Security threats in the ecommerce environment

Dimensions of e-commerce security

Integrity
Customers view: has information I transmitted to received been altered? Merchants view: has data on the site been altered without authorization? Is the data being received from valid customers?

Nonrepudiation
Customers view: can a party to an action with me later deny taking the action? Merchants view: can a customer deny ordering products?

Dimensions of e-commerce security

authenticity
Customers view: who am I dealing with? How can I be assured that the person or entity is who they claim to be? Merchants view: what is the real identity of the customer?

Confidentiality
Customers view: can someone other than the intended recipient read my message? Merchants view: are messages or confidential data accessible to anyone other than those authorized to view them?

Dimensions of e-commerce security

Privacy
Customers view: can I control the use of information about myself transmitted to an e-Commerce merchant? Merchants view: what use, if any, can be made of personal data collected as part of an e-Commerce transaction? Is the personal information of customers being used in an unauthorized manner?

Availability
Customers view: can I get access to the site? Merchants view: is the site operational?

Security Threats
Malicious Code Hacking and Cybervandalism Credit card fraud Spoofing Denial of service attacks Sniffing Insider Jobs

Malicious Code
Also termed as Malware Includes viruses, worms, Trojan horses and bad applets Virus spreads from file to file Worms designed to spread from computer to computer Trojan horse
itself is not a virus Helps other malicious codes into the computer

Hacking and cyber vandalism

A hacker is an individual who intends to gain unauthorized access to a computer system. (The term cracker is typically used to denote a person with criminal intent) Cyber vandalism- more malicious intentions of disrupting, defacing, or even destroying the sites.

Hacking and cyber vandalism

On April Fools Day 2001, hackers targeted sites running Microsofts Internet Information Servers for defacement, hitting such high profile and diverse victims as Walt Disney Company, Wall Street Journals Web Watch and others.

Credit Card Fraud

In e-Commerce, the threat to the consumer is that the merchants server with which the consumer is transacting will lose the credit information or permit it to be diverted for a criminal purpose. Credit card file a major target of the web site hackers.

Spoofing
Hackers hide their true identity or misrepresent themselves. Spoofing can also involve redirecting a web link to an address different from the intended one. It doesnt damage files or network servers but threatens the integrity of a site.

Spoofing
For example if hackers redirect customers to a fake web site that looks almost exactly like the true site, they can then collect and process orders, effectively stealing business from the true sites. The intent can be to disrupt rather than steal- hackers can alter orders inflating them or canging products ordred.

Denial of service (DoS) attacks

In a denial of service attack, hackers flood a web site with useless traffic to overload the network. a Distributed DoS attack uses numerous computers to attack the target network. DoS attacks may cause a network to shut down, making it impossible for users to access the site. For busy e-Commerce sites such as eBay and Buy.com, these attacks are costly.

Sniffing
A sniffer is a type of eavesdropping program that monitors information traveling over a network. Sniffers enables hackers to steal proprietary information from anywhere on a network, including email messages, company files, and confidential reports. When used legitimately, can help identify potential network trouble-spots.

Insider job
Largest financial threat to business institutions come not from robberies, but from embezzlement by insiders. The same is true for e-Commerce. Some of the largest disruption of services, destruction to sites, and diversion of customer credit data and personal information have come from insiders once trusted employees.

Insider job
Example Jose worked as a computer security specialist for Collegeboardwalk.com, which shared office space and a computer network with Five Partners Asset Management, one of its investors. Jose altered the start-up commands on the Five Partners network to automatically send the password file from the system to an email account he controlled each time the Five Partners system was rebooted.

Insider job
After Collegeboardwalk.com failed, Jose installed a sniffer program that intercepted and recorded electronic traffic on the Five Partners network including unencrypted apsword. Jose was later caught when he used the sniffer program to snare a password into the network of another company and then erased that companys database.

Technology solutions for security

Encryption
Is the process of transforming plain text or data into cipher text that cannot be read by anyone outside of the sender and the receiver. The purpose is to
Secure stored information Secure information transmission

Encryption
Can provide
Message integrity provides assurance that the message has not been altered Nonrepudiation prevents the users from denying he or she sent the message Authentication provides verification of the identity of the person sending the message Confidentiality gives assurance that the message was not read by others

Encryption
The transformation is achieved by a key or cipher A key (cipher) is any method of transforming a text to cipher text. Substitution cipher
Every occurrence of a giver letter is replaced systematically by another letter.
HELLO to JGNNQ using letter plus two method

Transposition cipher
The ordering of letters in each word is changed in some systematic way
HELLO to OLLEH OR HLOEL

Symmetric Key Encryption (Secret Key Encryption)

Here, in order to decipher the message the receiver should know the secret cipher that was used to encrypt the plain text. The sender and the receiver use the same key to encrypt and decrypt the data. The key must be send through the communication channel or in person. The data can be stolen from the communication channel and the entire encryption system may fail.

Symmetric Key Encryption (Secret Key Encryption)

Secret Key Encryption: C = E(k,M) Secret Key Decryption: M = D(k,C)

C = E(k,M)

M = D(k,C)

Security requirement: Should be hard to discover k or M

Symmetric Key Encryption

In commercial use, where we all are not part of the same team, you may not need a secret key for each of the parties with whom you transacted. In large population of users, this may be as many as n(n-1) Most widely used symmetric key encryption is DES (Data Encryption Standard) developed by National Security Agency and IBM in 1950s.

Public Key Encryption

Two mathematically related digital keys are uesed.
Private key Public key

Private key is kept secret and the public key is disseminated Both the keys are used to encrypt and decrypt. Based on irreversible mathematical functions The keys are sufficiently long:128-, 256- and 512bit

Public Key Encryption

Public Key Encryption: C = F(e,M) ... e is public Public Key Decryption: M = F(d,C) ... d is secret Anyone can encrypt, only the person who knows d can decrypt Security requirement: Should be hard to discover d from e
C = F(e,M) M = F(d,C)

Steps in Public Key Encryption

1. The sender creates a digital massage 2. The sender obtains the recipients public key from the public directory and applies it to the message 3. Application of the recipients key produces an encrypted cipher text massage 4. An encrypted massage is sent over the internet 5. The recipient uses his/her private key to decrypt the message

Steps in Public Key Cryptography

2. Recipients public key 3. Message encrypted In cipher text 10101101110001 1. Original message Buy Cisco@$220

Sender 4. Internet 4. Internet

Recipient

5. Recipients private key

Buy Cisco@$220

Public Key Encryption

In this case, there is no guarantee that the sender really is the sender. This means the sender can deny ever sending the message (repudiation). A more sophisticated use of public key encryption can achieve authentication, nonrepudiation and integrity as discussed in the next approach.

Public Key Encryption using digital signatures and hash digests

1. The sender creates a digital message. 2. The sender applies the hash function, producing 128-bit hash result. 3. The sender encrypts the message and hash result using recipients public key. 4. The sender encrypts the result, again using his/her private key. 5. The result of this double encryption is sent over the internet.

Public Key Encryption using digital signatures and hash digests

6. The receiver uses the senders public key to authenticate the message. 7. The receiver uses his/her private key to decrypt the hash function and the original message. The receiver checks to ensure that the original message and the hash function results conform to one another.

Public Key Encryption using digital signatures

Hash digest 10101101110001 128 bit 2. Hash function 3. Recipients public key 4. senders private (digital signature) Cipher text (including hash digest) 5. Signed cipher text

1. Original message Buy Cisco@$220

Sender

Internet Internet

Recipient 6. Senders public key Hash 10101101110001 128 bit Authenticated Cipher 7. Recipients private key

Buy Cisco@$220

Digital Envelopes
1. Here, the large document is encrypted using a symmetric key. 2. The symmetric key-which the recipient will require to decrypt the document- is itself encrypted, using the recipients public key (key within key or digital envelope). 3. The encrypted report and the digital envelope are sent across the web. 4. The recipient first uses his/her private key to decrypt the symmetric key. 5. Then the recipient uses the symmetric key to decrypt the report.

Digital Envelopes
Use secret key encryption to encrypt the long message M Use public key encryption to encrypt the short key k Receiver uses public key decryption with d and obtains k Receiver uses secret key decryption with k and obtains M Faster than encrypting M using public key encryption Security requirement: Should be hard to obtain d from e or to discover k or M
F(e, k) k E(k,M) M C k Receiver k=F(d, k) M=D(k, C)

Public Key Cryptography: creating a digital envelope

Symmetric Session key Recipients public key Digital envelope Original message Encrypted message

Sender

Internet Internet

Recipient Symmetric Session key Original message Recipients private key

Digital Certificate and Public Key Infrastructure

1. Digital certificate and the supporting public key infrastructure, are an attempt to solve the problem of digital identity. 2. A digital certificate is a digital document issued by a trusted certificate authority (CA) that contains the name of the subject or company, the subjects public key, a digital certificate serial number, an expiration date, an issuance date, the digital signature of the certificate authority (the name of the CA encrypted using CAs private key) and other identifying information. 3. Public key infrastructure (PKI) refers to the certification authorities and digital certificate procedures that are accepted by all parties.

Digital Certificate and Certificate Authorities

Institution / Individual subject Internet Internet Request certificate Certificate Authorities (CAs) Digital certificate serial number Version Issuer name Issuance/expiration date Subject name CA signature Other information

Certificate received

Transaction partner : Online merchant or customer

Secure Socket Layer

The e-commerce business is all about making money and finding ways to make more money. It's hard to make (more) money, when consumers don't feel safe executing a transaction on your Web site. That's where SSL (Secure Socket Layer) comes into play.

Secure Socket Layer

Since its introduction in 1994, SSL has been the defacto standard for e-commerce transaction security and is likely to remain so into the future. SSL is all about encryption. SSL encrypts data, like credit cards numbers (as well other personally identifiable information) which prevents the "bad guys" from stealing your information. You are on an SSL protected page when the address begins with "https" and there is a padlock icon at the bottom of the page (and in the case of Mozilla Firefox in the address bar as well). Your browser encrypts the data and sends to the receiving website using either 40-bit or 128-bit encryption. Your browser alone cannot secure the whole transaction and that's why it's incumbent upon e-commerce site builders to do their part.

Secure Socket Layer

Secure Socket Layer

Secure Negotiated Sessions using SSL

Merchant server Client browser Internet Internet Grant secure session
Certificate exchanged. Identities of both parties established

Request secure session

Session ID and Method of encryption negotiated

Exchange certificate Client certificate Digital envelope Client generated Session key

Merchant certificate
Client generates session key and Uses session public key to create Digital envelop. Sends to server. Server decrypts using private key.

Encrypted transmission using Client-generated session key begins.

Virtual Private Network

VPN allows remote users to securely access internal networks via the Internet, using the Point-to-Point Tunneling Protocols (PPTP). PPTP is an encoding mechanism that allows one local network to connect to another using the Internet. A remote user can dial into a local ISP, and PPTP makes the connection from the ISP to the corporate network as if the user had dialed into the corporate network directly. The process of connecting one protocol (PPTP) through another (IP) is called tunneling because PPTP creates private connection by adding an invisible wrapper around a message to hide its content. As the message travels through the Internet between ISP and corporate network, it is shielded by PPTPs encrypted wrapper.

Virtual Private Network

A VPN is virtual in the sense that it appears to users as a dedicated secure line when in fact it is a temporary secure line. The primary use of the VPNs is to establish secure communications among business partners larger suppliers or customers. A dedicated connection to a business partner can be very expensive. Using the internet and PPTP as the connection method significantly reduces the cost of secure communications.

Protecting Networks
Firewalls Firewalls are software applications that act as filters between the companys private network and the Internet. They prevent the remote machines from attaching to your internal network. firewall monitors all incoming and outgoing communications. There are two major methods firewalls use to validate traffic:
Packet filters Application gateways

Protecting Networks
Packet filters Packet filters examine data packets to determine whether they are destined for a prohibited port, or originate from a prohibited IP address. The filter specifically looks at the source and the destination information, as well as the port and packet type, when determining whether the information may be transmitted.

Protecting Networks
Application gateways Firewall filters communications based on the applications being requested, rather than the source or destination of the message. Such firewalls also process requests at the application level. By providing a central filtering point, application gateways provide greater security than packet filters, but can compromise system performance.

Protecting Networks
Proxy Servers These are software servers that handle all communications originating from or being sent to the Internet, acting as a spokesperson or bodyguard for the organization. Proxies act primarily to limit access of internal clients to external Internet servers. Proxy servers are sometimes called as dual home systems because they have two network interfaces.
To internal machines, a proxy server is known as gateway To external machines, it is known as mail server

Protecting server and Clients

Operating system controls Anti-Virus software

Developing an e-Commerce security plan

1. Perform a risk assessment 5. Perform a security audit 2. Develop security policy

4. Create a security organization

3. Develop an Implementation plan

Security Plan
Risk Assessment
What information is at risk?
Customer information? Proprietary designs? Business activities? Secret processes? Other internal information?

For each type of information asset, try to estimate the rupee value to the firm if this information were compromised and then multiply that amount by the probability of the loss occurring. Once done, prioritize by their value to the firm.

Security Plan
Security Policy
Set of statements prioritizing the information risks, identifying acceptable risk targets, and identifying the mechanisms for achieving these targets. One has to start with the information asset of the highest priority Total and complete security may require extraordinary financial resources

Security Plan
Implementation plan The action steps you will take to achieve the security plan goals. You must determine how you will translate the level of acceptable risk into a set of tools, technologies, policies and procedures. Security organization Educates and trains users, keeps management aware of security threats and breakdowns, and maintain the tools chosen to implement security. The security organization typically administers access controls, authentication procedures (digital signatures, certificates of authority, public key infrastructure) and authorization policies (level of access to information assets to different levels of users).

Security Plan
Security audit Involves routine review of access logs (identifying how outsiders are using the site as well as how indsiders are accessing the sites assets) A report must be generated that establishes the routine and non-routine access to the systems and identifies unusual patterns of activities.

E-Commerce security legislation

Legislation Computer Fraud and Abuse Act (1986) Electronic Communication Privacy Act (1986) Significance

Primary federal statute used to combat computer crime Imposes fine and imprisonment for individuals who access, intercept, or disclose private email communication of others National Infrastructure Makes DoS attacks illegal. Protection Act (1996) Creates NIPC in the FBI Cyberspace Electronic Security Reduces export restrictions Act (CESA: 2000) (security supports)

PURCHASER P.O. delivery Accounting Department Order confirmation Mail office Bill Delivery Mail office

VENDOR

Accounting

Sales Purchasing Shipping & receiving Shipping & receiving

Product delivery

WORKING WITHOUT EDI

PURCHASER
Electronic Electronic Purchase Purchase orderform orderform

VENDOR EDI Transmission

Receiving computer Generator electronic purchase Order form, invoice and reports PO PO Invoice Invoice
Electronic Electronic

Department

Electronic order confirmation

Computer system Monitors inventory/ Production activities and automatically order/reorders needed inventory from seller

Approval, Availability, Prices Automatic billing Accounting Electronic fund transfers

Electronically transmitted To sales, manufacturing Engineering etc.

report report

Accounting Shipping

receiving

WORKING WITH EDI

EDI
PURCHASER Department orders for an item to the purchasing department. Purchasing department prepares the purchase order and sends it to the vendor via its mail office under copies to accounts and shipping departments. Computers are involved every where but they are used for their own limited purposes. VENDOR Vendor receives the P.O. from its mail office, route it to the sales. Sales department will take action through shipping and deliver the goods to the receiving department of the purchaser. The copies of the order confirmation, bill will be delivered to the mail office of the purchaser.

EDI
EDI differs from electronic mail in that it transmits an actual structured transaction (fields like transaction date/amount, senders name, recipients name etc.) in contrast to an unstructured text messages such as a letter. EDI can also curb inventory costs by minimizing the amount of time, components are in inventory. Organizations can take the benefit from EDI when they integrate the data supplied by EDI with applications such as accounts payable, inventory control, shipping and production plannning.

EDI
EDI is the controlled transfer of data between business and organizations via established security standards. EDI is not a choice. It is inevitable way, the business will be done. Todays banking and finance operations have a long been dependent on EDI and EFT to ensure that money and securities are transferred to the company or individual that requested the action.

EDI
Four key issues for EDI to work properly: Transaction standardization
Transaction formats and data must be standardized

Transaction software
Special software to be developed to convert incoming and outgoing messages into a form suitable to other companies.

Appropriate mail box facilities

Companies using EDI must select a third party, value-added network with mail box facilities that allow messages to be sent, sorted and held until they are needed by the receiving computer

Legal restrictions
To comply with legal requirements, certain transactions require writing or the original document in hard copy form

EDI Model
Buyer 1

Seller

EDI Service

Buyer 2

Buyer n Transport Company Message Store

Data standards used in EDI

Data encryption standard (DES) Rivert-shamier-Adelmann (RES)

Online credit card transaction

There are five parties involved in credit card purchase:
Consumer Merchant Clearinghouse Merchants bank Consumers card issuing bank

Online credit card transaction

MERCHANT Secure line 3 Merchant software connects clearinghouse CLEARINGHOUSE

MERCHANTS BANK

2 SSL provides SSL provides secure connection secure connection through internet through internet to merchant to merchant server server

4 Clearinghouse verifies account and balance with issuing bank

5 Issuing bank credits Merchant account

6 1 Computer makes purchase

Monthly statement issued with Debit of purchase CONSUMERS CARD ISSUING BANK

Online credit card transaction

Limitations
Poor security: neither the merchant nor the consumer can be fully authenticated. The merchant can be a criminal organization designated to collect credit card numbers, and the consumer could be using stolen cards Risk: the risk facing merchants is high. Consumers can repudiate charges even though the goods have been shipped or the product downloaded. Cost: cost for merchants is also very significant-roughly 3.5% of the purchase plus a transaction fee of 20-30 cents per transaction plus other set-up fees.

SET: Secure Electronic Transaction Protocol

Central issues for merchants and credit issuing banks involve authentication and refutability of charges. Although the SSL protocol provides secure transactions between merchant and consumer, it does not and can not provide authentication. SSL cannot provide irrefutability: consumers can order goods or download information products and then claim the transaction never occurred. SET is an open standard for e-commerce industry developed by MasterCard and Visa. SET uses digital certificate, which is an attachment to a message that verifies the senders identity, improving payment security.

SET: Secure Electronic Transaction Protocol

Credit card companies issue digital certificates to their card holders just as they issue plastic cards. Merchants are issued similar certificates by the banks providing merchant account status. Merchant can be assured that received orders have not been altered somewhere in the process. SET also authenticates both the consumer and the merchant.

SET Transactions
MERCHANT 3 Merchant software forward Encrypted message CLEARINGHOUSE

MERCHANTS BANK

2 4 Merchant and consumer computers verify Clearinghouse verifies each others identity. SET-encrypted and account and balance with authenticated order and payment issuing bank information sent to merchant server

5 Issuing bank transfers funds to Merchant account

6 Computer makes purchase 1 Selects Payment with SET option

Monthly statement issued with Debit of purchase CONSUMERS CARD ISSUING BANK

Digital Wallets
A digital wallet seeks to emulate the functionality of an analog wallet. The most important functions of a digital wallet are to
Authenticate the consumer through the use of digital certificate or other encryption methods Store and transfer value and Secure the payment process from the consumer to the merchant

Digital Wallets
Advantage
Convenient for the consumer and lowers the transaction costs because order entry can be expedited. With a digital wallet, you o no longer need to fill out forms to purchase online. You just click on your digital wallet and the software fills out the billing and shipping information. Merchants benefits from digital wallets through lower transaction costs, expanded marketing and branding opportunities, easier consumer retention and conversion of visitors into buyers and reduction in fraud.

Types of Digital Wallets

Digital wallets

Client-based wallets

Server-based wallets

Gator MasterCard wallet

Microsoft passport Cybercash InstaBuy Novell DigitalMe Yodlee.com

Digital Wallets

Client-based digital wallets

Are software applications that consumers install o their computers. they offer consumers convenience by automatically filing out forms at online stores. Merchants install software on their servers to receive information from the client-based wallet. When a consumer clicks the relevant button at a participating merchants site, the merchants server queries the consumers browser for information from his/her digital wallet.

Digital Wallets

Server-based digital wallets

Are software based authentication and payment services and products sold to financial institutions that market the systems to merchants either directly or as part of their financial service package. Merchants and financial institutions use the digital wallet products and services to provide easy, secure shopping using whatever payment methods the customer desires.