This document discusses security risks and considerations for e-commerce. It outlines several key security aspects including privacy, integrity, authentication, non-repudiation, availability, and confidentiality. It then describes common security threats like viruses, Trojan horses, worms, denial of service attacks, sniffing, spoofing, intellectual property theft, and hacking. Finally, it discusses some measures to secure e-commerce like digital certificates, encryption, firewalls, and antivirus software. The goal is to protect against threats while ensuring the privacy, integrity, authentication, and availability of e-commerce systems and transactions.

1. RISKS &SECURITY
CONSIDERATIONS IN E-
COMMERCE
INTRODUCTION TO INTERNET & OTHER EMERGING
TECCHNOLOGYUNIT I

2. SECURITY ASPECTS IN E-
COMMERCE
PRIVACY
INTEGRITY
AUTHENTICATION
NON-REPUDIATION/ NON
DENIAL
AVAILABILITY
CONFIDENTIALITY

3. PRIVACY
 Information must be
kept from
unauthorized parties.

4. INTEGRITY
 Messages must not
be altered or
tampered during
transmission.

5. AUTHENTICATION
 Sender & recipient
must prove their
identities to each
other.

6. NON-REPUDIATION/ NON
DENIAL
 Proof is needed that the message was indeed received.

7. AVAILABILITY
 Ability to ensure that
an e-commerce site
continues to be
function as
intended.

8. CONFIDENTIALITY
 Ability to ensure that
the data/ message/
information is
available only to the
authorized users,

9. VIRUS THREATS INVOLVED IN E-
COMMERCE
VIRUS
• Self replicating program
• Main purpose: to propagate
itself to as many as different
places as possible
• Virus propagates itself by
modifying another program to
include itself
• They are created using
common programming tools
TROJAN HORSE
• It includes some
unexpected
function in the
program which are
designed for
special purpose
WORM
• Self-contained program
• Create itself a copy of
program & executes it
• Don’t require host
program
• Transferred through
network services

10. SECURITY ATTACK
 Denial of service
 Sniffing
 Spoofing
 Intellectual property
threats
 Loss by theft/fire
 Spamming
 Hacking

11. DENIAL OF SERVICE
 Denial-of-service (DoS) –
 attacker sends a large number of
connection or information
requests to a target
 so many requests are made that
the target system cannot handle
them successfully along with
other, legitimate requests for
service
 may result in a system crash, or
merely an inability to perform
ordinary functions
 Distributed Denial-of-service
(DDoS) –
 An attack in which a
coordinated stream of
requests is launched against
a target from many locations
at the same time

12. SNIFFING
 A program and/or
device that can monitor
data traveling over a
network.
 Sniffers can be used
both for legitimate
network management
functions and for
stealing information
from a network

13. SPOOFING
 Technique used to
gain unauthorized
access whereby the
intruder sends
messages to a
computer with an IP
address indicating
that the message is
coming from a trusted
host.

14. INTELLECTUAL PROPERTY
THREATS
 Intellectual property is “the ownership of ideas and
control over the tangible or virtual representation of
those ideas”
 Many organizations are in business to create intellectual
property
 trade secrets
 copyrights
 trademarks
 patents
 Most common IP breaches involve software piracy

15. LOSS BY THEFT/FIRE
 Illegal taking of another’s
property - physical, electronic, or
intellectual
 The value of information suffers
when it is copied and taken away
without the owner’s knowledge
 Physical theft can be controlled -
a wide variety of measures used
from locked doors to guards or
alarm systems
 Electronic theft is a more
complex problem to manage and
control - organizations may not
even know it has occurred

16. SPAMMING
 Unwelcome
commercial e-mail
 While many
consider spam a
nuisance rather
than an attack, it is
emerging as a
vector for some
attacks.

17. HACKING
 Many hacker attacks
originate within an
organization’s
employees.
 A disgruntled
employee may led
internal data out.

18. CRIMINAL ACTIVITIES IN OBTAINING
FINANCTIAL INFORMATION ILLEGALY
operational Obtaining goods & services without paying.
Loss or corruption of important data.
legal Impersonating messages.
Damaging of websites with offensive material
Copyright theft
Financial Fraud
Corruption of financial data to diver payments or sell
information to others
Spoofing- mimicking a legitimate website to get bank account
or credit details.

19. E-COMMERCE SECURITY
 Integrity
 Non-repudiation
 Authenticity
 Confidentiality
 Privacy
 Availability

20. MEASURES OF SECURE E-COMMERCE
THREATS
 Intellectual property protection
 Antivirus software
 Firewall
 Digital certificate & digital signature
 Data encryption standard
 Secure protocol (Ex. https)

21. LAYERS OF SECURITY & POSSIBLE
SOLUTIONS
TYPE OF SECURITY PROBLEM SOLUTION
Access security Who is able to use the
system
Authentication, Public Key
Infrastructure (PKI),
Firewalls
Communication security Securing messages such
as file transfer & e-mail
Encryption, Virtual private
network (VPN).
Content security Securing processes on an
application
Virus detection, content
filtering. Restricting Internet
access for employees,
checking outgoing
messages.
Security management Managing the entire
security policy against
Security assessment &
management & intrusion

22. THANK YOU!
-By Arti Gavas