security on the internet

8/2/2019 Security on the Internet

1/30

The authenticity of the identity of

both parties

is how to know the participant of the

negotiation is not counterfeited by someone

else.

If we are negotiating with some cheater, we

might let out some important information,

which may cause serious losses.

How can we judge whether a document

comes from someone really as declared?


2/30

The secrecy of information exchange

Secrecy in the process of negotiation, a tremendousamount of information should be exchanged, whichusually includes the names, prices, quality of thecommodities, as well as the time and place of the

commodity exchange. All such information has great value and needs to be

protected.

If the information is divulged to the competitors, theyare likely to take advantage of what they know so as tocause tremendous losses to the negotiator.

Thus it is of great importance as to keep the crucialinformation confidential.


3/30

The integrity of information

How can the receiving party make sure that

the information received is the complete

message that is sent from the other party?

And is the message not replaced by another

faked message in the process of being

transmitted.


4/30

Non-repudiation

If one party wants to invalidate the contract

which has been signed because of adverse

marketing situations, one of the choices it may

make is to deny authenticity of the

agreement.

Issues like these are also very important

problems encountered in the e-commerceprocess.


5/30

Privacy protection problem

In the traditional commercial process, when we goshopping, we check the commodity and pay for it inperson.

The vendor would not know who we are. In the e-shopping process, however, the registration is requiredall the time, which may reveal a lot of privateinformation such as gender, age, occupation, income,ID number and credit card number.

But how can we know that our private information isprotected rather than illegally used?


6/30

The security problems originated

from the Internet itself

The Internet is a free and open world, which enablesthe global information exchange.

On the other hand, it provides a convenient way togather and distribute private data.

Secondly, the diversity of the Internet users is also athreat to security. Since the information is transmittedonline via the routers while the users cannot knowwhich one of the routers are involved in the process, itis possible that someone will be able to view the usersinformation by scanning and tracking data.

So any online data is possible to be eavesdropped.


7/30

INTENTIONAL E-COMMERCE THREATS

Computer viruses

Trojan horses

Logic bombs Trap doors

Denial-of-access attacks


8/30

COMPUTER VIRUSES

A computer virus is a series of self-propagatingprogram codes triggered by a specified time orevent within the computer system.

When the program or the operating systemcontaining the virus is used again, the virusattaches itself to other files and the cyclecontinues.

The seriousness of computer viruses varies,

ranging from springing a joke on a user tocompletely destroying computer programs anddata.


9/30

COMPUTER VIRUSES

Computer viruses can also be transmitted

through a network.

Probably the most dangerous type of virus comes

from bulletin boards; this type of virus can infectany system that accesses the bulletin board.

Bulletin boards are computer systems to which

different individuals can post messages orcomputer programs that can be downloaded by

others.


10/30

COMPUTER WORM

A worm is similar to a computer virus.

It is called a worm because it travels like a worm

from one computer in a network to another

computer or site.

A worm usually does not erase the data. It either

corrupts the data or it copies itself to a full-blown

version that eats up computing resources. Eventually it will bring the computer and/or

network to a halt.


11/30

TROJAN HORSE

A Trojan horse program contains codes intended todisrupt a computer system and or an e-commerce site.

Trojan horse programs are usually hidden inside apopular useful program.

These programs may erase accounting, personnel, andfinancial data.

Unlike computer viruses and worms, a Trojan horseprogram does not replicate itself.

Although a Trojan horse program functions differentlythan viruses and worms, the end results are basicallythe same: damage and interruption of the computerand/or network system.


12/30

LOGIC BOMBS

A logic bomb is a type of Trojan horse used torelease a virus, a worm, or some otherdestructive code.

Logic bombs are triggered at a certain point intime or by an event or an action performed by auser.

An action can be pressing certain keystrokes or

running a specific program. An event may be loading a backup tape or the

birthday of a famous person.


13/30

TRAP DOORS

A trap door (also called a back door) is a routinebuilt into a system by its designer or programmer.

This routine allows the designer or the

programmer to sneak back into the system toaccess software or specific programs.

A trap door is usually activated by the individual(or his or her agent) who designed the system.

Usually the user is not aware of the problem; akeystroke combination or a specific login may setit off.


14/30

DENIAL-OF-ACCESS ATTACKS

A denial-of-service attack is a method hackers

and crackers use to prevent or deny legitimate

users access to a computer or web server.

Just imagine, 5,000 or more people surround a

department store and block everybody who

wants to enter the store.

Although the store is open, it cannot provide

service to its legitimate customers.


15/30


These computer criminals use tools that send

many requests to a targeted Internet server

(usually the Web, file transfer protocol, or mail

server), which floods the servers resources,

making the system unusable.

Any system connected to the Internet running

Transmission Control Protocol services aresubject to attack.


16/30


Just imagine continuous phone calls to atraditional store.

As soon as the store clerk picks up the phone,

he or she finds out that this is a prank call. If this process continues, it prohibits the

stores legitimate customers to get hold of the

store operator and use the stores services orproducts.

This is similar to denial-of-service attacks.


17/30


The assaults are all of a type known asdistributed denial-of-service attacks, inwhich a web site is bombarded with

thousands of requests for information in avery short period of time, causing it to grind toa halt.

The attacks usually come from severalcomputers on the Web, and this makes itdifficult to trace the attacks


18/30


A hacker secretly plants denial-of-accessattack tools on several computers on the Web.

These computers can be centrally controlled.

The methods of how and what resources areflooded differ based on the tools used by thehackers.

It is nearly impossible to trace the attack,particularly if the attacks come from severalsites.


19/30

SECURITY MEASURES AND

ENFORCEMENTS FOR E-COMMERCE

Biometric securities

Non-biometric securities

Physical securities Software securities

Electronic transactions securities

CERT


20/30

BIOMETRIC SECURITIES

Biometric security measures use elementsfrom the human body to screen users.

These security measures rely on the concept

that a unique part or characteristic of anindividual cannot be stolen, lost, copied, orpassed on to others.

Some of the drawbacks of biometrics are theirrelative high cost, acceptance by users, andthe relative difficulty of installation.


21/30


Fingerprint: Whenever a user tries to access the system, his or herfingerprint is scanned and verified against the print stored in anelectronic file. If there is a match, the access request is granted. Ifthere is no match, access is rejected.

Hand geometry: Hand geometry measures the length of fingers on

both hands, the translucence of the fingertips, and the webbingbetween the fingers.

Palm-print: The individual characteristics of the palm are used toidentify the user. Palm-print is used by law-enforcement agencies tocatch criminals.

Retinal scanning: Retinal scanning using a binocular eye camera is

one of the most successful methods for security application.Identification of the user is verified by data stored in a computerfile.


22/30


Signature analysis: Signature analysis uses the signature aswell as the users pattern, pressure deviation, acceleration,and the length of the time needed to sign ones name.

Voice recognition: Voice recognition translates words intodigital patterns for transmission to the server. Voicepatterns are recorded and examined by tone, pitch, and soforth. This technique is relatively new, and research isongoing. Using voice to verify user identity has onecharacteristic that most other biometric technologiescannot offer. Voice recognition can work over long

distances via ordinary telephones. A properly designedvoice-based security system could provide majorenhancements to the safety of financial transactionsconducted over the telephone.


23/30

NONBIOMETRIC SECURITIES

Callback Modems: Using a callback modem,

the system validates access by logging the

user off and calling the user back. By doing

this the system separates authorized usersfrom unauthorized users.


24/30

NONBIOMETRIC SECURITIES

Callback Modems

Firewalls

Intrusion-Detection Systems


25/30

Callback Modems

Callback Modems: Using a callback modem,

the system validates access by logging the

user off and calling the user back.

By doing this the system separates authorized

users from unauthorized users.


26/30

Firewalls

A firewall is a combination of hardware and

software that serves as a gateway between

the private network and the Internet.

Predefined access and scope of use are

required, and all other requests are blocked.

An effective firewall should protect both the

export and import of data from and to the

private network.


27/30

Firewalls

A firewalls protection is similar to a house

with walls, windows, and doors.

The walls and doors of the house prevent

unauthorized people from getting in, while

the windows still allow those in the house to

see the outside.


28/30

Firewalls

If designed effectively, a firewall can look at

every piece of data that passes into or out of a

private network and decide whether to allow

the passage based on the following:

User identification

Point of origin

Point of destination

The information contents


29/30

Firewalls

By careful examination of the packet that is

trying to exit from or enter into the private

network, a firewall can choose one of the

following actions:

Reject the incoming packet

Send a warning to the network administrator


30/30

Firewalls

By careful examination of the packet that is

trying to exit from or enter into the private

network, a firewall can choose one of the

following actions:

Reject the incoming packet

Send a warning to the network administrator

security on the internet

Documents