Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
78 views28 pages

E-Commerce Unit-2

The document discusses various topics related to e-commerce security including data encryption, cybercrime, security threats to e-commerce like hacking and credit card fraud, and tools to achieve site security like encryption, firewalls, and anti-virus software. It addresses how encryption works to provide confidentiality, integrity, authentication and non-repudiation for data and communications. Symmetric and public key encryption algorithms are described. The roles of firewalls, proxy servers, and secure communication channels like SSL are outlined.

Uploaded by

Yash Sonkar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
78 views28 pages

E-Commerce Unit-2

The document discusses various topics related to e-commerce security including data encryption, cybercrime, security threats to e-commerce like hacking and credit card fraud, and tools to achieve site security like encryption, firewalls, and anti-virus software. It addresses how encryption works to provide confidentiality, integrity, authentication and non-repudiation for data and communications. Symmetric and public key encryption algorithms are described. The roles of firewalls, proxy servers, and secure communication channels like SSL are outlined.

Uploaded by

Yash Sonkar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 28

SUBJECT – E Commerce

CLASS – B.Com 4 A

TOPIC – Unit-2

ITM GROUP OF INSTITUTIONS


Data security and Encryption
◈ Data security refers to protection of data, such as a
database, from destructive forces and from the
unwanted actions of unauthorized users. Encryption is
the conversion of electronic data into another form,
called ciphertext, which cannot be easily understood
by anyone except authorized parties. The sata, often
referred to as plaintext, is encrypted using an
encryption algorithm and an encryption key. This
process generates ciphertext that can only be viewed
in its original form if decrypted with the correct key.

ITM GROUP OF INSTITUTIONS © 2


◈ Decryption is simply the inverse of encryption,
following the same steps but reversing the order in
which the keys are applied. The primary purpose of
encryption is to protect the confidentiality of digital
data stored on computer systems or transmitted via
the Internet or other computer networks. Encryption
algorithms play a critical role in the security assurance
of IT systems and communications as they can provide
not only confidentiality, but also the following key
elements of security:

ITM GROUP OF INSTITUTIONS © 3


 Authentication: the origin of a message can be
verified.
 Integrity: proof that the contents of a message have
not been changed since it was sent.
 Non-repudiation: the sender of a message cannot
deny sending the message.
◈ Encryption is also used to protect data in transit, for
example data being transferred via networks (e.g. the
Internet, e-commerce), mobile phones, wireless
microphones, wireless intercom systems, Bluetooth…
ITM GROUP OF INSTITUTIONS © 4
… devices and ATMs. Data should also be encrypted when
transmitted across networks in order to protect against
eavesdropping of network traffic by unauthorized users.
Encryption algorithms are divided into two categories:
symmetric and asymmetric.

ITM GROUP OF INSTITUTIONS © 5


Dimensions of E-commerce Security
◈ Integrity refers to the ability to ensure that information
being displayed on a Web site or transmitted or
received over the Internet, has not been altered in any
way by an unauthorized party.
◈ Nonrepudiation refers to the ability to ensure that e -
commerce participants do not deny (I.e., repudiate)
their online actions.
◈ Authenticity refers to the ability to identify the identity
of a person or entity with whom you are dealing on the
Internet.
ITM GROUP OF INSTITUTIONS © 6
◈ Confidentiality refers to the ability to ensure that
messages and data are available only to those who are
authorized to view them.
◈ Privacy refers to the ability to ensure the use of
information about oneself.
◈ Availability refers to the ability to ensure that an e-
commerce site continues to function as intended.

ITM GROUP OF INSTITUTIONS © 7


Cyber Crime
◈ The crime that involves and uses computer devices and
Internet, is known as cybercrime.
◈ Cybercrime can be committed against an individual or
a group; it can also be committed against government
and private organizations. It may be intended to harm
someone’s reputation, physical harm, or even mental
harm.
◈ Cybercrime can cause direct harm or indirect harm to
whoever the victim is.

ITM GROUP OF INSTITUTIONS © 8


◈ However, the largest threat of cybercrime is on the
financial security of an individual as well as the
government.
◈ Cybercrime causes loss of billions of USD every year.

ITM GROUP OF INSTITUTIONS © 9


Security Threats to Ecommerce Environment
◈ Malicious code
• includes a variety of threats such as viruses, worms,
Trojan horses, and “bad applets”
• virus is a computer program that has the ability to
replicate or make copies of itself, and spread to other
files
• worm is designed to spread from computer to
computer.
• trojan horse appears to be benign, but then does
something other than expected.
ITM GROUP OF INSTITUTIONS © 10
ITM GROUP OF INSTITUTIONS © 11
◈ Hacking and cyber vandalism
• hacker is an individual who intends to gain
unauthorized access to a computer system
• cracker is the term typically used within the hacking
community to demote a hacker with criminal intent
• Cyber vandalism is intentionally disrupting, defacing, or
even destroying a site
• white hats are “good” hackers that help organizations
locate and fix security flaws

ITM GROUP OF INSTITUTIONS © 12


• black hats are hackers who act with the intention of
causing harm
• grey hats are hackers who believe they are pursuing
some greater good by breaking in and revealing system
flaws

ITM GROUP OF INSTITUTIONS © 13


◈ Credit card fraud
• Different from traditional commerce
• Hackers target files on merchant server
◈ Spoofing
• Misrepresenting oneself by using fake email addresses
or masquerading as someone else

ITM GROUP OF INSTITUTIONS © 14


◈ Denial of Service Attacks
• Flooding a Web site with useless traffic to inundate and
overwhelm the network
• Distributed Denial of Service attack uses numerous
computers to attack the target network from
numerous launch points

ITM GROUP OF INSTITUTIONS © 15


◈ Sniffing
• A type of eavesdropping program that monitors
information traveling over a network
◈ Insider Jobs
• Employees with access to sensitive information
• Sloppy internal security procedures
• Able to roam throughout an organization’s system
without leaving a trace

ITM GROUP OF INSTITUTIONS © 16


Tools Available to Achieve Site Security

ITM GROUP OF INSTITUTIONS © 17


Overview of Technology Solutions: Encryption
◈ Encryption : Process of transforming plain text or data
into cipher text that cannot be read by anyone other
than the sender and receiver
◈ Purpose : Secure stored information and information
transmission
◈ Provides :
• Message integrity
• Non-repudiation
• Authentication
• Confidentiality
ITM GROUP OF INSTITUTIONS © 18
Symmetric Key Encryption
◈ Also known as secret key encryption
◈ Both the sender and receiver use the same digital key
to encrypt and decrypt message
◈ Requires a different set of keys for each transaction
◈ Advanced Encryption Standard (AES): Most widely used
symmetric key encryption today; offers 128-, 192-, and
256-bit encryption keys; other standards use keys with
up to 2,048 bits

ITM GROUP OF INSTITUTIONS © 19


Public Key Encryption
◈ Solves symmetric key encryption problem of having to
exchange secret key
◈ Uses two mathematically related digital keys – public
key (widely disseminated) and private key (kept secret
by owner)
◈ Both keys used to encrypt and decrypt message
◈ Once key used to encrypt message, same key cannot
be used to decrypt message
◈ For example, sender uses recipient’s public key to
encrypt message; recipient uses his/her private key to
decrypt it
ITM GROUP OF INSTITUTIONS © 20
Public Key Cryptography – A Simple Case

ITM GROUP OF INSTITUTIONS © 21


ITM GROUP OF INSTITUTIONS © 22
Security Channels of Communication
◈ Secure Sockets Layer (SSL): Most common form of
securing channels of communication; used to establish
a secure negotiated session (client-server session in
which URL of requested document, along with
contents, is encrypted)
◈ S-HTTP: Alternative method; provides a secure
message-oriented communications protocol designed
for use in conjunction with HTTP
◈ Virtual Private Networks (VPNs): Allow remote users to
securely access internal networks via the Internet,
using Point-to-Point Tunneling Protocol (PPTP)
ITM GROUP OF INSTITUTIONS © 23
Secure Negotiated Sessions Using SSL

ITM GROUP OF INSTITUTIONS © 24


Protecting Networks: Firewalls and Proxy
Servers
◈ Firewall: Hardware or software filters communications
packets; prevents some packets from entering the
network based on a security policy
◈ Firewall methods include:
• Packet filters
• Application gateways
◈ Proxy servers: Software servers that handle all
communications originating from or being sent to the
Internet.

ITM GROUP OF INSTITUTIONS © 25


Firewalls and Proxy Servers

ITM GROUP OF INSTITUTIONS © 26


Protecting Servers and Clients
◈ Operating system controls: Authentication and
access control mechanisms
◈ Anti-virus software: Easiest and least expensive
way to prevent threats to system integrity

ITM GROUP OF INSTITUTIONS © 27


Thanks!
Any questions?
You can find me at:
@username
[email protected]

ITM GROUP OF INSTITUTIONS © 28

You might also like