security in electronic commerce n.
Skip this Video
Loading SlideShow in 5 Seconds..
Security in Electronic Commerce PowerPoint Presentation
Download Presentation
Security in Electronic Commerce

play fullscreen
1 / 13
Download Presentation

Security in Electronic Commerce - PowerPoint PPT Presentation

ziven
159 Views
Download Presentation

Security in Electronic Commerce

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Security in Electronic Commerce The need for Public Key Infrastructure Budi RahardjoPresented at BPPT, Jakarta, Indonesia10 February 2000

  2. Outline • Brief intro on {computer, network, information} security and its relation to electronic commerce • The need for Public Key Infrastructure, Certification Authority (CA), Incident Response Team • Security issues in Indonesia Security in ecommerce - Budi Rahardjo

  3. Introduction • No need to introduce on Electronic Commerce.[Has been presented by previous speakers.] • Trust, Security and Confidence are esential to underpin Electronic Commerce • Ecommerce will succeed if security level is acceptable. Security in ecommerce - Budi Rahardjo

  4. Security Issues • Security services: • Confidentiality / privacy • Integrity • Non-repudiation • Authentication • Access control • Availability • Some can be achived with cryptography • Encryption & Decryption • Private key system vs Public key system Security in ecommerce - Budi Rahardjo

  5. Encryption Private [symmetric, shared] key cryptosystem Shared (secret) key Decryption Plaintext Plaintext Ciphertext My phone555-1234 My phone555-1234 Y$3*@ Security in ecommerce - Budi Rahardjo

  6. Private key cryptosystem • Uses one (secret) key to encrypt and decrypt. • Problem in key distribution and management • The number of keys increases exponentially (n)(n-1)/2 • Key distribution requires separate secure channel • Advantage: faster operation compared to public key • Examples: DES, IDEA Security in ecommerce - Budi Rahardjo

  7. Encryption Public (asymmetric) key cryptosystem Public key repositoryCertificate Authority (CA) Public key Private key Decryption Plaintext Plaintext Ciphertext My phone555-1234 My phone555-1234 Y$3*@<>* Security in ecommerce - Budi Rahardjo

  8. Public key cryptosystem • Use different keys to encrypt and decrypt. • Less number of keys. • Require key repository.Management of keys may be more complicated. • Disadvantage: • requires extensive computing power to calculate • Examples: RSA, ECC Security in ecommerce - Budi Rahardjo

  9. Certification Authority (CA) • The need for Public Key Infrastructure • The need to have a National Certification Authority • An Indonesian National CA initiative is under progressIndosat/Indosatcom, Pos/Wasantara, Telkom, Deprindag (MITI), ITB, UI • There may be more than one Cas • Other CAs • Verisign • Entrust • International Secure Electronic Transaction Organisation (ISETO) Security in ecommerce - Budi Rahardjo

  10. Incident Response Team • ID-CERT: cert.or.idIndonesia Computer Emergency Response Team • Modeled after CERT, COAST Purdue • Public services • Research & development, education • Commercial services Security in ecommerce - Budi Rahardjo

  11. Security incidents in Indonesia • Many web sites have been vandalized. The following are recent hacked • Jackarta Stock Exchange • Bank Central Asia • Indosatnet • Other incidents • Port scanning / probing • Mail spamming Security in ecommerce - Budi Rahardjo

  12. Other security issues • Standarization • X509 • Law, cyberlaw • cryptography usage? Digital signature law? Intellectual property rights? Privacy issues? Critical Infrastructure Security in ecommerce - Budi Rahardjo

  13. Affiliation • Budi RahardjoPPAU Mikrolektronika - InterUniversity Research on MicroelectronicsInstitut Teknologi Bandungemail: br@paume.itb.ac.idPhone: (62-22)250-6280PIKSI ITB - Computing Servicesemail: budi@piksi.itb.ac.idPhone: (62-22) 250-3031IDNICbudi@idnic.net.idIDCERTemail: budi@cert.or.id Security in ecommerce - Budi Rahardjo