2. INTRODUCTION:
E-commerce security is the protection of e-commerce assets from
unauthorized access, use of it.
The importance of securing e-commerce
– Secrecy: protection against unauthorized data disclosure and
authentication of data source.
– Integrity: prevention against unauthorized data modification.
– Necessity: prevention against data delays or removal.
– Non-repudiation: prevention against any one party from
reneging on an agreement after the fact protect corporation's
image and reputation.
3. Unauthorized access
Loss of message confidentiality or integrity
User Identification
Access Control
Players:
◦ User community
◦ Network Administration
◦ Introducers
5. Data being stolen
Electronic mail can be intercepted and read
Customer’s credit card numbers may be read
Login/password and other access information
stolen
Operating system shutdown
Filesystem corruption
User login information can be captured
6. E-mail is the most widely used application in
the Internet.
Who wants to read your mail ?
Business competitors
Reporters,Criminals
Friends and Family
Two approaches are used:
PGP: Pretty Good Privacy
PEM: Privacy-Enhanced Mail
8. How to communicate securely:
SSL – “the web security protocols”
IPSEC – “the IP layer security protocol”
SMIME – “the email security protocol”
SET – “credit card transaction security protocol”
9. Secured HTTP (S-HTTP)
Security on application layer
Protection mechanism:
Digital Signature
Message authentication
Message encryption
Support private & public key cryptograph
Enhanced HTTP data exchange
11. - Increased Data Access
- Much more valuable Data
- Scalability with Large User Communities
- Manageability
- Assurance
12.
13. •Active Content
•Malicious Code
Client threats
• Confidentiality Threats
• Integrity Threats
• Availability Threats
Communication
channels
Threats
•Web-Server ,Commerce Server
Threats
•Password Hacking,Data base
Threats
Server Threats
14. Applications that run on computers
Rely on servers for
Files
Devices
Processing power
Example: E-mail client
An application that enables you to send
and receive e-mail
Clients
Clients are Applications
15. Servers
Computers or processes that manage
network resources
Disk drives (file servers)
Printers (print servers)
Network traffic (network servers)
Example: Database Server
A computer system that processes database
queries
Servers Manage
Resources
17. ELEMENTS OF A COMPREHENSIVE
SECURITY PROGRAM
Have Good Passwords
Use Good Antiviral Products
Use Good Cryptography
Have Good Firewalls
Have a Backup System
Audit and Monitor Systems and Networks
Have Training and Awareness Programs
Test Your Security Frequently
21. Credit card fraud/theft
◦ Fear of stolen credit card information deters online
purchases
◦ Hackers target merchant servers; use data to establish
credit under false identity
◦ Online companies at higher risk than offline
Spoofing: misrepresenting self by using fake e-
mail address
Pharming: spoofing a Web site
◦ Redirecting a Web link to a new, fake Web site
22. ۩ Electronic data security is important at a time
when people are considering banking and
other financial transaction by PCs.
۩ One major threat to data security is
unauthorized network monitoring also called
packet sniffing.
23. Messaging Security is a program that
provides protection for companies messaging
infrastructure.
It protects all the personal message of the
company which are related to company’s
vision and mission.
27. Encryption is the mutation of information
in any form (text, video, and graphics) into
a representation unreadable by anyone
without a decryption key.
28.
29. No can figure out the private key from the
corresponding public key. Hence, the key
management problems is mostly confined to
the management of private keys
The need for sender and receiver to share
secret information over public channels is
completely eliminated.