ECT 582Secure Electronic Commerce

Professor Robin Burke

Outline

Introductions Course and Syllabus Security E-Commerce

Introductions

Student information sheet

Administrativa

Contacting meCS&T 453x 25910rburke@cs.depaul.edu

Course web sitehttp://josquin.cs.depaul.edu/~rburke/

courses/w04/ect360/

About Me

2nd year at CTI PhD in AI, 1993 Research

AI applications in E-Commerce"smart catalogs"

Taught web development since 1996 Founded an e-commerce company

Course

Public key infrastructurehow to enable large-scale secure

messaging? Secure transactions Securing hosts and applications Privacy

Grading

Six assignments – 35% Midterm – 25% Final – 30% Participation – 10%

Grading

Three Components Knowledge

Does the work display correct technical knowledge?

Reasoning Does the work indicate good problem-solving

skills? Communication

Is the answer well-written English?

Grading, cont'd

A = Excellent work Thorough knowledge of the subject matter Well-considered and creative solutions Well-written answers

B = Very good work Complete knowledge of the subject matter No major errors of reasoning in problem solutions Competent written answers

C = Average work Some gaps in knowledge of subject matter Some errors or omissions in problem solving Written answers may contain grammatical and other errors

D = Below average work Substantial gaps in knowledge of subject matter. Problem solving incomplete or incorrect Poor English in written answers

Discussion Forum

Important for this course More DL than local students Automatically mailed to all students

Uses Questions about assignments Announcements Discussion about security issues

DL students required to post at least weekly

All students component of "Participation Grade"

Security

1. freedom from danger, risk, etc.: safety2. freedom from care, apprehension or doubt;

well-founded confidence3. something that secures or makes safe;

protection; defense4. precautions taken to guard against theft,

sabotage, the stealing of military secrets, etc

– Webster’s Encyclopedic Unabridged Dictionary of the English Language

E-Commerce

the process of electronically buying and selling goods, services and information, and the maintenance of all the relationships, both personal and organizational, required for an electronic marketplace to function.

What are we securing?

Post-9/11 realities

Aspects of business operations may impact public safety

Inherent Hazard

E-commerce opens a hole for interacting with an organization Any Internet user can attack that opening

Good design Minimizes the risk associated with enabling

e-commerce While still preserving its benefits

Bad design Fails to reduce the risks of e-commerce, or Eliminates the benefits of e-commerce

Basic concepts

Assets Attackers Attacks Protocol Risk

Assets

Financial Customer data Proprietary info Reputation Systems

Is e-commerce different?

Need for physical proximity Differences in documents

Physical documents

Semi-permanence of ink embedded in paper fibers

Particular printing process letterhead watermark

Biometrics of signature Time stamp Obviousness of modifications,

interlineations, and deletions

Computer documents

Computer-based records can be modified freely and without detection

Supplemental control mechanisms must be applied to achieve a level of trustworthiness comparable to that on paper

Less permanent, too

Legal differences

In some cases, possession mattersnegotiable document of titlecash money

Loss of assets

Physical assetsloss = theft or destruction

Information assetsloss = violation of

• confidentiality• availability• integrity• authenticity

Attackers

Class 0casual passerby

Class 1capable outsider

Class 2knowledgeable insider

Class 3determined organization

E-Commerce

Proximity is not an issue Scale

Many, many Class 1 attackers Mutability

Easy for insiders to cover their tracks

Attack

Any action that compromises the security of an e-commerce system

Simplifying assumptionsecurity = protecting messages

Passive vs active

PassiveAttacker monitors communication

• disclose contents• but also traffic analysis

ActiveAttacker interferes with

communication• generates messages• prevents transmission or reception

Normal messaging

Alice Bob

Eve

Basic attack types

Interception Interruption Modification Fabrication

Interception

Attack on confidentiality

Alice Bob

Eve

Example: Password sniffer

Program to capture user id / password info

Case in Tokyosniffer installed at Internet cafe16 million Yen stolen

Interruption

Attack on availability

Alice Bob

Eve

Example: SYN flooding

send open request for TCP connection but don’t respond to handshake

do this over and over again eventually server can't accept new

connections

Modification

Attack on integrity

Alice Bob

Eve

Example: Shareware trojan

Alice posts a shareware application Eve modifies it to contain her virus Bob downloads the modified version

Fabrication

Attack on authenticity

Alice Bob

Eve

Example: Session hijacking

Taking over active sessions after Alice leavesbefore application times out

Bypass the authentication processhave Alice's privileges

Protocol

A set of formal rules describing how to transmit data, especially across a network....High level protocols deal with the data formatting, including the syntax of messages, the terminal to computer dialogue, character sets, sequencing of messages etc.

– FOLDOC

To describe a protocol

The roles who participates

The steps how the interaction unfolds

The messages syntax and meaning of messages sent and

received The process

processing by each player

Example: Homework protocol Instructor hands out assignment

includes requirements and due date Student performs assignment

submits by due date Instructor grades assignment

grade is incorporated into course database

Graded work is returned to student

Protocol security

Generally we talk about the protecting the protocol messages

Different protocols have different security characteristics Homework protocol is not secure against

fabrication Test taking protocol is more secure

Attacks can target different protocol steps "grader" example

Risk

Risk isvalue of loss * probability of loss

Both can be hard to quantify Risk management

process of analyzing and mitigating risk

one technique is historical• what losses have others suffered?

What are the primary risks?

1. Disclosure of proprietary information2. Denial of service3. Virus attacks4. Insider net abuse5. Financial fraud6. Sabotage

- CSI/FBI 2003 Computer Crime and Security Survey

Total value of losses: $200 million

Secondary risks

Damage to relations with customer or business partners

Legal, public relations, or business resumption cost

Public relations damage Uptake failure due to lack of

confidence

Secure E-Commerce

Not E-Commerce Risk Management Very big topic

strategyarchitecturetechnology

Security strategy

Threats what is valuable? who might want it?

Vulnerabilities where is the organization exposed?

Defenses what can be done to manage the risks?

Legal what liabilities and legal requirements exist?

Security architecture

People how are they hired, trained, monitored,

audited? Systems

what systems exist? how are systems connected to each and to

the larger Internet? Procedures

how are systems used? who gets access to what under what

circumstances?

Security technology

Main focus of this course Specific technologies for achieving

security-related goals But

meaningless in the absence of a strategy and an architecture

Secure E-Commerce

Technologies for securing the protocols of electronic commerce

One component of risk managementnot the only componentsometimes not even the most

importantbut a basic safeguard

What can technology provide?

Confidentiality Authentication Integrity Non-repudiation Access control Availability

Confidentiality

Protects against interception Ensures that a message is only

readable by intended recipient Technology

Encryption

Authentication

Protects against fabrication Ensures that the origin of a message

or electronic document is correctly identified, with assurance that the identity is not false

TechnologyUser Id/PasswordDigital certificates

Integrity

Protects against modification Ensures that only authorized parties

are able to modify an electronic document or

Allow modification to be detected Technology

Digital signatures

Non-repudiation

Protects against an e-commerce participant acting in bad faith

Require that neither the sender nor the receiver of a message be able to deny the transmission

Technology(Complicated)

Access control

Protects against unauthorized access Allows the establishment of fine-

grained control over access to files and applications for different users and groups

Technology(Various, usually tied to

authentication)

Availability

Protects against interruption Requires that computer system asset

be available to authorized parties when needed

Technology(Many)

The big picture

Security is a multi-faceted feature of information systems

An organization needsA security strategy tailored for its

particular needsA security architecture that addresses

that strategySecurity technology to realize the

architecture

Assignment #1

Subscribe to CERT Advisory mailing list

Post on the "Test" forum RISKS Reaction paper Due before class starts

No late assignments!

Next week

Cryptography Reading

Ford & Baum, Ch. 1 & 4Risks Digest

Should be prepared for discussion