You are on page 1of 43

Trusting others electronically

E-Commerce infrastructure

Security threats the real threats and the perceptions Network connectivity and availability issues

Better architecture and planning Flexible solutions

Global economy issues

Trusting others electronically


Authentication Handling of private information

Message integrity
Digital signatures and non-repudiation Access to timely information

Trusting the medium

Am I connected to the correct web site?


Is the right person using the other computer? Did the appropriate party send the last email?

Did the last message get there in time, correctly?

Public-Key Infrastructure (PKI)


Distribute key pairs to all interested entities Certify public keys in a trusted fashion
The Certificate Authority

Secure protocols between entities Digital Signatures, trusted records and non-

repudiation

Authentication problems

Impersonation attacks

Privacy problems

Hacking and similar attacks

Integrity problems Repudiation problems

How to communicate securely:


SSL the web security protocols IPSEC the IP layer security protocol SMIME the email security protocol SET credit card transaction security protocol

Issues with variable response during peak time Guaranteed delivery, response and receipts Spoofing attacks

Attract users to other sites


Prevent users from accessing the site

Denial of service attacks

Tracking and monitoring networks

Variable connectivity levels and cost Variable economies and cultures

Taxation and intellectual property issues


Interoperability between different economies

Networking Products

Firewalls
Remote access and Virtual Private Networks (VPNs) Encryption technologies Public Key Infrastructure

Scanners, monitors and filters


Web products and applications

Support for peak access Replication and mirroring, round robin schemes avoid denial of service

Security of web pages through certificates and network architecture to avoid spoofing attacks

Identity-based certificate to identify all users of an application

Determine rightful users for resources Role-based certificates to identify the authorization rights for a user

What is EDI?

Exchange of electronic data between companies using precisely defined transactions Set of hardware, software, and standards that accommodate the EDI process
12

Figure 11.2 Benefits of EDI


13

Figure 11.3 Suppliers, manufacturers, and retailers cooperate in some of the most successful applications of EDI. 14

Figure 11.4
15

EDI on the Web Advantages of Web EDI


Lower cost More familiar software

Worldwide connectivity

Disadvantages of Web EDI


Low speed
Poor security

16

The Importance of EDI


Need for timely, reliable data exchange in response to rapidly changing markets Emergence of standards and guidelines Spread of information into many organizational units Greater reliability of information technology Globalization of organizations

17

Message authentication is concerned with:

protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution)

Three alternative functions used:


message encryption message authentication code (MAC) hash function

18

Message encryption by itself also provides a measure of authentication If symmetric encryption is used then:
receiver know sender must have created it since only sender and receiver now key used know content cannot of been altered Provides both: sender authentication and message authenticity.

19

If public-key encryption is used:

encryption provides no confidence of sender since anyone potentially knows public-key however if
sender signs message using his private-key then encrypts with recipients public key have both secrecy and authentication

but at cost of two public-key uses on message

20

A small fixed-sized block of data:

Depends on both message and a secret key Like encryption though need not be reversible

Appended to message as a signature Receiver performs same computation on message and checks it matches the MAC Provides assurance that message is unaltered and comes from sender

21

MAC provides authentication Message can be encrypted for secrecy


generally use separate keys for each can compute MAC either before or after encryption is generally regarded as better done before sometimes only authentication is needed sometimes need authentication to persist longer than the encryption (e.g., archival use)

why use a MAC?


note that a MAC is not a digital signature


22

A hash function is like a MAC condenses arbitrary message to fixed size


h = H(M)

usually assume that the hash function is public and not keyed
-note that a MAC is keyed

hash used to detect changes to message can use in various ways with message most often to create a digital signature
23

Spyware Adware Embedded Programs Trojan Horse Browser Hijackers Dialers Malware

Profit A challenge Malice Boredom Business

Computer is running slower than normal Popups (on or off the internet) New toolbars Home page changes Search results look different Error messages when accessing the web

Be conscious of what you are clicking on/downloading Some pop-ups have what appears to be a close button, but will actually try to install spyware when you click on it. Always look for the topmost right red X. Remember that things on the internet are rarely free. Free Screensavers etc. generally contain ads or worse that pay the programmer for their time.

Download.com All programs are adware/spyware free Freesaver.com Screensavers from this site are safe DO NOT click on ads KFOR or News9 Cleansoftware.org

Sits between two networks

Used to protect one from the other Places a bottleneck between the networks
All communications must pass through the bottleneck

this gives us a single point of control

Packet Filtering

Rejects TCP/IP packets from unauthorized hosts and/or connection attempts bt unauthorized hosts
Translates the addresses of internal hosts so as to hide them from the outside world Also known as IP masquerading Makes high level application level connections to external hosts on behalf of internal hosts to completely break the network connection between internal and external hosts

Network Address Translation (NAT)


Proxy Services

Encrypted Authentication

Allows users on the external network to authenticate to the Firewall to gain access to the private network
Establishes a secure connection between two private networks over a public network
This allows the use of the Internet as a connection medium rather than the use of an expensive leased line

Virtual Private Networking

Virus Scanning

Searches incoming data streams for virus signatures so theey may be blocked Done by subscription to stay current
McAfee / Norton

Content Filtering

Allows the blocking of internal users from certain types of content.


Usually an add-on to a proxy server Usually a separate subscription service as it is too hard and time consuming to keep current

Part of an overall Firewall strategy Sits between the local network and the external network
Originally used primarily as a caching strategy to minimize outgoing URL requests and increase perceived browser performance Primary mission is now to insure anonymity of internal users

Still used for caching of frequently requested files

Also used for content filtering

Acts as a go-between, submitting your requests to the external network


Requests are translated from your IP address to the Proxys IP address E-mail addresses of internal users are removed from request headers Cause an actual break in the flow of communications

Terminates the TCP connection before relaying to target host (in and out) Hide internal clients from external network Blocking of dangerous URLs Filter dangerous content Check consistency of retrieved content Eliminate need for transport layer routing between networks Single point of access, control and logging