ect 582 secure electronic commerce professor robin burke

Download ECT 582 Secure Electronic Commerce Professor Robin Burke

Post on 30-Dec-2015




4 download

Embed Size (px)


  • ECT 582Secure Electronic CommerceProfessor Robin Burke

  • OutlineIntroductionsCourse and SyllabusSecurityE-Commerce

  • IntroductionsStudent information sheet

  • AdministrativaContacting meCS&T 453x 25910rburke@cs.depaul.eduCourse web site

  • About Me2nd year at CTIPhD in AI, 1993ResearchAI applications in E-Commerce"smart catalogs"Taught web development since 1996Founded an e-commerce company

  • CoursePublic key infrastructurehow to enable large-scale secure messaging?Secure transactionsSecuring hosts and applicationsPrivacy

  • GradingSix assignments 35%Midterm 25% Final 30%Participation 10%

  • GradingThree ComponentsKnowledgeDoes the work display correct technical knowledge?ReasoningDoes the work indicate good problem-solving skills?CommunicationIs the answer well-written English?

  • Grading, cont'dA = Excellent workThorough knowledge of the subject matterWell-considered and creative solutionsWell-written answersB = Very good workComplete knowledge of the subject matterNo major errors of reasoning in problem solutionsCompetent written answersC = Average workSome gaps in knowledge of subject matterSome errors or omissions in problem solvingWritten answers may contain grammatical and other errorsD = Below average workSubstantial gaps in knowledge of subject matter.Problem solving incomplete or incorrectPoor English in written answers

  • Discussion ForumImportant for this courseMore DL than local studentsAutomatically mailed to all studentsUsesQuestions about assignmentsAnnouncementsDiscussion about security issuesDL studentsrequired to post at least weeklyAll studentscomponent of "Participation Grade"

  • Securityfreedom from danger, risk, etc.: safetyfreedom from care, apprehension or doubt; well-founded confidencesomething that secures or makes safe; protection; defenseprecautions taken to guard against theft, sabotage, the stealing of military secrets, etcWebsters Encyclopedic Unabridged Dictionary of the English Language

  • E-Commercethe process of electronically buying and selling goods, services and information, and the maintenance of all the relationships, both personal and organizational, required for an electronic marketplace to function.

  • What are we securing?

  • Post-9/11 realitiesAspects of business operations may impact public safety

  • Inherent HazardE-commerce opens a hole for interacting with an organization Any Internet user can attack that openingGood designMinimizes the risk associated with enabling e-commerceWhile still preserving its benefitsBad designFails to reduce the risks of e-commerce, orEliminates the benefits of e-commerce

  • Basic conceptsAssetsAttackersAttacksProtocolRisk

  • AssetsFinancialCustomer dataProprietary infoReputationSystems

  • Is e-commerce different?Need for physical proximityDifferences in documents

  • Physical documentsSemi-permanence of ink embedded in paper fibersParticular printing processletterheadwatermarkBiometrics of signatureTime stampObviousness of modifications, interlineations, and deletions

  • Computer documentsComputer-based records can be modified freely and without detectionSupplemental control mechanisms must be applied to achieve a level of trustworthiness comparable to that on paperLess permanent, too

  • Legal differencesIn some cases, possession mattersnegotiable document of titlecash money

  • Loss of assetsPhysical assetsloss = theft or destructionInformation assetsloss = violation ofconfidentialityavailabilityintegrityauthenticity

  • AttackersClass 0casual passerbyClass 1capable outsiderClass 2knowledgeable insiderClass 3determined organization

  • E-CommerceProximity is not an issueScaleMany, many Class 1 attackersMutabilityEasy for insiders to cover their tracks

  • AttackAny action that compromises the security of an e-commerce systemSimplifying assumptionsecurity = protecting messages

  • Passive vs activePassiveAttacker monitors communicationdisclose contentsbut also traffic analysisActiveAttacker interferes with communicationgenerates messagesprevents transmission or reception

  • Normal messaging

  • Basic attack typesInterceptionInterruptionModificationFabrication

  • InterceptionAttack on confidentiality

  • Example: Password snifferProgram to capture user id / password infoCase in Tokyosniffer installed at Internet cafe16 million Yen stolen

  • InterruptionAttack on availability

  • Example: SYN floodingsend open request for TCP connection but dont respond to handshakedo this over and over againeventually server can't accept new connections

  • ModificationAttack on integrity

  • Example: Shareware trojanAlice posts a shareware applicationEve modifies it to contain her virusBob downloads the modified version

  • FabricationAttack on authenticity

  • Example: Session hijackingTaking over active sessions after Alice leavesbefore application times outBypass the authentication processhave Alice's privileges

  • ProtocolA set of formal rules describing how to transmit data, especially across a network....High level protocols deal with the data formatting, including the syntax of messages, the terminal to computer dialogue, character sets, sequencing of messages etc. FOLDOC

  • To describe a protocolThe roleswho participatesThe stepshow the interaction unfoldsThe messagessyntax and meaning of messages sent and receivedThe processprocessing by each player

  • Example: Homework protocolInstructor hands out assignmentincludes requirements and due dateStudent performs assignmentsubmits by due dateInstructor grades assignmentgrade is incorporated into course databaseGraded work is returned to student

  • Protocol securityGenerally we talk about the protecting the protocol messagesDifferent protocols have different security characteristicsHomework protocol is not secure against fabricationTest taking protocol is more secureAttacks can target different protocol steps"grader" example

  • RiskRisk isvalue of loss * probability of lossBoth can be hard to quantify Risk managementprocess of analyzing and mitigating riskone technique is historicalwhat losses have others suffered?

  • What are the primary risks?Disclosure of proprietary informationDenial of serviceVirus attacksInsider net abuseFinancial fraudSabotageCSI/FBI 2003 Computer Crime and Security SurveyTotal value of losses: $200 million

  • Secondary risksDamage to relations with customer or business partnersLegal, public relations, or business resumption costPublic relations damageUptake failure due to lack of confidence

  • Secure E-CommerceNot E-Commerce Risk ManagementVery big topicstrategyarchitecturetechnology

  • Security strategyThreatswhat is valuable?who might want it?Vulnerabilitieswhere is the organization exposed?Defenses what can be done to manage the risks?Legalwhat liabilities and legal requirements exist?

  • Security architecturePeoplehow are they hired, trained, monitored, audited?Systemswhat systems exist?how are systems connected to each and to the larger Internet?Procedureshow are systems used?who gets access to what under what circumstances?

  • Security technologyMain focus of this courseSpecific technologies for achieving security-related goalsButmeaningless in the absence of a strategy and an architecture

  • Secure E-CommerceTechnologies for securing the protocols of electronic commerceOne component of risk managementnot the only componentsometimes not even the most importantbut a basic safeguard

  • What can technology provide?ConfidentialityAuthenticationIntegrityNon-repudiationAccess controlAvailability

  • ConfidentialityProtects against interceptionEnsures that a message is only readable by intended recipientTechnologyEncryption

  • AuthenticationProtects against fabricationEnsures that the origin of a message or electronic document is correctly identified, with assurance that the identity is not falseTechnologyUser Id/PasswordDigital certificates

  • IntegrityProtects against modificationEnsures that only authorized parties are able to modify an electronic document orAllow modification to be detectedTechnologyDigital signatures

  • Non-repudiationProtects against an e-commerce participant acting in bad faithRequire that neither the sender nor the receiver of a message be able to deny the transmissionTechnology(Complicated)

  • Access controlProtects against unauthorized accessAllows the establishment of fine-grained control over access to files and applications for different users and groupsTechnology(Various, usually tied to authentication)

  • AvailabilityProtects against interruptionRequires that computer system asset be available to authorized parties when neededTechnology(Many)

  • The big pictureSecurity is a multi-faceted feature of information systemsAn organization needsA security strategy tailored for its particular needsA security architecture that addresses that strategySecurity technology to realize the architecture

  • Assignment #1Subscribe to CERT Advisory mailing listPost on the "Test" forumRISKS Reaction paperDue before class startsNo late assignments!

  • Next weekCryptographyReadingFord & Baum, Ch. 1 & 4Risks DigestShould be prepared for discussion