E-commerce securities
1. What is e-commerce security and why is it important?
2. How to identify threats to e-commerce?
3. How to determine ways to protect e-commerce from those threats?
4. What are electronic payment systems?
5. What are the security requirements for electronic payment systems?
6.
What security measures are
used to meet these requirements?
WHAT IS E-COMMERCE SECURITY
E-commerce security is the
protection of e-commerce assets from unauthorized access, use, alteration, or
destruction.
– Intellectual property
– Client computers à push for point-and-click commerce
– Messages traveling on the communication channel à ubiquitous connectivity
– Web
server & its hardware à complex systems and networks
2. The importance of securing e-commerce
– Secrecy: protection against unauthorized data disclosure and authentication of data source
– Integrity: prevention against unauthorized data modification
– Necessity: prevention against data delays or removal
– Non-repudiation: prevention against any one party from reneging on an agreement after the fact
à protect corporation's image and reputation
à minimize the impact of security failures
à minimize downtime
à
fulfill legal and regulatory requirements for
data integrity/confidentiality and consumer privacy
e-commerce threats
Threats: anyone with the capability, technology,
opportunity, and intent to do harm.Potential threats
can be foreign or domestic, internal or external, state-sponsored or a single
rogue element.Terrorists, insiders, disgruntled
employees, and hackers are included in this profile (President's Commission on
Critical Infrastructure Protection)
1. Intellectual property threats -- use existing
materials found on the Internet without the owner's permission, e.g., music
downloading, domain name (cybersquatting), software
pirating
– Malicious codes
– Active contents
3. Communication channel threats
– Sniffer program
– Backdoor
– Spoofing
– Denial-of-service
– Privilege setting
– Server Side Include (SSI), Common Gateway Interface (CGI)
– File transfer
– Spamming
How to identify threats?
Vulnerability assessments or penetration tests
Risk = Threat x Vulnerability x Cost
Threat: frequency of potentially adverse events
|
2002* |
2001** |
2000** |
|
|
Viruses, Trojans, worms, hostile ActiveX and Java |
31% |
21% |
26% |
|
Loss of Privacy/confidentiality, data misuse/abuse |
23% |
28% |
25% |
|
System unavailability, denial of service, natural disasters, power outage |
15% |
18% |
20% |
|
Cracking, eavesdropping, spoofing |
11% |
25% |
20% |
* 2002 Information Security Survey
** 2001 Information Security Industry Survey
Vulnerability: likelihood of success of a particular attack, e.g., Merchant Risk Council’s fraud test
Cost: real damages to hardware or software + IT staff time and resources spent repairing the damages + lost productivity, public relations damage control, lost public confidence, lost business opportunities, e.g., Figure 15 of 2004 CSI/FBI Computer Crime & Security Survey
Countermeasure
A procedure that recognizes,
reduces, or eliminates a threat
Two types of countermeasures:
Physical vs logical security
– Blocking
– Privacy -- Cookie blockers; Anonymizer, e-mail shredding
– Digital certificate
– Browser protection
– Antivirus software
– Encryption
– 3 types of encryption program: hash coding, public-key encryption (asymmetric), private-key encryption (symmetric)
o Private-key encryption: both the sender and the receiver of the message have access to the same key
o Public-key encryption: Each individual has his or her own public-private key pair, which is derived mathematically from a one-way function with an intentional trap door. A one-way function is a mathematical problem which is easy to perform in one direction but extremely difficult and time-consuming to perform in the reverse direction. Key pairs are generated using such a function, but they have a trap door. The trap door makes the reverse computation relatively easy if a precise piece of information is known. This additional piece of information is the key pair owner's secret password. e.g., RSA algorithm
RSA algorithm
1. Find two very large prime numbers, P and Q.
2. Find a number E that has the following properties:
a. It is an odd number,
b. It is less than P x Q,
c. It is relatively prime to (P-1) x (Q-1)
Meaning that E and the result of this equation have no common prime factors.
3. Compute a value D that has the following property:
((D x E) - 1) can be evenly divided by (P-1) x (Q-1).
The public key-pair is the pair (P x Q, E),
The private key is the number D,
The public key is E.
The encryption function uses the public key E and the modulus P x Q:
Encrypted message = (TE) modulus P x Q.
The decryption function uses the private key D and the modulus P x Q:
Decrypted
message = (CD) modulus P x Q.
* Protocol: Secure Sockets Layer (SSL), Secure HyperText Transfer Protocol (S-HTTP)
– Digital signature (Turban et al. 2004, Exhibit 12.5)
• Bind the message originator with the exact contents of the
message
– A hash
function is used to transform messages into a 128-bit
digest (message digest).
– The
sender’s private key is used to encrypt the
message digest (digital signature)
– The message
+ signature are sent to the receiver
– The
recipient uses the hash function to recalculate the message digest
– The
sender’s public key is used to decrypt the
message digest
– Check to
see if the recalculated message digest = decrypted message digest
4.
Server protection
– Access control and authentication
*
Digital signature from
user
*
Access control list
*
Intrusion detection
systems: e.g., Cisco System’s NetRanger
International Computer Security Association's classification:
·
Packet filter
firewall: checks IP address of incoming packet and rejects anything that does
not match the list of trusted addresses (prone to IP spoofing)
· Application level proxy server: examines the application used for each individual IP packet (e.g., HTTP, FTP) to verify its authenticity.
·
Stateful packet
inspection: examines all parts of the IP packet to determine whether
or not to accept or reject the requested communication.
|
Assets |
Threats |
Countermeasures |
|
Intellectual property |
– pirating |
– Legislature – Blocking – Authentication |
|
Client computer |
– Malicious code – Active contents |
– Blocking – Digital certificate verification – Browser protection – Antivirus software – Computer forensics |
|
Communication channel |
– Sniffer program – Backdoor – Spoofing – Denial-of-service |
– Encryption – Digital signature |
|
Server |
– Privilege abuse – CGI – File transfer – Spamming |
– Access control – Firewalls |
ELECTRONIC PAYMENT SYSTEMS
A medium of payment between remote buyers and sellers in cyberspace: electronic cash, software wallets, smart cards, credit/debit cards.
Offline payment methods: cash (55%), check (29%), credit
card (16%)
|
Payment systems |
Properties |
Advantages |
Disadvantages |
|
Electronic cash e.g., PayPal |
– 31% of US population do not have credit cards – micropayments (< $10) – Independent – Portable – Divisible |
– Efficient – Less costly |
– Money laundering – Forgery – Low acceptance – Multiple standards |
|
Electronic wallets e.g., Passport |
– Stores shipping & billing information – Encrypted digital certificate |
– Enter information into checkout forms automatically |
– Client-side wallets are not portable – Privacy issue for server-side wallets |
|
Smart cards e.g., Blue |
– Embedded microchip storing encrypted personal information |
– Convenience |
– Need a card reader – Card theft – Low acceptance |
|
Credit cards |
– Line of credit – Purchase dispute protection – Secure Electronic Transaction (SET) Protocol |
– Most popular – Worldwide acceptance |
– Charge back – $50 limit on frauds – Processing fee |
SECURITY REQUIREMENTS
1. Authentication of merchant and consumer
2. Confidentiality of data
3. Integrity of data
4.
Non-repudiation
SECURITY MEASURES
1. Secure Electronic Transaction (SET) protocol:
developed jointly by MasterCard and Visa with the goal of providing a secure
payment environment for the transmission of credit card data.
|
Features |
SSL |
SET |
|
Encryption of data during transmission |
Yes |
Yes |
|
Confirmation of message integrity |
Yes |
Yes |
|
Authentication of merchant |
Yes |
Yes |
|
Authentication of consumer |
No |
Yes |
|
Transmission of specific data only on a "need know" basis |
No |
Yes |
|
Inclusion of bank or trusted third party in transaction |
No |
Yes |
|
No need for merchant to secure credit card data internally |
No |
Yes |
SET payment transaction:
* A shopper makes a purchase and transmits encrypted billing information with his/her digital certificate to the merchant.
* The merchant transfers the SET-coded transaction to a payment card-processing center.
* The processing center decrypts the transaction.
* A certification authority certifies the digital certificate as belonging to the shopper.
* The processing center routes the transaction to the shopper's bank for approval.
* The merchant receives notification from the shopper's bank that the transaction is approved.
* The shopper's payment card account is charged for the transaction amount.
*
The merchant ships the merchandize and transmits
the transaction amount to the merchant's bank for deposit.
2. Disposable credit numbers: one-time-use credit card numbers are transmitted to the merchant
3. Other developments
•
Wireless payment, e.g, Qpass
•
Stored-value/prepaid cards, e.g,
UK
Plus account
•
E-loyalty and rewards programs, e.g., MyPoints
•
Contactless cards, e.g., ExpressPay
•
3-factor authentication
– Something
you know
– Something
you have
– Something
you are (biometrics)
e.g., Fingerprint-recognition
system for PCs
Fingerprint scan foils fake & cutoff fingers
How to judge whether or not a business is trustworthy? (E-commerce trust)
– Social: reputation
– Legal: compensation
– Technological: money, secure credit card
* Online security may has been improved but not faith in e-commerce
* The development of trust is complex and costly but once established, the system is cheap to maintain.
*
To build a secure environment for e-commerce, it
may be more important to build a system based on interpersonal relationships
rather than technology à social control rather than external control.