ect 582 secure electronic commerce professor robin burke
Post on 30-Dec-2015
Embed Size (px)
ECT 582Secure Electronic CommerceProfessor Robin Burke
OutlineIntroductionsCourse and SyllabusSecurityE-Commerce
IntroductionsStudent information sheet
AdministrativaContacting meCS&T 453x firstname.lastname@example.orgCourse web sitehttp://josquin.cs.depaul.edu/~rburke/courses/w04/ect360/
About Me2nd year at CTIPhD in AI, 1993ResearchAI applications in E-Commerce"smart catalogs"Taught web development since 1996Founded an e-commerce company
CoursePublic key infrastructurehow to enable large-scale secure messaging?Secure transactionsSecuring hosts and applicationsPrivacy
GradingSix assignments 35%Midterm 25% Final 30%Participation 10%
GradingThree ComponentsKnowledgeDoes the work display correct technical knowledge?ReasoningDoes the work indicate good problem-solving skills?CommunicationIs the answer well-written English?
Grading, cont'dA = Excellent workThorough knowledge of the subject matterWell-considered and creative solutionsWell-written answersB = Very good workComplete knowledge of the subject matterNo major errors of reasoning in problem solutionsCompetent written answersC = Average workSome gaps in knowledge of subject matterSome errors or omissions in problem solvingWritten answers may contain grammatical and other errorsD = Below average workSubstantial gaps in knowledge of subject matter.Problem solving incomplete or incorrectPoor English in written answers
Discussion ForumImportant for this courseMore DL than local studentsAutomatically mailed to all studentsUsesQuestions about assignmentsAnnouncementsDiscussion about security issuesDL studentsrequired to post at least weeklyAll studentscomponent of "Participation Grade"
Securityfreedom from danger, risk, etc.: safetyfreedom from care, apprehension or doubt; well-founded confidencesomething that secures or makes safe; protection; defenseprecautions taken to guard against theft, sabotage, the stealing of military secrets, etcWebsters Encyclopedic Unabridged Dictionary of the English Language
E-Commercethe process of electronically buying and selling goods, services and information, and the maintenance of all the relationships, both personal and organizational, required for an electronic marketplace to function.
What are we securing?
Post-9/11 realitiesAspects of business operations may impact public safety
Inherent HazardE-commerce opens a hole for interacting with an organization Any Internet user can attack that openingGood designMinimizes the risk associated with enabling e-commerceWhile still preserving its benefitsBad designFails to reduce the risks of e-commerce, orEliminates the benefits of e-commerce
AssetsFinancialCustomer dataProprietary infoReputationSystems
Is e-commerce different?Need for physical proximityDifferences in documents
Physical documentsSemi-permanence of ink embedded in paper fibersParticular printing processletterheadwatermarkBiometrics of signatureTime stampObviousness of modifications, interlineations, and deletions
Computer documentsComputer-based records can be modified freely and without detectionSupplemental control mechanisms must be applied to achieve a level of trustworthiness comparable to that on paperLess permanent, too
Legal differencesIn some cases, possession mattersnegotiable document of titlecash money
Loss of assetsPhysical assetsloss = theft or destructionInformation assetsloss = violation ofconfidentialityavailabilityintegrityauthenticity
AttackersClass 0casual passerbyClass 1capable outsiderClass 2knowledgeable insiderClass 3determined organization
E-CommerceProximity is not an issueScaleMany, many Class 1 attackersMutabilityEasy for insiders to cover their tracks
AttackAny action that compromises the security of an e-commerce systemSimplifying assumptionsecurity = protecting messages
Passive vs activePassiveAttacker monitors communicationdisclose contentsbut also traffic analysisActiveAttacker interferes with communicationgenerates messagesprevents transmission or reception
Basic attack typesInterceptionInterruptionModificationFabrication
InterceptionAttack on confidentiality
Example: Password snifferProgram to capture user id / password infoCase in Tokyosniffer installed at Internet cafe16 million Yen stolen
InterruptionAttack on availability
Example: SYN floodingsend open request for TCP connection but dont respond to handshakedo this over and over againeventually server can't accept new connections
ModificationAttack on integrity
Example: Shareware trojanAlice posts a shareware applicationEve modifies it to contain her virusBob downloads the modified version
FabricationAttack on authenticity
Example: Session hijackingTaking over active sessions after Alice leavesbefore application times outBypass the authentication processhave Alice's privileges
ProtocolA set of formal rules describing how to transmit data, especially across a network....High level protocols deal with the data formatting, including the syntax of messages, the terminal to computer dialogue, character sets, sequencing of messages etc. FOLDOC
To describe a protocolThe roleswho participatesThe stepshow the interaction unfoldsThe messagessyntax and meaning of messages sent and receivedThe processprocessing by each player
Example: Homework protocolInstructor hands out assignmentincludes requirements and due dateStudent performs assignmentsubmits by due dateInstructor grades assignmentgrade is incorporated into course databaseGraded work is returned to student
Protocol securityGenerally we talk about the protecting the protocol messagesDifferent protocols have different security characteristicsHomework protocol is not secure against fabricationTest taking protocol is more secureAttacks can target different protocol steps"grader" example
RiskRisk isvalue of loss * probability of lossBoth can be hard to quantify Risk managementprocess of analyzing and mitigating riskone technique is historicalwhat losses have others suffered?
What are the primary risks?Disclosure of proprietary informationDenial of serviceVirus attacksInsider net abuseFinancial fraudSabotageCSI/FBI 2003 Computer Crime and Security SurveyTotal value of losses: $200 million
Secondary risksDamage to relations with customer or business partnersLegal, public relations, or business resumption costPublic relations damageUptake failure due to lack of confidence
Secure E-CommerceNot E-Commerce Risk ManagementVery big topicstrategyarchitecturetechnology
Security strategyThreatswhat is valuable?who might want it?Vulnerabilitieswhere is the organization exposed?Defenses what can be done to manage the risks?Legalwhat liabilities and legal requirements exist?
Security architecturePeoplehow are they hired, trained, monitored, audited?Systemswhat systems exist?how are systems connected to each and to the larger Internet?Procedureshow are systems used?who gets access to what under what circumstances?
Security technologyMain focus of this courseSpecific technologies for achieving security-related goalsButmeaningless in the absence of a strategy and an architecture
Secure E-CommerceTechnologies for securing the protocols of electronic commerceOne component of risk managementnot the only componentsometimes not even the most importantbut a basic safeguard
What can technology provide?ConfidentialityAuthenticationIntegrityNon-repudiationAccess controlAvailability
ConfidentialityProtects against interceptionEnsures that a message is only readable by intended recipientTechnologyEncryption
AuthenticationProtects against fabricationEnsures that the origin of a message or electronic document is correctly identified, with assurance that the identity is not falseTechnologyUser Id/PasswordDigital certificates
IntegrityProtects against modificationEnsures that only authorized parties are able to modify an electronic document orAllow modification to be detectedTechnologyDigital signatures
Non-repudiationProtects against an e-commerce participant acting in bad faithRequire that neither the sender nor the receiver of a message be able to deny the transmissionTechnology(Complicated)
Access controlProtects against unauthorized accessAllows the establishment of fine-grained control over access to files and applications for different users and groupsTechnology(Various, usually tied to authentication)
AvailabilityProtects against interruptionRequires that computer system asset be available to authorized parties when neededTechnology(Many)
The big pictureSecurity is a multi-faceted feature of information systemsAn organization needsA security strategy tailored for its particular needsA security architecture that addresses that strategySecurity technology to realize the architecture
Assignment #1Subscribe to CERT Advisory mailing listPost on the "Test" forumRISKS Reaction paperDue before class startsNo late assignments!
Next weekCryptographyReadingFord & Baum, Ch. 1 & 4Risks DigestShould be prepared for discussion