Lecture 9: Ecommerce - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

Lecture 9: Ecommerce

Description:

Store Front. Shopping-Cart Technology. Auction Model. 6: Privacy and Security Issues ... Eg, eBay. 6: Privacy and Security Issues. 4. INE1020: Introduction to ... – PowerPoint PPT presentation

Number of Views:233
Avg rating:3.0/5.0
Slides: 29
Provided by: felixha
Category:

less

Transcript and Presenter's Notes

Title: Lecture 9: Ecommerce


1
Lecture 9 E-commerce Business
  • E-Commerce
  • Security Issues
  • Secure Transaction
  • Secure Network

2
1. E-Commerce
  • refers to all commercial transactions conducted
    over the Internet, may include
  • Banking
  • Sending orders
  • Investing
  • E-Business Models
  • Store Front
  • Shopping-Cart Technology
  • Auction Model

3
1. E-Commerce Models
  • Storefront
  • What many people would think when they hear
    e-commerce.
  • Enable merchant to
  • sell products online
  • Organize product catalogs through their websites
  • Take orders through the web
  • Accept payment
  • Manage customer information
  • Shopping-cart
  • Allows customers to accumulate items they wish to
    buy as they browse the website.
  • Eg, Amazon.com
  • Auction Model
  • Web offers a wide variety of auction sites that
    act as forums for Internet to assume the role of
    sellers and buyers.
  • Eg, eBay

4
(No Transcript)
5
(No Transcript)
6
1. E-Commerce security
  • Security Made E-Commerce Possible
  • The most common form of e-commerce transaction
    consists of a retail purchase from a catalog.
  • Provides a way for user to
  • Purchase the item
  • Manipulate a shopping cart
  • Select a payment method

7
1. Secure Sockets
  • A browser keeps messages private by using
    encryption technology.
  • Encryption process is entirely hidden from users.
  • Browser handles the details
  • Encrypts the message before sending it
  • Technology used SSL (Secure Socket Layer)
  • With SSL, a browser can encrypt messages so that
    the content remain private

8
2. Cryptography
  • 2 categories of cryptography based on key used
  • symmetric key crypto sender, receiver keys
    identical
  • public-key crypto encrypt key different from
    decrypt key

9
2. Cryptography Concepts
  • Cryptography
  • process data into unintelligible form
  • idea of encryption

10
2. Cryptographic Algorithms
  • Secret key algorithms
  • DES (Data Encryption Standard)
  • IDEA (International Data Encryption Algorithm)
  • Public key algorithms
  • RSA (Rivest, Shamir, and Adlerman)
  • Message Digest (cryptographic checksum)
  • MD5

11
2.1 Secret (Symmetric) Key
  • Encrypting and decrypting a message using the
    same key
  • Sender sends message and key to receiver
  • Problems
  • Key must be transmitted to receiver
  • Different key for every receiver
  • Key distribution centers used to reduce these
    problems
  • Generates session key and sends it to sender and
    receiver encrypted with the unique key
  • Example of encryption algorithms
  • Dunn Encryption Standard (DES), Triple DES,
    Advanced Encryption Standard (AES)

12
2.1 Secret Key (DES)
13
2.2 Public (Asymmetric) Key
  • Encrypting and decrypting a message using
    different keys
  • Asymmetric two inversely related keys
  • Private key
  • Public key
  • Each party has both a public and a private key
  • Either the public key or the private key can be
    used to encrypt a message
  • If public key encrypts only private can decrypt
    and vice versa
  • Encrypted with private key
  • Proves identity while maintaining security
  • Example RSA public key algorithm

14
2.2 Public Key (RSA)
15
2.3 Message Digest
  • Although secret codes cannot be decrypted,
    hackers can intercept it, add a few bits and
    change the message completely
  • How to prevent this to happen?
  • Send a message digest together with the message
  • What is a message digest?
  • a hashed message and has very few bits
    (typically between 128 - 256 bits)

16
2.3 Message Digest
  • Message Digest
  • MD5 (cryptographic checksum)
  • Hash algorithm (one-way function)
  • input variable length message (or a document)
  • output fixed length cryptographic checksum (eg
    128 bits)
  • result also called the hash or message digest
  • protect message integrity (eg, against deliberate
    and accidental tampering)

17
2.3 Message Digest
  • A simple example of hashing function using
    remainder
  • e.g. Let a 1, b 2, . . ., z 26
  • to hash apple into a number between 0-9
  • add up the letters
  • apple 1 16 16 12 5 50
  • divide the sum by 10
  • the remainder is the hashed value ( 50/10 0)
  • send apple together with the hash value 0
  • if apple is changed to opple, you can detect it
    because the hash code is different
  • o15, opple 64, hash code 4

18
2.4 Security Services Cryptography
Security
Cryptography
Security
algorithms
services
Public
Secret
Message
Authentication
Privacy
Message
key
key
digest
integrity
(e.g., RSA)
(e.g., DES)
(e.g., MD5)
19
2.4 Security Services Cryptography
  • Security services
  • Privacy preventing unauthorized release of
    information
  • Authentication verifying identity of the remote
    participant
  • Integrity making sure message has not been
    altered
  • Functions provided by cryptography
  • Privacy only those who know the (private
    public) keys can encrypt and decrypt the message
  • Authentication Use a digital signature (a code
    that can be generated only by a participant, eg
    using his/her private key)
  • Integrity A message integrity code (MIC) is
    added to the message MIC as a kind of checksum

20
2.5 Digital Signatures
  • Digital signature
  • The electronic equivalent of written signatures.
  • Authenticates senders identity
  • Sender (Bob) digitally signs document,
    establishing he is document owner/creator.
  • Verifiable, nonforgeable recipient (Alice) can
    verify that Bob, and no one else, signed
    document.
  • Digital signature combines public-key algorithm
    with message digest.
  • Digital signature signed message digest
  • Sender used its private key to sign the message.

21
2.5 Digital Signatures
  • Bob sends digitally signed message
  • Alice verifies signature and integrity of
    digitally signed message

22
2.6 Transaction Security Protocols
  • Secure Sockets Layer (SSL)
  • Uses public-key technology and digital
    certificates to authenticate the server in a
    transaction
  • Protects information as it travels over Internet

Without using SSL
When using SSL
23
2.6 Transaction vs. Network Security
  • Transaction security protocols protects
    information as it travels over Internet
  • It does not protect once stored on receiver
    servers
  • Need to protect the servers
  • protect the network - network security
  • protect the building where the servers are
    located
  • Network security
  • Allow authorized users access
  • Prevent unauthorized users from obtaining access
  • Example firewall

24
3. Firewalls
  • A specially programmed router between a site and
    the rest of the Internet
  • connects to 2 or more networks
  • forward and filter packets
  • Denial-of-service
  • filters packets based on source IP address
  • protect hosts within a site from unwanted
    flooding of external packets
  • 2 categories
  • filter-based
  • proxy-based

25
3. Firewalls
  • Filter-Based Solution
  • table of entries (source IP addr, source port,
    dest. Ip addr., dest. Port)
  • example
  • filter all packets from port 1234 on host
    192.12.13.14 addressed to well-known port 80 on
    host 128.7.6.5
  • ( 192.12.13.14, 1234, 128.7.6.5, 80 )
  • Filter all packets addressed to port 80 on
    128.7.6.5
  • (,, 128.7.6.5, 80 )
  • only allow access to port 25 (eg mail server)
  • (,, 128.19.20.21, 25)
  • how dynamic?
  • Install new filters as firewall is running
  • patterns extended to include new ports as new TCP
    connections are established (may not know port
    number in advance)

26
3. Firewalls
  • Problem complex policy
  • Example to make certain pages of a web server
    available to all external users
  • unable to express policy as filters

27
3. Firewalls
  • Solution put HTTP proxy on firewall
  • proxy a process between a client a server
  • remote user establish connection to proxy
  • If requested page is allowed
  • establish connection to server
  • else
  • return error
  • Policy embodied in application specific proxy

28
Further Readings
  • Reading assignment chp 30, text book
  • This lecture is intended to provide a brief
    introduction of network and transactional
    security, students who wish to invest more time
    on studying security issues are referred to the
    following resources
  • Security Issues
  • Davis Chapter 8.
  • A master-level course IEG 7006 System
    Administration and Network Security, explore
    in-depth issues of security
Write a Comment
User Comments (0)
About PowerShow.com