e-commerce engineer - security in e-commerce
DESCRIPTION
E-Commerce Engineer - Security in E-Commerce. Encryption and Security Measures. Definition of Security problems. A security-system is correct, if it has the following parameters: Closeness Holistic Continuity Venture proportion. General problems of the information-security. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/1.jpg)
1
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
E-Commerce Engineer - Security in E-Commerce
Encryption and Security Measures
![Page 2: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/2.jpg)
2
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Definition of Security problems
A security-system is correct, if it has the following parameters:
• Closeness• Holistic• Continuity• Venture proportion
![Page 3: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/3.jpg)
3
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
General problems of the information-security
• Security problems of the design and the development procedure
• Information-security• Data-security• Dependable working
![Page 4: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/4.jpg)
4
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Security problems of the design and the development
• Documentation, documents– security classification– critical hardware and network items
![Page 5: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/5.jpg)
5
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
The information-security
• Regulation of the data-access rights• Identification and validation• Information-security on the information-system
level• Virus defence
![Page 6: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/6.jpg)
6
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Data-manipulating rights control
• Scope of authority issue• Control• Data-access rights• Unauthorized data-access attempt• Firewall configuration
![Page 7: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/7.jpg)
7
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Identification and validation
• User identification• Validation• Secession• Multilevel identification and validation system• Misregistration
![Page 8: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/8.jpg)
8
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Information-security on the informatics-system level
• Information-security on the level of:– Operating system– Application defence– Menu-system – File system
![Page 9: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/9.jpg)
9
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Virus defence
• System-servers• Application servers• Data medium• New software• For a longer time unused software
![Page 10: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/10.jpg)
10
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
The data-security
• Security of the data-recording• Security of the data-storage• Security of the data-access
![Page 11: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/11.jpg)
11
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Security of the data-recording
• Input-data accuracy• Data-transmission• Development of the data-recording policy• Logging of the data-recording events• Data-recording rights• Input warrants• Semantic and syntax monitoring of input data
![Page 12: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/12.jpg)
12
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Security of data-storage
• Development of data-storage policies• After-processing control• Redundant-storage• Data encryption
![Page 13: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/13.jpg)
13
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Security of data-access
• Development of data distribution policies• Development of the data-access rights• Data-integration
![Page 14: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/14.jpg)
14
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Dependable working 1
• Infrastructure– physical defence of storage and computer rooms– dependable power supply– bias control
• HRM- human resource management– staff trusty operation– viewpoints– personal factors
![Page 15: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/15.jpg)
15
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Dependable working 2
• Audition of reliability• Restart• Data medium– storage– security copies– archiving
![Page 16: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/16.jpg)
16
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Dependable working 3
• Hardware– physical defence– conditions of the dependable operation– floppy-drive disabling– service– bound of workstation– communication network
![Page 17: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/17.jpg)
17
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Dependable working 4
• Software– legality– virus defence– testing for fail-safe operation– documentation– source-code availability
![Page 18: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/18.jpg)
18
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
IT security in the the running system
• Access regulation• Access control• Integration control• Data-security• Fail-spanning• Restart• Development and observance of operating
policies• Disaster-plan
![Page 19: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/19.jpg)
19
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Cryptographic-protocol of e-commerce 1
• Identification– partner-identification– server- identification– client- identification
• Message-authentication• Verifying digital signatures• Secret-sharing
![Page 20: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/20.jpg)
20
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Cryptographic-protocol of e-commerce 2
• Encryption-key maintenance– generation– allocation– authentication– revocation– key server
• Time-stamp
![Page 21: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/21.jpg)
21
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Developers and products of the cryptographic standards 1
• ANSI standards– DSA-based digital signature– RSA -based digital signature– Ellipse-curve based digital signature (ECDSA)
![Page 22: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/22.jpg)
22
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Developers and products of the cryptographic standards 2
• FIPS (US) standards– Escrowed encryption standard (EES)– Data encryption standard (DES)– Advanced encryption standard (AES)– Hash standard for digital signature (SHS)– Digital signature standard (DDS) using a Digital
signature algorithm (DSA)
![Page 23: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/23.jpg)
23
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Developers and products of the cryptographic standards 3
• RSA Laboratories specifications, PKCS (Public-Key Cryptography Standards)– RSA standard– Diffie-Helmann key standard– ITU (International Telecommunication Union)– X.509 authentication framework
![Page 24: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/24.jpg)
24
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Developers and products of the cryptographic standards 4
• PEM (privacy-enchanted mail)• W3C commendations• ETSI (European Telecommunications Standards
Institute) standards
![Page 25: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/25.jpg)
25
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
The RSA-based encryption 1
• Algorithm of the RSA– selection of parameters– encryption keys– message-handling
![Page 26: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/26.jpg)
26
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Message-handling
• The message encryption:Encoding the m (0<m<n, (m,n)=1) message:
c ≡ me mod n,
c - the encrypted message
• Decoding of c(0<c<n) encrypted message:m ≡ cd mod n,
m - the resolved message
The condition (m,n)=1 ensures the unambiguous coding
![Page 27: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/27.jpg)
27
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
The RSA-based encryption 2
• The RSA attributes (algorithms)– the RSA algorithm can be easily computerized– its security is adequate– simple mathematical background– well known– typical parameters– applied acceleration– Wassenaar command– patent
![Page 28: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/28.jpg)
28
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
The RSA-based encryption 3
• RSA attributes (offensives)– factorisation of n : full-hacking– selection small d : full-hacking– selection of small e : some of the messages can be
hacked
![Page 29: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/29.jpg)
29
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
The RSA-based encryption 4
• Preparation of the RSA parameters– methods for selection of p and q and for the
factorisation of n– the prime-dissociation current highest efficiency– finding primes– selection of parameter d – selection of parameter e– the RSA summing up and evaluation
![Page 30: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/30.jpg)
30
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Functional encrypting
• Encrypting data files
• RSA SecurID method– advantages– disadvantages
![Page 31: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/31.jpg)
31
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
The SHIELD-system 1
• Inventor and developer of the SHIELD-program is:Balogh Zoltán
• The SHIELD function– Operation– Attributes
• countermoves• signal• notes
![Page 32: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/32.jpg)
32
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
The SHIELD-system 2
• Comparison with other defence systems
– with the DES
– with the RSA
![Page 33: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/33.jpg)
33
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Firewall and e-mail screening 1
• The structure of the security system of a local area networked organisation– Usually steps of building up the security system– Security-policy– E-mail– Outer connection from the Internet
![Page 34: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/34.jpg)
34
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Firewall and e-mail screening 2
• The firewall configuration– The network tools of the firewall – Risks you want to avoid using a firewall– Filtering options– Firewall types– Downloads– AVG FREE EDITION
![Page 35: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/35.jpg)
35
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Firewall and e-mail screening 3
• E-mail screening– Arrange of scope of the screening– User-level screening– Spam notification– The attachment-screening
![Page 36: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/36.jpg)
36
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Laws for data-security
• Current laws in Hungary• Current laws in the European Union
![Page 37: E-Commerce Engineer - Security in E-Commerce](https://reader036.vdocuments.mx/reader036/viewer/2022081501/56813736550346895d9ec5d7/html5/thumbnails/37.jpg)
37
E-COMMERCE JOBS This project (Project number: HU/01/B/F/PP-136012) is carried out with the financial support of the Commssion of the European Communities under the Leonardo da Vinci Programme
Database ModelsVer: 1.0
Other information
• MTA SZTAKI– Post Address: H-1518 Budapest, P.O. Box 63.– Phone: +36 (1) 279-6000– Telefax: +36 (1) 466-7503
• Éva Feuer– Post Address: H-1518 Budapest, P.O. Box 63.– Phone: +36 (1) 279-6285– Telefax: +36 (1) 466-7503