1 / 25

SSL and E-commerce Security

SSL and E-commerce Security. g z2155 Guangwei Zhang. E-commerce. US e-Commerce and Online Retail sales projected to have reached $204 billion, an increase of 17 percent over 2007. Part of our life now. E-commerce Security Issue. Security issue is the top concern in the e-commerce

onawa
Download Presentation

SSL and E-commerce Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSL and E-commerce Security gz2155 Guangwei Zhang

  2. E-commerce US e-Commerce and Online Retail sales projected to have reached $204 billion, an increase of 17 percent over 2007 Part of our life now

  3. E-commerce Security Issue • Security issue is the top concern in the e-commerce • Most people tend to fear that the website compromise their personal information. • People may not use e-commerce websites just because of the worry about security and privacy

  4. Three Kinds of Security Threats • Server part • Client part • Network part

  5. Security Issues of Servers • Server install important software and store valuable information. • Firewall is used

  6. Security Issues of Clients • The systems of clients have inherent insecurity. • Virus problem • Trojan problem • fatal to e-commerce

  7. Security Issues of Network • The information transmitted can be viewed by others • The information can be modified during transmission • The two sides of the transaction don’t meet with each other • SSL can solve these problems

  8. SSL Introduction • Secure Sockets Layer • It has another name now, TSL • Transport Layer Security • Cryptographic protocols that provide securities for communications over the network

  9. Cite from "Inside SSL: the secure sockets layer protocol“ by Chou, W

  10. Features of SSL • Application protocol independent • Does not specify the detailed mechanism

  11. Responsibilities of SSL • Authenticate Server • Authenticate Client(Optional) • Encrypt the message sent between the client and the server. • Detect tampering data

  12. Two Sub Protocols • SSL record protocol • Defines the format used to transmit data • SSL handshake protocol • Establish an SSL connection. • Negotiate the encryption mechanism

  13. Record Protocol and Handshake Protocol

  14. SSL Record Protocol • When transmitting message, it fragments , compresses and encrypts the data, and transmit it. • When receiving message, it decrypts, verifies, decompress, and reassembles the data, then delivered to the higher level

  15. SSL Handshake Protocol • Change cipher spec protocol • notify the recipient there is transition in ciphering strategies • Alert protocol • warning and fatal • Handshake protocol • How messages are exchanged to establish a SSL connection

  16. SSL and Encryption Chou, W. "Inside SSL: the secure sockets layer protocol"

  17. Comparison of two algorithms Public Key Private Key • asymmetric encryption • public key needn’t to be encrypted • based on mathematical problems that are easier to generate rather than to solve • symmetric encryption • private key needs to be kept secret

  18. History of SSL TLS 1.1 was released in April. 2006 TLS 1.2 was released in August 2008

  19. Keep secret

  20. Verify information

  21. Check identity

  22. Other approaches to network securities • Parallel Security Protocol Application-Specific Security Security within Core Protocols

  23. SSL Limitation • Doesn’t protect the IP or TCP headers • Manipulating users, SSL cannot guarantee that the person using the certificate is the person to whom the certificate was issued. • Cannot support UDP protocol • Depend on whether encryption algorithms themselves have weaknesses • Cannot provide an important service called nonrepudiation. (Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. This is part of the digital signature. )

  24. Thank you for your time

More Related