ECommerce Security

1
Chapter 10, 11

• E-Commerce Security

2
Computer Security Classifications

• Computer security is a serious issue. It is the
  protection of assets from unauthorized access,
  use, alteration, or destruction.
• Computer security is generally classified into
  three categories
• Secrecy
• Integrity
• Necessity

3
Secrecy

• Secrecy is the best known of the computer
  security categories
• It is the prevention of unauthorized information
  disclosure, such as trade secrets, credit card
  number theft.
• It is a technical issue requiring sophisticated
  physical and logical mechanisms.
• Encryption is one means to tackle secrecy threats.

4
Integrity

• Integrity refers to preventing unauthorized data
  modification.
• Cyber vandalism, the electronic defacing of an
  existing Web site's page, is an example of an
  integrity violation.
• Masquerading or spoofing (pretending to be
  somebody you are not or representing a web site
  as an original when it really is a fake) is one
  means of creating havoc on Web sites.

5
Necessity

• Necessity refers to preventing data delays (e.g.
  in stock market), or denials, such as DOS (denial
  of service).
• The purpose of a necessity threat is to disrupt
  normal computer processing or to deny processing
  entirely.
• Slower processing can render a service unusable
  or unattractive.
• The server is intentionally bombarded with so
  many false requests that the server is unable to
  respond to real requests.

6
Protecting E-Commerce Assets

• Customers engaging in electronic commerce need to
  feel confident that their transactions are secure
  from prying eyes safe from alteration.
• The security policy must be regularly revised as
  threat conditions change.
• A security policy must protect a systems
  privacy, integrity, and availability and
  authenticate users.
• A security policy is a written statement
  describing
• which assets to protect and why they are being
  protected
• who is responsible for that protection, and
• which behaviors are acceptable and which are
  not

7
Security Policy

• Specific elements of a security policy address
  the following points
• Authentication Who is trying to access the
  e-commerce site?
• Access control Who is allowed to log on to and
  access the e-commerce site?
• Secrecy Who is permitted to view selected
  information?
• Data integrity Who is allowed to change data,
  and who is not?
• Audit Who or what causes selected events to
  occur and when?

8
Minimum Requirements for Secure E-commerce
9
Protecting Intellectual Property

• Digital intellectual properties, including art,
  logos, and music posted on Web sites, are
  protected by laws.
• One promising technique employs steganography to
  create a digital watermark.
• Steganography provides a way of hiding an
  encrypted file within another file so that a
  casual observer cannot detect that there is
  anything of importance in the container file.
• The watermark is a digital code or stream
  embedded undetectably in a digital image or audio
  file. It can be encrypted to protect its
  contents, or simply hidden among the bits
  comprising the image or recording.
• http//www.research.ibm.com/image_apps/watermark.h
  tml

10
Protecting Intellectual Property

• Issues of intellectual property rights for
  Internet Domain Names
• CybersquattingSomeone registers a domain name
  that is the trademark of another company, hoping
  that the owner will pay huge amounts of to
  acquire the URL.
• Name changingSomeone registers purposely
  misspelled variations of well-known domain names,
  annoying affected online businesses and confusing
  their customers
• In Nov 1999, the U.S. ACPA was signed into law.
  Parties found guilty of cybersquatting can be
  held liable for damages of up to 100,000 per
  trademark.
• If the registration of the domain name is found
  to be willful, damages can be as much as
  300,000.

11
Protecting Client Computers

• Active contents can be one of the most serious
  threats to client computers.
• Active content refers to programs that are
  embedded transparently in Web pages and that
  cause actions to occur, giving life to static Web
  pages.
• As a result, a client computer is subjected to
  any number of security violation, including the
  release of confidential information and deletion
  of files on the computer.
• Active content can display moving graphics,
  download and play audio, or implement Web-based
  spreadsheet programs.
• Browsers are equipped to recognize when they are
  about to download Web page containing active
  content and gives the user a chance to confirm
  that the programs are from a known and trusted
  source.

12
Active Content
13
Protecting Client Computers

• Cookies might pose a privacy issue to the client
  computer.
• Another threat to client computers is a
  malevolent server site masquerading as a
  legitimate Web site. Solution Digital
  certificate

14
Digital Certificates

• A digital certificate consists of the name and
  other information about the user along with the
  users public key.
• A digital certificate is either an attachment to
  an e-mail message or an embedded program in a Web
  page that verifies that a user or Web site is who
  they claim to be.
• The digital certificate contains a means for
  sending an encrypted message to the entity that
  sent the original Web page or e-mail message.
• A Web sites digital certificate is a shoppers
  assurance that the Web site is the real
  store.

15
Digital Certificates
Guarantees that business and individuals must
submit their credentials for re-evaluation
periodically.
16
Digital Certificates
Double click on the lock that appears in the
browsers status line to display the web sites
original certificate.
17
Certification Authority (CA)

• A CA issues a digital certificate to an
  organization or individual, who must supply
  appropriate proof of identity.
• The CA providing digital certificates provides
  your company with an encryption key that
  specifically identifies who you are and where
  your server is located, after checking that you
  are in business and have a business license, with
  an address and phone number.
• The certificate contains the stamp of approval
  from the CA, in the form of a public encryption
  key, which unlocks the certificate for anyone
  who receives the certificate.

18
Certification Authority (CA)

• A CA should also have either a certificate that
  is signed by another trusted entity or be a known
  trusted entity (e.g. the US government).
• Thawte is a trusted name in the CA industry and
  offers a Chained CA program to enable other, less
  well-known CAs to issue certificates to their
  customers that in turn are signed by Thawtes
  private key.

19
Certification Authority (CA) - Verisign

• One of the oldest and best known CA is VeriSign.
• VeriSign issues digital certificates to companies
  and individuals.
• VeriSign, established in 1995, as a spin-off of
  RSA Data Security, Inc.
• Certificates are classified as low, medium, or
  high assurance depending on the identification
  requirements imposed.
• It offers 4 classes of certificates (class 1 t
  oclass 4) that are differentiated by assurance
  level.

20
Certification Authority (CA) - Verisign

• Class 1 certificates are the lowest level and
  bind e-mail addresses and associated public keys.
• Class 4 certificates apply to servers and the
  server organizations.
• Certificates become invalid on their expiration
  dates or when they are intentionally revoked by
  the CA.

21
Example of Class 1 certificate
22
Example of Class 1 certificate
23
Example of Class 1 certificate
24
Security Features Built Into Microsoft Internet
Explorer

• Internet Explorer provides client-side protection
  inside the browser.
• Internet Explorer uses Microsoft Authenticode
  technology to verify the identity and integrity
  of downloaded active contents.
• Authenticode technology verifies that the program
  has a valid certificate.
• A list of trusted CAs is built into IE along with
  their public keys.
• A genuine CAs public key is used to unlock the
  certificate to obtain the software publishers
  signed digest.
• If the signed digest proves that the software
  publisher signed the downloaded code, the
  certificate is displayed, assuming that the
  supplier is valid.

25
Microsoft Internet Explorer
26
Microsoft Internet Explorer
27
Security Features Built Into Microsoft Internet
Explorer

• Users can specify different security settings
  that determine how IE handles the programs and
  files it downloads, depending on the source of
  the files being downloaded.
• Nothing in Authenticode provides ongoing
  monitoring of code during its execution.
• So, seemingly safe code that Authenticode permits
  into a computer can still malfunction either
  because of a programming mistake or an
  intentional act.

28
Microsoft Internet Explorer
29
Microsoft Internet Explorer
30
Security Features Built Into Netscape Navigator

• Netscape Navigator allows you to control whether
  active content is downloaded to your computer.
• If you allow Java or JavaScript active content,
  you will always receive an alert from Netscape
  Navigator, indicating whether the active content
  is signed and allows the user to view the
  attached certificate (if available) to determine
  whether to grant or deny permission to download
  the active content.

31
Netscape Navigator
32
Netscape Navigator
33
Netscape Navigator
34
Protecting E-Commerce Channels

• Providing commerce channel security means
• Providing channel secrecy
• Guaranteeing message integrity
• Ensuring channel availability
• A complete security plan includes authentication
• Businesses must prevent eavesdroppers from
  reading the Internet messages that they
  intercept, by encryption.
• In addition, volume of traffic is disguised by
  sending continual encrypted messages between the
  parties, if there are no genuine messages for
  transmission then random data is sent. Since the
  messages are encrypted, an eavesdropper cannot
  distinguish between them.

35
Encryption

• Encryption is the coding of information by a
  mathematically based program and a secret key to
  produce a string of characters that is
  unintelligible.
• The science that studies encryption is called
  cryptography.
• Cryptography is a method of mathematical encoding
  used to transform messages into an unreadable
  format in order to maintain confidentiality of
  data. The encryption process transforms a clear
  text message into a non-decipherable form known
  as cipher text.
• Cipher text can be viewed as a postcard. It will
  ultimately reach the intended recipient. However,
  in the route, anybody can read the content of a
  postcard, only that they dont know what is
  written in it since it is written in a language
  only the sender and receiver understand.

36
Encryption

• The program that transforms clear text into
  cipher text is called an encryption program.
• Upon arrival, each message is decrypted using a
  decryption program.
• One property of encryption programs, or
  algorithms, is that somebody can know the details
  of the encryption program and still not be able
  to decipher the encrypted message, without the
  key used in the process of encoding the message.
• A sufficiently long key can make the security of
  messages unbreakable.

37
Three Types of Encryption

• Hash coding is a process that uses a hash
  algorithm to calculate a fixed size hash value
  from a message of any length.
• Asymmetric encryption, or public-key
  encryption, encodes messages by using two
  mathematically related numeric keys a public key
  and a private key.
• Symmetric encryption, or private-key
  encryption, encodes a message using a single
  numeric key to encode and decode data.

38
Hash coding

• Hash value is a fingerprint of the message
  because it is almost certain to be unique for
  each message.
• The probability of creating a collision (2
  different messages having the same hash value) by
  a good quality hash algorithms is extremely
  small.
• Hash values can be used to determine the
  integrity of messages in transit.
• Hash algorithms are one-way functions, meaning
  that there is no way to transform the hash value
  back to the original message.

39
Hash Functions

• A hash algorithm has these characteristics
• It uses no secret key.
• The message digest it produces cannot be inverted
  to produce the original information.
• The algorithm and information about how it works
  are publicly available.
• Hash collision are nearly impossible.
• Among the common hash algorithms
• Secure Hash Algorithm (SHA-1) produces a 160-bit
  message digest. Although slower than MD5, this
  larger digest size makes it stronger against
  brute force attacks.
• MD5 Its 128 bit message digest makes it a faster
  implementation than SHA-1.

40
Asymmetric Encryption (public key encryption)

• Public key is freely distributed to anyone
  interested in communicating securely with the
  holder of both keys.
• To encrypt messages, private key is kept secret
  by the owner to decrypt messages sent to him /
  her. Public key is like mailbox anybody wanting
  to send you a mail can put a mail inside your
  mailbox.
• Private key is the key to your mailbox only you
  have legal access to the mailbox to read the
  mails sent to you by others.
• Once a message is downloaded from the mail server
  and decoded, it is stored in plain text on the
  recipients machine for all to view.

41
Asymmetric Encryption (public key encryption)

• Encryption and decryption can be done with either
  key.
• Private key can also be used to create digital
  signatures. Other users can verify the signature
  with the public key.
• Among the common ciphers of asymmetric
  encryption
• RSA a popular public key algorithm used for both
  authentication and encryption, and digital
  signatures. Most common in commercial
  applications.
• developed by (then) MIT professors Ronald Rivest
  and Adi Shamir, and by USC professor Leonard
  Adleman.
• The key may be any length, depending on the
  particular implementation used.

42
Symmetric Encryption (private key encryption)

• Encryption and decryption is performed by the
  same key.
• Both message sender and receiver must know the
  key.
• Encoding and decoding messages is very fast and
  efficient.
• The key must be guarded.
• Does not scale well in large environments such as
  the Internet because each pair of users must have
  their own private key.
• Among the common ciphers of symmetric encryption
• Data Encryption Standard (DES) a popular
  encryption algorithm developed by an IBM team
  around 1974
• DES encrypts and decrypts data in 64-bit blocks,
  using a 56-bit key.

43
Symmetric Encryption (private key encryption)

• DES has 16 rounds, meaning the main algorithm is
  repeated 16 times to produce the ciphertext.
• The DES algorithm itself has become obsolete and
  is in need of replacement.
• Develop the Advanced Encryption Standard (AES) as
  a replacement for DES.
• Triple DES (a key length 3 times as long) has
  been endorsed as a temporary standard to be used
  until the AES may supplant Triple DES as the
  default algorithm on most systems.
• Since it is based on the DES algorithm, it is
  very easy to modify existing software to use
  Triple DES.

44
Comparison between Asymmetric and Symmetric
Encryption

• Public-key systems provide several advantages
  over private-key systems
• The combination of keys required to provide
  private messages between enormous numbers of
  people is small
• Key distribution is not a problem
• Public-key systems make implementation of digital
  signatures possible, meaning that an electronic
  document can be signed and sent to any recipient
  with non-repudiation.

45
Comparison between Asymmetric and Symmetric
Encryption

• Public key systems are slower than private key
  systems.
• Do not replace private key systems but serve as a
  complement.
• Use public key systems to transmit private keys
  to Internet participants so that additional, more
  efficient communications can occur in a secure
  Internet session.

46
Strength of Encryption Key Lengths

• Any key length lt 64 bits is no longer considered
  to be secure.
• 40-bit key 3.5 hours to break code.
• 56-bit 22.25hours (RSA Data Security, Inc. s
  code-breaking contest 250,000 specially built
  code-cracking computer and a world-wide network
  of 100,000 PCs).
• 64-bit 33 to 34 days
• 128-bit more than 2000 years

47
Encryption Methods
48
Secure Sockets Layer (SSL) Protocol

• The SSL system from Netscape is a system that
  provides secure information transfer through the
  Internet.
• SSL secures connections between 2 computers.
• The SSL encrypts and decrypts information flowing
  between the two computers automatically and
  transparently.
• SSL provides a security handshake between the
  client and server computers to agree upon the
  security level (the length of the session key and
  the algorithms) used to exchange digital cash and
  other tasks.

49
SSL Protocol(cont.)

• Server must have a valid certificate, not
  necessary for client, in order to prove its
  identity.
• Once verified, all communication between
  SSL-enabled clients and servers is encoded,
  including the URLs the client requested.
• The protocol that implements SSL is HTTPS.
• A lock in the browser to indicate that the
  transfer is secure.
• Current SSL levels include 40-bit, 56-bit,
  128-bit and 168-bit, which indicates the length
  of the private session key generated by every
  encrypted transaction.

50
SSL Protocol(cont.)

• 40-bit SSL connections tend to be rather weak
  168-bit is extremely strong
• 128 bits is 340,000,000,000,000,000,000,000,000
  times larger than 40 bits.
• A session key is a key used by an encryption
  algorithm to create cipher text during a single
  secure session.
• The longer the session key, the more resistant
  the encryption is to attack.
• Once the session is ended, the session key is
  discarded and not reused for subsequent sessions.

51
SSL Protocol (cont.)

• The algorithm may be DES, Triple DES, or the RAS
  encryption algorithm.
• SSL uses both public-key and symmetric key
  encryptions. The former provides better
  authentication whereas the latter tends to be
  faster.

52
How SSL works?

• The client browser asks the server for a digital
  certificate proof of identity.
• The server sends to the browser a certificate
  signed by a recognized CA.
• The browser checks the certificate fingerprint
  against the public key of the CA stored within
  the browser.
• Once verified, the browser generates a private
  session key for both to share.
• The browser then encrypts the private session key
  using the servers public key, which is stored in
  the digital certificate sent from the server
  during the authentication step.

53
How SSL works?

• Once encrypted, the browser send it to the
  server.
• The server, in turn, decrypts the message with
  its private key and exposes the shared private
  key.
• From this point on, public key encryption is no
  longer used.
• All messages sent between client and server are
  encrypted using the shared private session key.

54
SSL Protocol (cont.)
55
SSL Protocol (cont.)

• SSL provide interim solutions but are not
  foolproof, de facto standard to guarantee privacy
  and integrity for Internet sessions.
• Disadvantages
• merchant has access to customers payment
  information
• merchant does not have the due assurance that a
  valid customer is using a given card.
• While using SSL for encryption greatly enhances
  security and confidentiality, it slows the
  interchange because all the data has to be
  encrypted and decrypted.

56
Building an SSL-enabled Web Site

• In building a Web site, you can enable SSL by
  configuring a security-enabled http (https)
  process on the server and specify the web pages
  that require SSL access.
• A user can confirm and authenticate an SSL
  servers identity when sending sensitive data to
  the server. The digital certificate issued by CA
  (Certificate Authorities) is used to prove
  authenticity.

57
Risks faced by messages sent over the Internet
? message is reassembled at destination ? Was the
message really sent by Point A?
? message originating from Point A ? Did Point B
receive the message?
message is split into packets and may travel
along different paths to the intended destination
Point B.

• ??
• Did anyone else see the message?
• If Point B did in fact receive the message
• Is it exactly the same message or could it have
  been altered in any way?
• Was it delivered promptly or could it have been
  stalled?

58
Security Techniques
59
Hashes, Encrypted Hashes Signatures

• Hashes guarantee against non-malicious and
  malicious corruption.
• Encrypting the hashes is not necessary since it
  reveals nothing about the message. However, it
  guarantees against identity of sender.
• Imagine such a situation someone intercepts a
  message, alters its information, re-create the
  message digest, and send the message and new
  message digest to the intended recipient. The
  merchant will be fooled into concluding that the
  message is genuine.
• Signatures guarantee all of above, plus
  non-repudiation

60
Digital Signature / Digital ID

• An encrypted message digest by the senders
  private key is called a digital signature.
• A digital signature actually provides a greater
  degree of security than a handwritten signature
  because the digital signature verifies both that
  the message originated from a specific person and
  that the message has not been altered either
  intentionally or accidentally.
• Used together, public-key encryption, message
  digests, and digital signatures provide quality
  security for Internet transaction.
• Simply encrypt the entire string digital
  signature and message can guarantee secrecy.

61
Digital Signature
Obtained from digital certificate
How to ensure confidentiality as well?
62
How Does A Digital Signature Work?

• When you digitally sign a e-mail message, the
  public key of your Digital ID is attached to the
  message.
• Before the message and Digital ID are sent, a
  hash algorithm is applied to your message to
  generate a message digest (MD).
• After the message digest is generated, your
  private key is used to encrypt the message
  digest. Why is it necessary to encrypt the
  message digest? Is it because message digest can
  reveal the content of the message?
• The e-mail is then sent with the Digital ID and
  encrypted message digest as attachments.
• When someone receives your e-mail message, their
  application uses your Digital ID (the public key)
  to decrypt the message digest

63
Technologies needed to create a secure online
purchasing site

• secure server runs secure technologies such as
  SSL, making it very difficult for intruders to
  gain access to confidential information sent over
  the Internet, such as credit card numbers
• digital authentication a service that confirms
  that a secure server session is secure
• encryption a way of transferring information so
  no intruder can read it
• merchant software software that is used to
  create an online purchasing service
• electronic payment software software that is
  used to facilitate the payment of purchases on an
  online purchasing service