Electronic Commerce Security - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Electronic Commerce Security

Description:

Removal of information in transit. Degrading service or delay ... Client Computer Threats. Active Content Threats. Trojan Horse (Java applets and ActiveX controls) ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 26
Provided by: srish4
Category:

less

Transcript and Presenter's Notes

Title: Electronic Commerce Security


1
Electronic Commerce Security
2
Security
  • What is security?
  • Protection from unauthorized access, use,
    alteration, or destruction
  • Physical security
  • Security using tangible protection devices
    (alarms, guards, fireproof doors, security
    fences, etc.)
  • Logical security
  • Protecting assets using nonphysical mechanisms
    (e.g., antivirus software, passwords, etc.)

3
Security Terminologies
  • Threat
  • Any act or object that poses a danger to assets
  • Countermeasure
  • Procedure that recognizes, reduces, or eliminates
    a threat
  • Eavesdropper
  • A person or device able to listen to and copy
    Internet transmissions
  • Theft or fraud
  • Unauthorized appropriation or use of goods or
    services

4
Security Terminologies
  • Data alteration or contamination
  • Unauthorized change in data in transmission
  • Misappropriation
  • Payments from customers routed to an unauthorized
    person
  • Data loss or denial of attack
  • Removal of information in transit
  • Degrading service or delay
  • Disruption of service, critical, time-sensitive
    transaction

5
(No Transcript)
6
(No Transcript)
7
Commerce Security Threats
  • Secrecy
  • unauthorized data disclosure
  • Integrity
  • unauthorized data modification
  • Necessity
  • data delays or denials

8
Securing Electronic Commerce
  • Security policy
  • A written statement regarding what, why, who, and
    how of security
  • Integrated Security
  • Access control
  • Authentication
  • Privacy
  • Data integrity
  • Non-repudiation
  • Audit

9
Client Computer Threats
  • Active Content Threats
  • Trojan Horse (Java applets and ActiveX controls)
  • Program hidden inside another program that masks
    its true purpose
  • Virus Threats

10
Communication Threats
  • Secrecy threats
  • Sniffer programs
  • Integrity Threats
  • Cyber vandalism
  • Necessity threats
  • Delay or denial threats

11
Securing a Client
  • Use antivirus software
  • Restrict cookies

12
Protecting Communication Channels
  • Use encryption
  • Process of encoding information using a secret
    key

13
  • Encryption
  • Private Key Encryption (Symmetrical Key
    Encryption)
  • Data Encryption Standard (DES) is the most widely
    used symmetrical encryption algorithm

Private Key
Private Key
Message Text
Ciphered Text
Message Text
Encryption Algorithm
Decryption
Sender
Receiver
14
Encryption (cont.)
  • Public Key Encryption (Asymmetrical Key
    Encryption)

Public Key of Recipient
Private Key of Recipient
Message Text
Ciphered Text
Message Text
Encryption
Decryption
Sender
Receiver
15
Encryption (cont.)
  • Digital Envelope combination of symmetrical and
    public key encryption

Public key of Recipient
Public key of Recipient
Session Key
Session Key
Digital Envelop
Session Key
Session Key
Message Text
Ciphered Text
Message Text
Encryption
Decryption
Sender
Receiver
16
Encryption (cont.)
  • Digital Signatures Authenticity and Non-Denial

Public Key of Recipient
Private Key of Recipient
Message Text
Message Text
Ciphered Text
Encryption
Decryption
Signature
Signature
Sender
Receiver
Private Key of Sender
Public Key of Sender
17
Digital Certificates andCertifying Authorities
  • Digital Certificates
  • Verify the holder of a public and private key is
    who he, she or it claims to be
  • Certifying Authorities (CA)
  • Issue digital certificates
  • Verify the information and creates a certificate
    that contains the applicants public key along
    with identifying information
  • Uses their private key to encrypt the certificate
    and sends the signed certificate to the applicant

18
Secure Socket Layer (SSL)
  • A protocol that operates at the TCP/IP layer
  • Encrypts communications between browsers and
    servers
  • Supports a variety of encryption algorithms and
    authentication methods, cipher suite
  • Encrypts credit card numbers that are sent from a
    consumers browser to a merchants Web site

19
(No Transcript)
20
Secure Electronic Transactions (SET)
  • A cryptographic protocol to handle the complete
    transaction
  • Provides authentication, confidentiality, message
    integrity, and linkage
  • Supporting features
  • Cardholder registration
  • Merchant registration
  • Purchase requests
  • Payment authorizations
  • Payment capture
  • Chargebacks
  • Credits
  • Credit reversal
  • Debit card transactions

21
(No Transcript)
22
Network Security
23
Dual Homed Host
24
Screened Gateway Host
25
Screened Gateway Host
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Electronic Commerce Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!