Electronic Commerce Security and Computer Forensics - PowerPoint PPT Presentation

1 / 43
About This Presentation
Title:

Electronic Commerce Security and Computer Forensics

Description:

RAM Slack: That portion of a sector that is not overwritten in memory. ... have been used before, but not overwritten. Especially true today with very large ... – PowerPoint PPT presentation

Number of Views:76
Avg rating:3.0/5.0
Slides: 44
Provided by: RayVa1
Category:

less

Transcript and Presenter's Notes

Title: Electronic Commerce Security and Computer Forensics


1
Electronic Commerce Securityand Computer
Forensics
  • David Dampier
  • Department of Computer Science Engineering
  • Center for Computer Security Research
  • dampier_at_cse.msstate.edu
  • http//www.cse.msstate.edu/security

2
Paradox of the Internet
  • Pervasive
  • Inexpensive
  • Easy to use
  • No one in charge
  • Robust
  • Used extensively today
  • Intrinsically insecure
  • Expensive to secure
  • Hard to secure - an afterthought
  • No one responsible
  • Ill defined boundaries
  • Laws of use not clear

3
What is EC Security?
  • A special case of network security
  • A special case of client server security
  • An evolving area of computer science
  • Digital cash
  • Internet banking
  • Store fronts versus Store reality
  • International market place
  • Still an area of immense temptation for the
    criminal element

4
What are the threats?
  • First - the traditional threats apply
  • Confidentiality, Integrity, Availability,
    Accountability
  • Malicious code
  • Network vulnerabilities
  • Others ???
  • Second - Additional privacy concerns surface
    (ethics concerns)
  • cookies
  • buying habits and profiling
  • shared databases (???)
  • short term and long term storage of sensitive
    data
  • others ...

5
More threats ...
  • Authentication takes on a new role
  • Who is the buyer?
  • Who is the seller?
  • Is the seller real?
  • Where is the seller?
  • Non-repudiation is important
  • Accountability for seller and buyer actions
  • Availability
  • loss of access equals loss of revenue
  • recovery procedures are very important
  • The greatest threat to E-Commerce today (arguable
    perhaps)

6
A Simple View
Client
Server
  • E-Commerce protection must include data in
    transit
  • data in processing and, data in storage
  • over an open network
  • in a client server environment

7
Security Requirements include
  • Transaction integrity
  • Confidentiality of the transaction
  • Mutual authentication of all parties (customer,
    store, bank)
  • Non-repudiation
  • Timely service
  • Record keeping
  • Protection of the systems against intrusion

8
Client Side Security
  • Essentially web browser security
  • Two main risks have emerged
  • Vulnerabilities in the Web Browser software
  • Risk of Active Content
  • Active Content (mobile code)
  • Java and Java Applets
  • Active X controls
  • Push technology
  • MS Macros
  • Plugins

9
Secure Transport
  • Secure Channels
  • Secure Sockets Layer (SSL)
  • Secure HTTP (S-HTTP)
  • Smart Cards carrying a private key for encryption
  • E-Cash protocols

10
Web Server Side
  • Typically a front end web server, backend
    database, and interface software (e.g., CGI
    scripts).
  • Firewalls are most useful here - but varying
    degrees of strength and responsiveness
  • Operating system security an issue (for both the
    network OS and the server OS)

11
Solution Sets ...
  • Encryption plays a very big role
  • SSL, S-HTTP
  • Digital Signatures
  • Certificates (X.509 - PKI)
  • PGP
  • Firewalls
  • Trusted OS and products
  • Disaster recovery plans
  • Education and awareness
  • Law

12
Public Key Infrastructure
  • Enables the Use of Public Key Technology
  • Parts
  • Certificate Maintenance
  • Issuance, Reissuance, Revocation
  • Certificate Availability
  • Interoperations

13
AnswerPublic Key Infrastructure
  • Getting public-key materials

private
Where they are needed When they are needed
14
Doing Business With Keys
Xyl?wk
4417 5712 1238 51961
amazon.com
public
private
4417 5712 1238 51961
Sold
But where did the key come from?
15
Certificate ID? Or ATM Card?
  • Identity Card
  • Something you have
  • Something you are
  • ATM Card
  • Something you have
  • Something you know

A Certificate is Three Things
  • An ID Card
  • A Notarized Signature
  • A Scrambling Device

Mississippi
Jane Doe 105 Lee Street Anywhere, MS 39759
plaintext
X8ujl.
16
Doing Business With Certificates
Xyl?wk
4417 5712 1238 51961
public
amazon.com
private
4417 5712 1238 51961
Sold!
But where did the certificate come from?
17
Certifying Authorities
  • Public Key technology is powerful - but you cant
    keep everyones public key on your hard drive
  • hundreds of thousands of users globally
  • expiration and maintenance issues
  • More practical to rely on trusted third parties
    - Certifying authorities

18
Certifying Authorities
  • A commercial enterprise that vouches for the
    identities of individuals and organizations.
  • Browsers have public keys of well known CAs
    built in.
  • Certificates are (for most practical purposes)
    viewed as untamperable and unforgeable
  • VeriSign, ATT, BBN, CeriSign, and others (check
    your browser)

19
A Process for Secure EC
  • Assess your risks
  • Secure the Infrastructure
  • Secure your Internet Connections
  • Secure Electronic Commerce
  • Disaster Recovery

- David Cullinane - Electronic Commerce
Security, 1999
20
Assessing Risk -
  • Conduct a Threat and Vulnerability Analysis
  • What are the threats to your information assets
  • How vulnerable are each of those threats
  • What would be the business impact if each of the
    threats were to occur
  • What controls are available/needed to mitigate
    the threats
  • Identify and Prioritize (...and build a plan)
  • address the threats and vulnerabilities
  • insure plan is consistent with business
    objectives and cost
  • plan fits with organizational culture?

21
Secure the Infrastructure
  • Concerned with OS security, external
    connectivity, network security ...
  • Develop an Information Security Architecture
  • a structure for implementing security across an
    enterprise
  • defines the organization of the information
    security program
  • the foundation of a solid information security
    program

22
Secure Internet Connection
  • Based on Firewall protection primarily
  • Recall - firewalls vary in trust and capability
  • Defense in depth is suggested
  • Tradeoff between security and ease of access is a
    business and risk decision
  • There is no cookbook solution

23
Disaster Recovery
  • Continuity of operation plans
  • Written down, practiced, realistic and
    implementable
  • Backups
  • Hot/Cold sites
  • Usually overlooked
  • Finding out what happened.

24
Basics of Computer Forensics
Mississippi State University Dept Of Computer
Science and Engineering
25
What is Forensics?
  • Forensics is the application of scientific
    techniques of investigation to the problem of
    finding, preserving and exploiting evidence to
    establish an evidentiary basis for arguing about
    facts in court cases

26
What is Computer Forensics?
  • Computer forensics is forensics applied to
    information stored or transported on computers
  • It Involves the preservation, identification,
    extraction, documentation, and interpretation of
    computer media for evidentiary and/or root cause
    analysis
  • Procedures are followed, but flexibility is
    expected and encouraged, because the unusual will
    be encountered.

27
Categories of Computer Crime
  • Computer used to conduct the crime
  • Child Pornography/Exploitation
  • Threatening letters
  • Fraud
  • Embezzlement
  • Theft of intellectual property
  • Computer is the target of the crime
  • Incident Reponse
  • Security Breach

28
What is the evidence?
  • Bytes
  • Files
  • Present
  • Deleted
  • Encrypted
  • Fragments of Files
  • Words
  • Sentences
  • Paragraphs

29
Where do we find it?
  • Storage Media
  • Hard Disks
  • Floppy Disks
  • CDs, Zip disks, tapes, etc.
  • Thumb Drives
  • RAM
  • Log Files

30
What do we do with it?
  • Acquire the evidence without altering or damaging
    the original.
  • Authenticate that your recovered evidence is the
    same as the originally seized data.
  • Analyze the data without modifying it.
  • Be prepared to testify about it in a court of law.

31
Acquire the evidence
  • How do we seize the computer?
  • How do we handle computer evidence?
  • What is chain of custody?
  • Evidence collection
  • Evidence Identification
  • Transportation
  • Storage
  • Documenting the Investigation

32
Authenticate the Evidence
  • Prove that the evidence is indeed what the
    criminal left behind.
  • Readable text or pictures dont magically appear
    at random.
  • Calculate a hash value for the data
  • CRC
  • MD5

33
Analysis
  • Always work from an image of the evidence and
    never from the original.
  • Prevent damage to the evidence
  • Make two backups of the evidence in most cases.
  • Analyze everything, you may need clues from
    something seemingly unrelated.

34
Analysis (cont.)
  • Existing Files
  • mislabelled
  • Deleted Files
  • Show up in directory listing with ? in place of
    first letter
  • Dave.txt appears as ? ave.txt
  • Free Space
  • Slack Space
  • Swap Space

35
Storage Media Basics
  • Sector 512 Bytes
  • Cluster (Block) 2 or more clusters (up to 64)


36
Slack Space
  • RAM Slack That portion of a sector that is not
    overwritten in memory.
  • Disk Slack Those sectors of the cluster that are
    not needed to store file.

RAM Slack

EOF
Disk Slack
EOF
37
Slack Space
  • File Slack Last cluster of file isnt filled up
    completely, so data from the last use of that
    cluster isnt overwritten.
  • File Slack Disk Slack RAM Slack

File Slack
Disk Slack
RAM Slack
EOF
38
Free Space
  • That portion of the Media that is not currently
    in use.
  • Could have been used before, but not overwritten.
  • Especially true today with very large disks
  • Can we really erase a hard drive?
  • Even if formatted, the data is not lost.

39
Data Hiding
  • Obfuscating Data
  • Encrypted
  • Compressed
  • Hiding Data
  • In plain sight innocent looking data has
    alternate meaning
  • Within File system

40
Data Hiding in File System
  • In a File
  • Steganography
  • Invisible names
  • Misleading names
  • Obscurity
  • No names
  • Not in file
  • Slack, swap, free space
  • Removable Media

41
Tools
  • Password crackers
  • Hard Drive Tools
  • Fdisk on Linux
  • Viewers
  • QVP
  • Diskview
  • Thumbsplus
  • Unerase tools
  • CD-R Utilities
  • Text search tools
  • Drive Imaging
  • Safeback
  • Linux dd
  • Disk Wiping
  • Forensic Toolkits
  • Forensic Computers

42
QUESTIONS???
43
Contact Information
  • Dr. David Dampier
  • Department of Computer Science and Engineering
  • Box 9637, 300 Butler Hall
  • Mississippi State, MS 39762-9637
  • (011)(662)325-2756
  • Dampier_at_cse.msstate.edu
Write a Comment
User Comments (0)
About PowerShow.com