ect 582 secure electronic commerce professor robin burke
TRANSCRIPT
ECT 582Secure Electronic Commerce
Professor Robin Burke
Outline
Introductions Course and Syllabus Security E-Commerce
Introductions
Student information sheet
Administrativa
Contacting meCS&T 453x [email protected]
Course web sitehttp://josquin.cs.depaul.edu/~rburke/
courses/w04/ect360/
About Me
2nd year at CTI PhD in AI, 1993 Research
AI applications in E-Commerce"smart catalogs"
Taught web development since 1996 Founded an e-commerce company
Course
Public key infrastructurehow to enable large-scale secure
messaging? Secure transactions Securing hosts and applications Privacy
Grading
Six assignments – 35% Midterm – 25% Final – 30% Participation – 10%
Grading
Three Components Knowledge
Does the work display correct technical knowledge?
Reasoning Does the work indicate good problem-solving
skills? Communication
Is the answer well-written English?
Grading, cont'd
A = Excellent work Thorough knowledge of the subject matter Well-considered and creative solutions Well-written answers
B = Very good work Complete knowledge of the subject matter No major errors of reasoning in problem solutions Competent written answers
C = Average work Some gaps in knowledge of subject matter Some errors or omissions in problem solving Written answers may contain grammatical and other errors
D = Below average work Substantial gaps in knowledge of subject matter. Problem solving incomplete or incorrect Poor English in written answers
Discussion Forum
Important for this course More DL than local students Automatically mailed to all students
Uses Questions about assignments Announcements Discussion about security issues
DL students required to post at least weekly
All students component of "Participation Grade"
Security
1. freedom from danger, risk, etc.: safety2. freedom from care, apprehension or doubt;
well-founded confidence3. something that secures or makes safe;
protection; defense4. precautions taken to guard against theft,
sabotage, the stealing of military secrets, etc
– Webster’s Encyclopedic Unabridged Dictionary of the English Language
E-Commerce
the process of electronically buying and selling goods, services and information, and the maintenance of all the relationships, both personal and organizational, required for an electronic marketplace to function.
What are we securing?
Post-9/11 realities
Aspects of business operations may impact public safety
Inherent Hazard
E-commerce opens a hole for interacting with an organization Any Internet user can attack that opening
Good design Minimizes the risk associated with enabling
e-commerce While still preserving its benefits
Bad design Fails to reduce the risks of e-commerce, or Eliminates the benefits of e-commerce
Basic concepts
Assets Attackers Attacks Protocol Risk
Assets
Financial Customer data Proprietary info Reputation Systems
Is e-commerce different?
Need for physical proximity Differences in documents
Physical documents
Semi-permanence of ink embedded in paper fibers
Particular printing process letterhead watermark
Biometrics of signature Time stamp Obviousness of modifications,
interlineations, and deletions
Computer documents
Computer-based records can be modified freely and without detection
Supplemental control mechanisms must be applied to achieve a level of trustworthiness comparable to that on paper
Less permanent, too
Legal differences
In some cases, possession mattersnegotiable document of titlecash money
Loss of assets
Physical assetsloss = theft or destruction
Information assetsloss = violation of
• confidentiality• availability• integrity• authenticity
Attackers
Class 0casual passerby
Class 1capable outsider
Class 2knowledgeable insider
Class 3determined organization
E-Commerce
Proximity is not an issue Scale
Many, many Class 1 attackers Mutability
Easy for insiders to cover their tracks
Attack
Any action that compromises the security of an e-commerce system
Simplifying assumptionsecurity = protecting messages
Passive vs active
PassiveAttacker monitors communication
• disclose contents• but also traffic analysis
ActiveAttacker interferes with
communication• generates messages• prevents transmission or reception
Normal messaging
Alice Bob
Eve
Basic attack types
Interception Interruption Modification Fabrication
Interception
Attack on confidentiality
Alice Bob
Eve
Example: Password sniffer
Program to capture user id / password info
Case in Tokyosniffer installed at Internet cafe16 million Yen stolen
Interruption
Attack on availability
Alice Bob
Eve
Example: SYN flooding
send open request for TCP connection but don’t respond to handshake
do this over and over again eventually server can't accept new
connections
Modification
Attack on integrity
Alice Bob
Eve
Example: Shareware trojan
Alice posts a shareware application Eve modifies it to contain her virus Bob downloads the modified version
Fabrication
Attack on authenticity
Alice Bob
Eve
Example: Session hijacking
Taking over active sessions after Alice leavesbefore application times out
Bypass the authentication processhave Alice's privileges
Protocol
A set of formal rules describing how to transmit data, especially across a network....High level protocols deal with the data formatting, including the syntax of messages, the terminal to computer dialogue, character sets, sequencing of messages etc.
– FOLDOC
To describe a protocol
The roles who participates
The steps how the interaction unfolds
The messages syntax and meaning of messages sent and
received The process
processing by each player
Example: Homework protocol Instructor hands out assignment
includes requirements and due date Student performs assignment
submits by due date Instructor grades assignment
grade is incorporated into course database
Graded work is returned to student
Protocol security
Generally we talk about the protecting the protocol messages
Different protocols have different security characteristics Homework protocol is not secure against
fabrication Test taking protocol is more secure
Attacks can target different protocol steps "grader" example
Risk
Risk isvalue of loss * probability of loss
Both can be hard to quantify Risk management
process of analyzing and mitigating risk
one technique is historical• what losses have others suffered?
What are the primary risks?
1. Disclosure of proprietary information2. Denial of service3. Virus attacks4. Insider net abuse5. Financial fraud6. Sabotage
- CSI/FBI 2003 Computer Crime and Security Survey
Total value of losses: $200 million
Secondary risks
Damage to relations with customer or business partners
Legal, public relations, or business resumption cost
Public relations damage Uptake failure due to lack of
confidence
Secure E-Commerce
Not E-Commerce Risk Management Very big topic
strategyarchitecturetechnology
Security strategy
Threats what is valuable? who might want it?
Vulnerabilities where is the organization exposed?
Defenses what can be done to manage the risks?
Legal what liabilities and legal requirements exist?
Security architecture
People how are they hired, trained, monitored,
audited? Systems
what systems exist? how are systems connected to each and to
the larger Internet? Procedures
how are systems used? who gets access to what under what
circumstances?
Security technology
Main focus of this course Specific technologies for achieving
security-related goals But
meaningless in the absence of a strategy and an architecture
Secure E-Commerce
Technologies for securing the protocols of electronic commerce
One component of risk managementnot the only componentsometimes not even the most
importantbut a basic safeguard
What can technology provide?
Confidentiality Authentication Integrity Non-repudiation Access control Availability
Confidentiality
Protects against interception Ensures that a message is only
readable by intended recipient Technology
Encryption
Authentication
Protects against fabrication Ensures that the origin of a message
or electronic document is correctly identified, with assurance that the identity is not false
TechnologyUser Id/PasswordDigital certificates
Integrity
Protects against modification Ensures that only authorized parties
are able to modify an electronic document or
Allow modification to be detected Technology
Digital signatures
Non-repudiation
Protects against an e-commerce participant acting in bad faith
Require that neither the sender nor the receiver of a message be able to deny the transmission
Technology(Complicated)
Access control
Protects against unauthorized access Allows the establishment of fine-
grained control over access to files and applications for different users and groups
Technology(Various, usually tied to
authentication)
Availability
Protects against interruption Requires that computer system asset
be available to authorized parties when needed
Technology(Many)
The big picture
Security is a multi-faceted feature of information systems
An organization needsA security strategy tailored for its
particular needsA security architecture that addresses
that strategySecurity technology to realize the
architecture
Assignment #1
Subscribe to CERT Advisory mailing list
Post on the "Test" forum RISKS Reaction paper Due before class starts
No late assignments!
Next week
Cryptography Reading
Ford & Baum, Ch. 1 & 4Risks Digest
Should be prepared for discussion