security controls and systems in e commerce l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security Controls and Systems in E-Commerce PowerPoint Presentation
Download Presentation
Security Controls and Systems in E-Commerce

Loading in 2 Seconds...

play fullscreen
1 / 33

Security Controls and Systems in E-Commerce - PowerPoint PPT Presentation


  • 274 Views
  • Uploaded on

Security Controls and Systems in E-Commerce. Prof. Mohamed Aly Aboul - Dahab Head of Electronic and communications Engineering Department Arab Academy for Science , Technology and Maritime Transport. ITU E - Commerce Conference for the Arab Region Tunisia, May 2001. I. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security Controls and Systems in E-Commerce' - oshin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security controls and systems in e commerce

Security Controls and Systems in E-Commerce

Prof. Mohamed Aly Aboul - Dahab

Head of Electronic and communications Engineering Department

Arab Academy for Science , Technology andMaritime Transport

ITU E - Commerce Conference for the Arab Region

Tunisia, May 2001

i introduction
I. Introduction
  • What is E - Commerce ?
  • Actors of E - Commerce:
    • Product.
    • Player.
    • Process.
  • Scope of E - Commerce:
    • Infrastructure.
    • Pillars.
    • Applications.
i introduction cont d
I. Introduction (Cont’d)
  • Security of E - Commerce involves:
    • Security control
    • Security systems
ii security controls
II. Security Controls

1- Confidentiality.

2- Access control.

3- Integrity.

4- Availability.

5- Non repudiation.

ii security controls cont d
II. Security Controls (Cont’d)

1- Confidentiality

  • it refers to the protection of information from unauthorized agent or person.
  • It can be guaranteed by encrypting the data.
ii security controls cont d6
II. Security Controls (Cont’d)

2- Access control

  • There should be some sort of control of any entity (human or computer) trying to access the E - Commerce system.
  • It includes two measures : authentication and authorization.
2 access control cont d
2- Access Control(Cont’d)
  • Authentication : The sender of a document must be identified precisely and without any possibility of fraud.
  • Authorization: not all the users can have access rights to the E- Commerce system.
ii security controls cont d8
II. Security Controls (Cont’d)

3- Integrity

  • It refers to protecting the data and / or computer against any tampering [nationally or internationally).
  • Measures are taken to ensure the accuracy and completeness of data.
ii security controls cont d9
II. Security Controls (Cont’d)

4- Availability

  • It refers to the continuity of the processing and the availability of information.

5- Non repudiation

  • It ensures that users cannot deny actions they undertake.
iii security technologies
III. Security Technologies

The categories of security technologies are:-

1- Platform security.

2- Network security.

3- Encryption and certificate authority.

iii security technologies cont d
III. Security Technologies (Cont’d)

1- Platform security

  • It refers to security of information contained in the computers or servers.
  • The objective is to ensure that information on the platform is secured from unauthorized users or other platforms.
iii security technologies cont d12
III. Security Technologies (Cont’d)

1- Platform security

It can be done on three levels:

    • User access to operating system.
    • User access to the database.
    • User access to the business applications and internal browser.
  • This can be carried out by using passwords and ID numbers at each level.
iii security technologies cont d13
III. Security Technologies (Cont’d)

2- Network Security

It refers to the security of all traffic at the network levels.

  • It involves two aspects:
    • the two communicating platforms should authenticate each other.
    • The information has to be preserved confidentially over the network.
iii security technologies cont d14
III. Security Technologies (Cont’d)

2- Network Security

  • The techniques utilized are :

a) IP security protocol.

b) Point to point tunneling protocol.

c) Remote authentication Dial In user service.

d) Firewalls.

2 network security cont d
2- Network Security(Cont’d)

a) IP security protocol:

  • The two hosts ( or platforms ) establish a security association between them.
  • A sequence of bits called “key” is added to the information packets.
  • Checksum operations are made on the entire packet (including the key). These operations follow certain rules or “algorithms”.
2 network security cont d16
2- Network Security(Cont’d)

b) Point to point tunneling protocol

  • It is a protocol that allows establishing a secure channel between the two hosts then communicating the information.

c) Remote Authentication Dial In user service

  • It is a protocol that enables a host to authenticate dial in users before allowing them to convert to the internet service.
2 network security cont d17
2- Network Security(Cont’d)

d) Firewalls

  • These are filters that control access to the internal network of the system.
  • They examine the packet contents and accept or reject the routing, of packets based upon the contents.
  • They are “hardware” components that are implemented from a combination of routers, hosts. computers, servers,……. etc.
iii security technologies cont d18
III. Security Technologies (Cont’d)

3- Encryption and Certificate Authority

  • This refers to encryption of information itself.
  • The encryption process needs a sequence of bits called “key” and a mathematical process called “algorithm”.
  • There are several types of encryption, namely

a) Private key encryption

c) Public key encryption

d) Digital signature

e) Certificate authority

3 encryption and certificate authority cont d
3- Encryption and Certificate Authority(Cont’d)

a) Private key encryption

  • Same key is used to both encrypt and decrypt the message.
  • It should be known to both sides.
  • Difficulties are:
    • message is communicated between users that have never met.
    • If so many users hold the same key, it will no longer be private.
3 encryption and certificate authority cont d20
3- Encryption and Certificate Authority (Cont’d)

b) Public key Encryption

  • Two keys are used : a public key to encrypt the message and a private key to decrypt it.
  • The public key is made available to anyone who wants to send a message.
  • The only way to decrypt the message is to hold a private key.
3 encryption and certificate authority cont d21
3- Encryption and Certificate Authority (Cont’d)

e) Digital Signature

  • It is used to make sure that the message is coming from the person you think sent it.
  • It is also used to make sure that the person cannot deny he or she has sent the message.
e digital signature cont d
e) Digital Signature (Cont’d)
  • Digital signature is done as follows:
    • The sender has two keys : one “private” for encryption and the other “public” for decryption.
    • The sender creates a phrase and encrypt it with his private key.
    • The phrase is attached to the message and both are encrypted by a public key.
    • The phrase is decrypted with a public key, if it is successfully decrypted, then the sender himself has sent it.
3 encryption and certificate authority cont d23
3- Encryption and Certificate Authority (Cont’d)

d) Certificate Authority (CA)

  • It is a third party which ensures that no body can steel the private key and send the message.
  • The role of certificate authority is done as follows:
d certificate authority cont d
d) Certificate Authority (Cont’d)
  • Individuals (or computers) apply for “Digital Certificate” from certificate authority by sending their public key and identification information.
  • Certificate authority verifies information and creates a certificate that contains the applicant public key and identifying information.
d certificate authority cont d25
d) Certificate Authority (Cont’d)
  • The Certificate Authority uses its private key to encrypt the certificate and sends it to the applicant.
  • The applicant uses the Certificate Authority public key to decrypt the certificate and sends it. He will use the embedded public key to send the message.
3 encryption and certificate authority cont d26
3- Encryption and Certificate Authority (Cont’d)

e) Biometrics

  • there are seven categories of biometrics, namely finger scanning, face recognition, hand geometry, iris and retina scanning, voice recognition, palm-print recognition, and signature recognition.
  • Special hardware should be used e.g. finger print scanners and camera- based iris recognition.
iv conclusion
IV. Conclusion
  • Security is an issue of prime importance to E- Commerce.
  • Security controls for E-Commerce have to be laid down.
  • Security technologies can be applied on three levels: platform, network and message encryption.
references
References:

1) Me Garr, M.S., “ Tuning in Biometrics to Reduce E-Commerce Risk”, EC-World magazine, Feb.2000.

2) Turbin, E, et.al, “Electronic Commerce- A perspective”, Prentice Hall Inc.,2000.

3)Rajpnt,W.E., ”E-Commerce systems Architecture and Applications”, Artech House,2000.

slide29

Multicast Dissemination

Architecture

Sender

Network

Distribution

Sites

Network

Receivers

slide30

EC-DC Model

worldwide

Customer bank

developing countries

Web customer

Web store front

merchant

Secure web

E- commerce server

Merchant’s bank

Credit card processing company

slide31

Electronic

Commerce Applications

Stocks, Jobs, Online Banking, Procurement

and Purchasing Malls, Online Marketing and Advertising,

Customer Service, Auctions, Travel, Online Publishing

Framework for Electronic

Commerce

People

Buyers, Sellers

Intermediaries

Services, IS people

and Management

Public Policy

Taxes,Legal,and

Privacy Issues

Free Speech

Domain names

Technical

Standards

For Documents

Security. And

Network Protocols,

Payments.

Organizations

Partners

Competitors

Associations

Government

Services

Infrastructure

Common Business

Services

Messaging and Information Distribution

Multimedia Content and Network Publishing

Interfacing

Network

MANAGEMENT

slide32

I. Introduction

(Cont’d)

Applications

Pillars

Infrastructure

slide33

Applications

Online

Banking

I. Introduction

(Cont’d)

Purchasing

Pillars

Online

Publishing

Selling

People

Legality

Infrastructure

Services

Security

Customer

Service

Information

Handling

Auctions

Networks

Interfacing

Enterprises

Stock

Exchange

Standards

Marketing

Malls

Advertising