Abstract image of a woman sitting on books and studying on a laptop

Security in e commerce

A
akhand Akhandenator

This document discusses security in e-commerce. It outlines key security requirements like confidentiality, integrity, availability, and authenticity. It also discusses common security threats like hacking, viruses, and denial of service attacks. The document examines security protocols like SSL that provide encryption, authentication, and integrity. It explores tensions between security and other values. Finally, it analyzes technologies that can enhance e-commerce security, such as encryption, firewalls, and digital signatures.

Engineering
1 of 27
1
2
Most read
3
4
5
6
7
8
9
10
11
Most read
12
13
14
15
16
17
18
19
20
Most read
21
22
23
24
25
26
27
Security in E-Commerce Presented By Akhand Pratap Singh
What is Security • Security is an essential part of any transaction that takes place over the internet. Customer will loose his/her faith in e-business if its security is compromised. Following are the essential requirements for safe e- payments/transactions
E-Commerce Security Enviorment
• Confidentiality • Integrity • Availability • Authenticity • Non-Repudiability • Encryption • Auditabilty
Measure to insure security • Encryption • Digital signature • Security Certificates
Security Protocols in Internet • SSL(Secure Socket Layer) • It is the most commonly used protocol and is widely used across the industry. It meets following security requirements − • Authentication • Encryption • Integrity • Non-reputability
Secure Electronic Transaction • Card Holder's Digital Wallet Software • Merchant Software • Payment Gateway Server Software • Certificate Authority Software
The Tension Between Security and Other Values • Security vs. ease of use: The more security measures that are added, the more difficult a site is to use, and the slower it becomes • Security vs. desire of individuals to act anonymously
Security Threats in the E-commerce Environment • Three key points of vulnerability:  Client  Server  Communications channel • Most common threats:  Malicious code  Hacking  Credit card fraud/theft  Spoofing  Denial of service attacks  Sniffing  Insider jobs
A Logical Design for a Simple Web Site
Vulnerable Points in an E-commerce Environment
Malicious Code • Viruses: computer program that as ability to replicate and spread to other files; most also deliver a “payload” of some sort (may be destructive or benign); include macro viruses, file-infecting viruses and script viruses • Worms: designed to spread from computer to computer • Trojan horse: appears to be benign, but then does something other than expected • Bad applets (malicious mobile code): malicious Java applets or ActiveX controls that may be downloaded onto client and activated merely by surfing to a Web site
Spoofing, DoS and dDoS Attacks, Sniffing, Insider Jobs • Spoofing: Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else • Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network • Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points • Sniffing: type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network • Insider jobs: single largest financial threat
Fake mail example
Hacking and Cybervandalism • Hacker: Individual who intends to gain unauthorized access to a computer systems • Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably) • Cybervandalism: Intentionally disrupting, defacing or destroying a Web site • Types of hackers include:  White hats – Members of “tiger teams” used by corporate security departments to test their own security measures  Black hats – Act with the intention of causing harm  Grey hats – Believe they are pursuing some greater good by breaking in and revealing system flaws
Technology Solutions • Protecting Internet communications (encryption) • Securing channels of communication (SSL secure sockets layer), S-HTTP, VPNs) URL changes from HTTP to HTTPS • SSL: Protocol that provides secure communications between client and server • Protecting networks (firewalls) • Protecting servers and clients
Tools Available to Achieve Site Security
Protecting Internet Communications: Encryption • Encryption: The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver • Purpose:  Secure stored information  Secure information transmission • Provides:  Message integrity:  Nonrepudiation  Authentication  Confidentiality
Encryption ensures:  Message integrity: provides assurance that message has been altered  Nonrepudiation: prevents the user from denying he or she sent the message  Authentication: provides verification of the identity of the person or machine sending the message  Confidentiality: gives assurance that the message was not read by others
Symmetric Key Encryption • Also known as secret key encryption • Both the sender and receiver use the same digital key to encrypt and decrypt message • Requires a different set of keys for each transaction • Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits
Public Key Encryption • Public key cryptography solves symmetric key encryption problem of having to exchange secret key • Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) • Both keys are used to encrypt and decrypt message • Once key is used to encrypt message, same key cannot be used to decrypt message • For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it
Public Key Cryptography – A Simple Case
Digital Envelopes • Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing time) and symmetric key encryption (faster, but more secure) • Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key
Secure Negotiated Sessions Using SSL
Protecting Networks: Firewalls and Proxy Servers • Firewall: Software application that acts as a filter between a company’s private network and the Internet • Firewall methods include:  Packet filters  Application gateways • Proxy servers: Software servers that handle all communications originating from for being sent to the Internet (act as “spokesperson” or “bodyguard” for the organization)
Firewalls and Proxy Servers
Protecting Servers and Clients • Operating system controls: Authentication and access control mechanisms • Anti-virus software: Easiest and least expensive way to prevent threats to system integrity

More Related Content

PDF
E commerce Security
Wisnu Dewobroto
 
PPTX
Security in E-commerce
m8817
 
PPT
E-Commerce Security
Syed Maniruzzaman Pabel
 
PPT
E commerce security
Shakti Singh
 
PPTX
E-commerce- Security & Encryption
Biroja
 
PPTX
Security Threats in E-Commerce
Dattatreya Reddy Peram
 
PDF
E- Commerce Business Models
Vipul Kumar
 
PPTX
Presentation - Electronic Data Interchange
Sharad Srivastava
 
E commerce Security
Wisnu Dewobroto
 
Security in E-commerce
m8817
 
E-Commerce Security
Syed Maniruzzaman Pabel
 
E commerce security
Shakti Singh
 
E-commerce- Security & Encryption
Biroja
 
Security Threats in E-Commerce
Dattatreya Reddy Peram
 
E- Commerce Business Models
Vipul Kumar
 
Presentation - Electronic Data Interchange
Sharad Srivastava
 

What's hot (20)

PDF
E Commerce -Security Threats and Challenges
Inderjeet Singh
 
PPTX
Security issues in E-commerce
nikitaTahilyani1
 
PPTX
1 introduction to e commerce
sajid ullah
 
PPTX
TYPES OF E-COMMERCE
chaitrabhandare
 
PDF
Client Server Network Security
MithilDoshi1
 
PPTX
E business- EDI
gangwaniricha
 
PPTX
Online security and payment system
Gc university faisalabad
 
PPTX
MIS 10 Electronic Payment System
Tushar B Kute
 
PPTX
Data encryption
Deepam Goyal
 
PPTX
Emarketing ppt
Ankitha2404
 
PDF
Network security for E-Commerce
Hem Pokhrel
 
PPT
07 E-commerce Advertising
monchai sopitka
 
PPT
E-commerce security.ppt
Susan130641
 
PPTX
Electronic Payment Systems in E Commerce
Vinay Chaithanya
 
PPTX
Encryption ppt
Anil Neupane
 
PDF
E-Commerce security
Tawhid Rahman
 
PPTX
EDI
Pratap Tirkey
 
PPT
Chapter three e-security
Marya Sholevar
 
PPTX
architecture framework for ecommerce
preetikapri1
 
PPT
Edi ppt
Sheetal Verma
 
E Commerce -Security Threats and Challenges
Inderjeet Singh
 
Security issues in E-commerce
nikitaTahilyani1
 
1 introduction to e commerce
sajid ullah
 
TYPES OF E-COMMERCE
chaitrabhandare
 
Client Server Network Security
MithilDoshi1
 
E business- EDI
gangwaniricha
 
Online security and payment system
Gc university faisalabad
 
MIS 10 Electronic Payment System
Tushar B Kute
 
Data encryption
Deepam Goyal
 
Emarketing ppt
Ankitha2404
 
Network security for E-Commerce
Hem Pokhrel
 
07 E-commerce Advertising
monchai sopitka
 
E-commerce security.ppt
Susan130641
 
Electronic Payment Systems in E Commerce
Vinay Chaithanya
 
Encryption ppt
Anil Neupane
 
E-Commerce security
Tawhid Rahman
 
EDI
Pratap Tirkey
 
Chapter three e-security
Marya Sholevar
 
architecture framework for ecommerce
preetikapri1
 
Edi ppt
Sheetal Verma
 
Ad

Viewers also liked (20)

PPTX
E commerce security
Hansani Vihanga
 
PDF
Introduzione Tavola Rotonda su Security a MECSPE
uninfoit
 
PPT
Security in e-commerce
SensePost
 
PPT
Unit 4 e security
Dr. C.V. Suresh Babu
 
PPTX
Nescafe marketing
Mayank707
 
PDF
Verizon 2014 data breach investigation report and the target breach
Ulf Mattsson
 
PPTX
protection & security of e-commerce ...
Rishav Gupta
 
PDF
Cloud Breach - Forensics Audit Planning
Valdez Ladd MBA, CISSP, CISA,
 
PPTX
E commerce
Humayun Khalid Qureshi
 
PDF
Step Into Security Webinar - IP Security Camera Techniques for Video Surveill...
Keith Harris
 
PPTX
Ip security systems
sysvideo
 
PPTX
Ip security
Naveen Dubey
 
PPT
Lecture 5 ip security
rajakhurram
 
PPTX
Mobile commerce.
Wasim Akram
 
PPTX
Security for e commerce
Mohsin Ahmad
 
PPTX
IP Security
Keshab Nath
 
PPT
IP Security in Network Security NS6
koolkampus
 
PDF
Core banking
Vishal Singla (Agile Practitioner, Senior Scrum Master)
 
PPT
E payment
Vishal Sancheti
 
DOC
E-commerce Security and Threats
BPalmer13
 
E commerce security
Hansani Vihanga
 
Introduzione Tavola Rotonda su Security a MECSPE
uninfoit
 
Security in e-commerce
SensePost
 
Unit 4 e security
Dr. C.V. Suresh Babu
 
Nescafe marketing
Mayank707
 
Verizon 2014 data breach investigation report and the target breach
Ulf Mattsson
 
protection & security of e-commerce ...
Rishav Gupta
 
Cloud Breach - Forensics Audit Planning
Valdez Ladd MBA, CISSP, CISA,
 
E commerce
Humayun Khalid Qureshi
 
Step Into Security Webinar - IP Security Camera Techniques for Video Surveill...
Keith Harris
 
Ip security systems
sysvideo
 
Ip security
Naveen Dubey
 
Lecture 5 ip security
rajakhurram
 
Mobile commerce.
Wasim Akram
 
Security for e commerce
Mohsin Ahmad
 
IP Security
Keshab Nath
 
IP Security in Network Security NS6
koolkampus
 
Core banking
Vishal Singla (Agile Practitioner, Senior Scrum Master)
 
E payment
Vishal Sancheti
 
E-commerce Security and Threats
BPalmer13
 
Ad

Similar to Security in e commerce (20)

PPTX
Computer Introduction (Data Encryption)-Lecture05
Dr. Mazin Mohamed alkathiri
 
PPTX
Network security and firewalls
Murali Mohan
 
PPTX
Fundamental Concept of Cryptography in Computer Security
Uttara University
 
PPTX
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
 
PPTX
Cloud-Security-Prevention-Techniques-22042025-111844am (2).pptx
MahiraShakeel
 
PDF
Security in computer systems fundamentals
Manesh T
 
PDF
Information & cyber security, Winter training ,bsnl. online
SumanPramanik7
 
PDF
Information cyber security
SumanPramanik7
 
PPTX
Encryption techniques
MohitManna
 
PPTX
Security in Computer System
Manesh T
 
PPTX
Security framework
A-Seem C-Resta
 
PPTX
big data and Iot , its security part ,hoe yoy help this
warriorshanta
 
PDF
Computer security
Mahesh Singh Madai
 
PPT
Cryptography
Sourabh Badve
 
PDF
Security
Sri Manakula Vinayagar Engineering College
 
PPTX
6 security
valency paul
 
PPTX
Introduction to Network Security presentation
krishkiran2408
 
PPTX
Cyber security
JahirUddinKomol
 
PPTX
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
PPTX
Computer Security Essentials.pptx
Guna Dhondwad
 
Computer Introduction (Data Encryption)-Lecture05
Dr. Mazin Mohamed alkathiri
 
Network security and firewalls
Murali Mohan
 
Fundamental Concept of Cryptography in Computer Security
Uttara University
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
 
Cloud-Security-Prevention-Techniques-22042025-111844am (2).pptx
MahiraShakeel
 
Security in computer systems fundamentals
Manesh T
 
Information & cyber security, Winter training ,bsnl. online
SumanPramanik7
 
Information cyber security
SumanPramanik7
 
Encryption techniques
MohitManna
 
Security in Computer System
Manesh T
 
Security framework
A-Seem C-Resta
 
big data and Iot , its security part ,hoe yoy help this
warriorshanta
 
Computer security
Mahesh Singh Madai
 
Cryptography
Sourabh Badve
 
Security
Sri Manakula Vinayagar Engineering College
 
6 security
valency paul
 
Introduction to Network Security presentation
krishkiran2408
 
Cyber security
JahirUddinKomol
 
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
Computer Security Essentials.pptx
Guna Dhondwad
 

Recently uploaded (20)

PDF
Engineering Solutions for Ethical Dilemmas in Healthcare (www.kiu.ac.ug)
publication11
 
PDF
ASPEN PLUS USER GUIDE - PROCESS SIMULATIONS
GurunathEpili1
 
PDF
LS-6-Digital-Literacy (1) K12 CURRICULUM .pdf
RheaJaneMercado1
 
PPTX
MODULE 02 - CLOUD COMPUTING-Virtual Machines and Virtualization of Clusters a...
vidya447894
 
PPTX
MODULE 3 SUSTAINABLE DEVELOPMENT GOALSPPT.pptx
PramukhN1
 
PDF
CBCN cam bien cong nghiep bach khoa da năng
quan8ane
 
PPTX
Hardware, SLAM tracking,Privacy and AR Cloud Data.
Meenalochini M
 
PPTX
1. Effective HSEW Induction Training - EMCO 2024, O&M.pptx
dkrishnanivas
 
PPTX
sub station Simple Design of Substation PPT.pptx
djaiswal907
 
PPTX
INTERNET OF THINGS - EMBEDDED SYSTEMS AND INTERNET OF THINGS
Jeevanandhams14
 
PDF
25AF1191PC303 MODULE-1 CHAIN SURVEYING SEMESTER III SURVEYING
Dr. BASWESHWAR JIRWANKAR
 
PPTX
L1111-Important Microbial Mechanisms.pptx
luckysangam80
 
PDF
THE PEDAGOGICAL NEXUS IN TEACHING ELECTRICITY CONCEPTS IN THE GRADE 9 NATURAL...
ijejournal
 
PPTX
Unit I - Mechatronics.pptx presentation
ssuser329719
 
PPTX
highway-150803160405-lva1-app6891 (1).pptx
jagannathmalik2
 
PDF
The Journal of Finance - July 1993 - JENSEN - The Modern Industrial Revolutio...
Bhargav Prajwal
 
PDF
1.-fincantieri-investor-presentation2.pdf
ssuserb4c6b5
 
PDF
Performance, energy consumption and costs: a comparative analysis of automati...
kevig
 
PDF
Software defined netwoks is useful to learn NFV and virtual Lans
Pandiya Rajan
 
PDF
IAE-V2500 Engine Airbus Family A319/320
RosneyAlfaro2
 
Engineering Solutions for Ethical Dilemmas in Healthcare (www.kiu.ac.ug)
publication11
 
ASPEN PLUS USER GUIDE - PROCESS SIMULATIONS
GurunathEpili1
 
LS-6-Digital-Literacy (1) K12 CURRICULUM .pdf
RheaJaneMercado1
 
MODULE 02 - CLOUD COMPUTING-Virtual Machines and Virtualization of Clusters a...
vidya447894
 
MODULE 3 SUSTAINABLE DEVELOPMENT GOALSPPT.pptx
PramukhN1
 
CBCN cam bien cong nghiep bach khoa da năng
quan8ane
 
Hardware, SLAM tracking,Privacy and AR Cloud Data.
Meenalochini M
 
1. Effective HSEW Induction Training - EMCO 2024, O&M.pptx
dkrishnanivas
 
sub station Simple Design of Substation PPT.pptx
djaiswal907
 
INTERNET OF THINGS - EMBEDDED SYSTEMS AND INTERNET OF THINGS
Jeevanandhams14
 
25AF1191PC303 MODULE-1 CHAIN SURVEYING SEMESTER III SURVEYING
Dr. BASWESHWAR JIRWANKAR
 
L1111-Important Microbial Mechanisms.pptx
luckysangam80
 
THE PEDAGOGICAL NEXUS IN TEACHING ELECTRICITY CONCEPTS IN THE GRADE 9 NATURAL...
ijejournal
 
Unit I - Mechatronics.pptx presentation
ssuser329719
 
highway-150803160405-lva1-app6891 (1).pptx
jagannathmalik2
 
The Journal of Finance - July 1993 - JENSEN - The Modern Industrial Revolutio...
Bhargav Prajwal
 
1.-fincantieri-investor-presentation2.pdf
ssuserb4c6b5
 
Performance, energy consumption and costs: a comparative analysis of automati...
kevig
 
Software defined netwoks is useful to learn NFV and virtual Lans
Pandiya Rajan
 
IAE-V2500 Engine Airbus Family A319/320
RosneyAlfaro2
 

Security in e commerce

  • 1. Security in E-Commerce Presented By Akhand Pratap Singh
  • 2. What is Security • Security is an essential part of any transaction that takes place over the internet. Customer will loose his/her faith in e-business if its security is compromised. Following are the essential requirements for safe e- payments/transactions
  • 4. • Confidentiality • Integrity • Availability • Authenticity • Non-Repudiability • Encryption • Auditabilty
  • 5. Measure to insure security • Encryption • Digital signature • Security Certificates
  • 6. Security Protocols in Internet • SSL(Secure Socket Layer) • It is the most commonly used protocol and is widely used across the industry. It meets following security requirements − • Authentication • Encryption • Integrity • Non-reputability
  • 7. Secure Electronic Transaction • Card Holder's Digital Wallet Software • Merchant Software • Payment Gateway Server Software • Certificate Authority Software
  • 8. The Tension Between Security and Other Values • Security vs. ease of use: The more security measures that are added, the more difficult a site is to use, and the slower it becomes • Security vs. desire of individuals to act anonymously
  • 9. Security Threats in the E-commerce Environment • Three key points of vulnerability:  Client  Server  Communications channel • Most common threats:  Malicious code  Hacking  Credit card fraud/theft  Spoofing  Denial of service attacks  Sniffing  Insider jobs
  • 10. A Logical Design for a Simple Web Site
  • 11. Vulnerable Points in an E-commerce Environment
  • 12. Malicious Code • Viruses: computer program that as ability to replicate and spread to other files; most also deliver a “payload” of some sort (may be destructive or benign); include macro viruses, file-infecting viruses and script viruses • Worms: designed to spread from computer to computer • Trojan horse: appears to be benign, but then does something other than expected • Bad applets (malicious mobile code): malicious Java applets or ActiveX controls that may be downloaded onto client and activated merely by surfing to a Web site
  • 13. Spoofing, DoS and dDoS Attacks, Sniffing, Insider Jobs • Spoofing: Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else • Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network • Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points • Sniffing: type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network • Insider jobs: single largest financial threat
  • 15. Hacking and Cybervandalism • Hacker: Individual who intends to gain unauthorized access to a computer systems • Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably) • Cybervandalism: Intentionally disrupting, defacing or destroying a Web site • Types of hackers include:  White hats – Members of “tiger teams” used by corporate security departments to test their own security measures  Black hats – Act with the intention of causing harm  Grey hats – Believe they are pursuing some greater good by breaking in and revealing system flaws
  • 16. Technology Solutions • Protecting Internet communications (encryption) • Securing channels of communication (SSL secure sockets layer), S-HTTP, VPNs) URL changes from HTTP to HTTPS • SSL: Protocol that provides secure communications between client and server • Protecting networks (firewalls) • Protecting servers and clients
  • 17. Tools Available to Achieve Site Security
  • 18. Protecting Internet Communications: Encryption • Encryption: The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver • Purpose:  Secure stored information  Secure information transmission • Provides:  Message integrity:  Nonrepudiation  Authentication  Confidentiality
  • 19. Encryption ensures:  Message integrity: provides assurance that message has been altered  Nonrepudiation: prevents the user from denying he or she sent the message  Authentication: provides verification of the identity of the person or machine sending the message  Confidentiality: gives assurance that the message was not read by others
  • 20. Symmetric Key Encryption • Also known as secret key encryption • Both the sender and receiver use the same digital key to encrypt and decrypt message • Requires a different set of keys for each transaction • Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits
  • 21. Public Key Encryption • Public key cryptography solves symmetric key encryption problem of having to exchange secret key • Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) • Both keys are used to encrypt and decrypt message • Once key is used to encrypt message, same key cannot be used to decrypt message • For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it
  • 22. Public Key Cryptography – A Simple Case
  • 23. Digital Envelopes • Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing time) and symmetric key encryption (faster, but more secure) • Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key
  • 25. Protecting Networks: Firewalls and Proxy Servers • Firewall: Software application that acts as a filter between a company’s private network and the Internet • Firewall methods include:  Packet filters  Application gateways • Proxy servers: Software servers that handle all communications originating from for being sent to the Internet (act as “spokesperson” or “bodyguard” for the organization)
  • 27. Protecting Servers and Clients • Operating system controls: Authentication and access control mechanisms • Anti-virus software: Easiest and least expensive way to prevent threats to system integrity