study the Political, Legal and Economic system of Bangladesh.Study the Political, Legal and Economic system of Bangladesh.
Study the Political, Legal and Economic system of Bangladesh.
 

Recently uploaded

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 

Recently uploaded (20)

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 

E-Commerce security

  • 1. E-Commerce Explain the six requirements of E-Commerce security and give a specific example. Submitted By Mohammad Tawhidur Rahman Bangladesh Date of Submission: 22 September, 2015
  • 2. Mohammad Tawhidur Rahman P-2 Question # 2 : Explain the six requirements of E-Commerce security and give a specific example. Answer # 2 : E-commerce is widely considered the buying and selling of products over the internet, but any transaction that is completed solely through electronic measures can be considered e- commerce. Day by day E-commerce playing very good role in online retail marketing and peoples are using this technology all over the world. E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. E-commerce Security is a part of the Information Security framework and is specifically applied to the components that affect e-commerce that include Computer Security, Data security and other wider realms of the Information Security framework. E-commerce security has its own particular nuances and is one of the highest visible security components that affect the end user through their daily payment interaction with business. Today, privacy and security are a major concern for electronic technologies. Privacy concerns have been found, revealing a lack of trust in a variety of contexts, including commerce, electronic health records, e-recruitment technology and social networking, and this has directly influenced users. Security is one of the principal and continuing concerns that restrict customers and organizations engaging with e-commerce. Basic Requirements of E-commerce Security- 1. Secrecy : ability to ensure that messages and data are available only to those authorized to view them. Also ensure that the trading party has the authority of transaction. It prevents the risks of transactions and economic damage 2. Authenticity : ability to identify the identity of a person or entity with whom you are dealing on the Internet assures that the “sender” of the message is actually the person he/she claims. The term “authentication” determines the user of the computer is actually who he/she claims. The term “authentication of the receiver” allows the sender to be sure that the party he/she intend to get the message is the one who is receives it. 3. Integrity : ability to ensure that information being displayed on a web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party. It assures that the communication between trading parties are not alerted by an enemy. 4. Availability : ability to ensure that an e-commerce site continues to function as intended. Enables exchanging parties to maintain and revisit the history/sequence of events during a period of transaction. In e-commerce, these could be computer time stamps, or records of different computer of different stage of transactions. 5. Un-refuse able : ability to ensure that e-commerce participants do not deny (refuse) online actions. Secure e-payment ensures that “commitment” to pay for goods/services over media are met.
  • 3. Mohammad Tawhidur Rahman P-3 6. Privacy : ability to control use of information a customer provides about himself or herself to merchant. It assures that the communication between trading parties are not revealed to other, therefore unauthorized party can not read or understand the message. E-commerce Threats - Threats are anyone with the capability, technology, opportunity, and intent to do harm. Potential threats can be foreign or domestic, internal or external, state-sponsored or a single rogue element. E-commerce security tools-  Firewalls – Software and Hardware  Public Key infrastructure  Encryption software  Digital certificates  Digital Signatures  Biometrics – retinal scan, fingerprints, voice etc  Passwords  Locks and bars – network operations centers Each phase of E-commerce transaction has a security measure- Transaction phases Information phase Negotiation phase Payment phase Delivery phase Security Measures Confidentiality Secure Encryption Secure Access control Contract Decryption Delivery Integrity Identification Integrity Checks Digital signature Checks E-commerce threats and countermeasures in different avenues- Avenue Threats Countermeasure Intellectual property - Use existing materials found on the Internet without the owner's permission. e.g., music downloading, domain name (cybersquatting), software pirating  Legislature  Authentication Client computer  Trojan horse  Active contents  Viruses  Privacy: Cookie blockers; Anonymizer  Digital certificate  Browser protection  Antivirus software  Computer forensics expert Communication channel  Sniffer program  Backdoor  Spoofing  Denial-of-service  Encryption: - Public-key encryption (asymmetric) vs Private-key encryption (symmetric) - Encryption standard: Data Encryption Standard (DES), Advanced Encryption Standard (AES)
  • 4. Mohammad Tawhidur Rahman P-4  Protocol: - Secure Sockets Layer (SSL) - Secure Hyper Text Transfer Protocol (S-HTTP)  Digital signature: Bind the message originator with the exact contents of the message - A hash function is used to transform messages into a 128-bit digest (message digest). - The sender’s private key is used to encrypt the message digest (digital signature) - The message + signature are sent to the receiver - The recipient uses the hash function to recalculate the message digest - The sender’s public key is used to decrypt the message digest - Check to see if the recalculated message digest = decrypted message digest Server  Privilege setting  Server Side Include (SSI), Common Gateway Interface (CGI)  File transfer  Spamming  Access control and authentication: - Digital signature from user - Username and password - Access control list  Firewalls: - Packet filter firewall: checks IP address of incoming packet and rejects anything that does not match the list of trusted addresses - Application level proxy server: examines the application used for each individual IP packet (e.g., HTTP, FTP) to verify its authenticity. - Stateful packet inspection: examines all parts of the IP packet to determine whether or not to accept or reject the requested communication. Example of Cryptography/ Encryption- Cryptography/ encryption is the process of converting ordinary information (called plaintext) into unintelligible text (called ciphertext). Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext.  Plaintext : means the message  Encryption :encoding(hiding the contents from outsiders) the message  Ciphertext :the encrypted message  Decryption :the process of retrieving the plaintext from the ciphertext  “Encryption” and “Decryption” makes use of a “key and a coding method”.
  • 5. Mohammad Tawhidur Rahman P-5 Just as the development of computers and electronics helped in cryptanalysis, it made possible much more complex ciphers. Furthermore, computers allowed for the encryption of any kind of data represent able in any binary format, unlike classical ciphers which only encrypted written language texts; this was new and significant. Concept of Encryption and Decryption- The modern field of cryptography can be divided into several areas of study. Here I discussed about two major areas of cryptography. 1. Symmetric-key cryptography It refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way). This was the only kind of encryption publicly known until June 1976. 2. Asymmetric-key cryptography Asymmetric-key system is constructed that calculation of one key (the 'private key') is computationally infeasible from the other (the 'public key'), even though they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair. In asymmetric-key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret. In this system, the public key is used for encryption, while the private or secret key is used for decryption. The e-commerce industry is slowly addressing security issues on their internal networks. There are guidelines for securing systems and networks available for the e-commerce systems personnel to read and implement. Educating the consumer on security issues is still in the infancy stage but will prove to be the most critical element of the e-commerce security architecture. Privacy has become a major concern for consumers with the rise of identity theft and impersonation, and any concern for consumers must be treated as a major concern for e-commerce providers. -THANK YOU-