720 likes | 860 Vues
Electronic Commerce COMP3210. Session 11: Securing an E-Commerce Initiative Dr. Paul Walcott Department of Computer Science, Mathematics and Physics University of the West Indies, Cave Hill Campus Barbados. © 2007 Dr. Paul Walcott.
E N D
Electronic Commerce COMP3210 Session 11: Securing an E-Commerce Initiative Dr. Paul Walcott Department of Computer Science, Mathematics and PhysicsUniversity of the West Indies, Cave Hill CampusBarbados © 2007 Dr. Paul Walcott The Department of Computer Science Mathematics and Physics, University of the West Indies, Cave Hill Campus, Barbados
Session Objectives • After completing this session you will be able to: • Describe the requirements of a secure e-commerce Web site • Analyse a given Web site’s security and provide improvement recommendations
Introduction • E-commerce allows anonymous global users to access company Web sites 24 hours a day, 365 days a year • Along with this convenience are associated risk http://www.stpt.usf.edu/computing/images/security.jpg
Introduction Cont’d • The risks of running an e-commerce site includes: • Fraud • Anonymous users logging on to companies Web site and making purchases using other people’s credit information • The transfer of funds from/or to accounts that do not belong to the user • The unauthorised disclosure of company confidential information or the revealing of confidential financial records
Introduction Cont’d • Unforeseen costs due to operating system patches, virus attacks, employee sabotage and server failures • The loss of consumer confidence due to masquerading; e.g. a hacker defacing a Web site, or advertising competitors products on the Web site
Introduction Cont’d • To mitigate possible risks a good security scheme is required, which • First identifies the risks • Determines how to protect the assets at risk • Calculates the amount of money that should be spent protecting the assets at risk
Introduction Cont’d • One such scheme is a security policy which is a document that describes: • The assets requiring protection and why • The people responsible for protecting these assets • Which behaviours are permissible and which are not
Introduction Cont’d • The security policy, which should be updated regularly, typically addresses: • Physical security • Computer and network security • Access authorisation, and • Disaster recovery • In the sections that follow the above topics will be discussed, however the subject of cryptography will be discussed first
Cryptography What is cryptography? • It is the lock and key combination that prevents a non-key holder from deciphering a secret message • What is most important is the strength of the lock and the number of possible keys
Cryptography Cont’d • To secure a house keys are used to lock the doors • It is assumed that an intruder can not easily obtain a copy of the the key and enter the house • The intruder could search for all the keys in the world and try them one at a time, but this would take a long time • Computer security uses a similar system (public/private key and secret key cryptography) to secure messages passed between computers
Cryptography Cont’d • To describe these cryptographic systems the following terms must first be defined: • A key is used in conjunction with a cipher to encrypt or decrypt a message. A key is simply a number (usually a binary number) • A cipher is an algorithm used to encrypt a message • Ciphertext is the encrypted message • Plaintext is the unencrypted message
Cryptography Cont’d • Since a key is a binary number, a 56 bit key has about a quadrillion different key combinations • Traditionally, a key length of 56 bits was considered secure since: • If one million keys were tried each second then it would take 1000 years to break the ciphertext • However, due to increases in computing power a 56 bit key can now be broken in just 24 hours • As a result key lengths of 128 bits or more are typical
Cryptography Cont’d • There are two main types of cryptography • Secret key cryptography • Public/private key cryptography • Secret Key Cryptography uses a symmetric key to secure a message • the same key is used to encrypt and decrypt the message
Cryptography Cont’d http://www.uic.edu/depts/accc/newsletter/adn26/symmetric.jpg
Cryptography Cont’d • Public/Private Key Cryptography uses two keys (asymmetric key) • The public key, which is distributed to everyone (the public), is used to encrypt the message, while • The private key, which must be kept secret, is used to decrypt the message
Cryptography Cont’d http://www.uic.edu/depts/accc/newsletter/adn26/asymmetric.jpg
Cryptography Cont’d Secret Key Cryptography • In secret key cryptography the key must be kept secret by both parties that are communicating • therefore the key must be communicated in a secure fashion to protect against unauthorised access • The advantage of secret key cryptography is that messages can be encrypted quickly
Cryptography Cont’d Public/Private Key Cryptography • Is much slower than secret key cryptography • The individual or organisation that wants to receive messages keeps the private key • The public key is distributed to everyone else (the public) • One advantage of public/private key cryptography is that it is easier to distribute the encryption key (the public key), since it does not have to be kept secret
Cryptography Cont’d • Public/Private key cryptography is based on the principle of inverse number • To gain insight into the principle of inverse numbers consider the multiplication function • Clearly in practice the multiplication function can not be used since it is too easy to determine the inverse number
Cryptography Cont’d Plaintext Public key • Private/Public key cryptography actually uses prime numbers and addition in modular arithmetic Ciphertext Encryption Decryption Private key
Physical Security • 50 years ago computer security was primarily about physical security • Security guards/guard dogs were employed to protect the companies’ assets • To enter the building you needed a security badge • Surveillance systems were used to monitor activity and alarm systems warned against security breaches http://www.hits.astcorp.com/security/images/physical.jpg
Physical Security Cont’d • Physical security worked because users accessed mainframe computers through dumb terminals • Provided that the mainframe computer and terminals were secure, it made it difficult for individuals to penetrate these systems • Several mainframe computers may have been connected together through dedicated links or telephone lines, yet infiltration was not easy • With the advent of the Internet new forms of security threats have surfaced (i.e. cyber crime)
Physical Security Cont’d • Physical security is no less important today that 50 years ago • With the advent of terrorists, who are quite happy to blow up any infrastructure, it is just as important now to have physical security • All Web servers and associated machines require physical protection • Backup servers and storage at remote locations to prevent losses
Physical Security Cont’d • Today the use of fingerprint readers, and biometric security help provide improved physical security • Physical security methods that are now utilised include: • Writing pads that measure the pressure and form of hand writing • Eye scanners • Palm scanners (entire palm rather than single finger)
Computer/Network Security • In the computer and network security section, the protection of client and server machines, as well as the actual communication line will be discussed http://www.wizbit.net/theme_images/10_r_barbed_wire.jpg
Computer/Network Security Cont’d • Before discussing computer and network security the assurances that will be given to the user about the safety of their data must be defined • There are four important assurances that must be given when securing an e-commerce site, these are: confidentially, authentication, integrity and nonrepudiation
Computer/Network Security Cont’d • Confidentiality ensures that only owners of the shared key can decrypt the message • Authentication ensures the identity of the person at either end of a communication line are who they say they are • Integrity ensures the message is not changed during transit • Nonrepudiation ensures that the sender can not deny sending the message
Computer/Network Security Cont’d • In addition two other assurances should be provided: • Availability. Providing delivery assurance for each message so that a loss will not go undetected • Key Management. Ensuring that the distributing and management of keys is done securely (note that the distribution of public keys is often done by third parties called certification authorities, e.g. Verisign)
Computer/Network Security Cont’d • These assurances are provided through the following methods: • Public/Private keys ensure confidentiality • Digital signatures ensure non-repudiation and authentication • Message authentication codes ensure data integrity • These methods will be discussed in a later section
Client Computer Security • This section outlines • security threats that may occur on client computers • how they work • and how to protect against them
Client Computer Security Cont’d • Active content refers to programs that are embedded transparently in Web pages that cause actions to occur • E.g. displaying moving graphics and downloading and playing audio • In e-commerce it is used to place items in a shopping cart and compute total invoice amounts
Client Computer Security Cont’d • Active content also • extends HTML functionality • Since these programs run on the client’s computer they pose a security risk • Examples include: • Cookies • Java applets • JavaScript • However, other examples include graphics, Web browser plug-ins and email attachments
Client Computer Security Cont’d • Since active content is embedded in Web pages (e.g. scripting languages) they can be transparent to the browsers of the Web page • Crackers for example can include a Trojan horse in a Web page • A Trojan horse is a program hidden inside another program or Web page that masks its true purpose
Client Computer Security Cont’d • A Trojan horse can • Send private information on the client’s computer back to a server (a secrecy violation) • Could alter or erase information on the client’s computer (an integrity violation) • A Cracker might also place a zombie(a program that takes over a computer to launch an attack on other computers) on your system through a trojan horse
Client Computer Security Cont’d • To avoid Trojan horses do not download and install software from sources that you do not trust; also make use of firewalls to block illegitimate ingoing/outgoing traffic
Client Computer Security Cont’d • Cookies were designed to solve the problem of the stateless nature of the HTTP protocol • To save information between one session and another • For example, in the design of the EveryMart Web site product page some people choose to open a new window to allow users to enter item quantities • The question then was “how do you pass information back to the previous page?” • Cookies could have been used here
Client Computer Security Cont’d • Allowing active content to be added to Web pages used for e-commerce can be dangerous since: • Cookies (files) frequently store credit card numbers, usernames and passwords • Information stored in cookies can be read by the Server computer that stored them there
Client Computer Security Cont’d • To protect yourself against cookies: • Disable cookies altogether, however this will stop some sites from functioning correctly • Users would have to re-enter information every time they visit the Web site • Disable third-party cookies • Or use a third-party cookie blocker program that stores cookies selectively
Client Computer Security Cont’d • “An (Java) applet is a program written in the JavaTM programming language that can be included in an HTML page, much in the same way an image is included.”2 • “When you use a Java technology-enabled browser to view a page … the applet's code is transferred to your system and executed by the browser's Java Virtual Machine (JVM).”2 • Java applets are included into Web pages using the <applet> or <object> tags.
Client Computer Security Cont’d • Once an applet is downloaded Java code runs on the clients computer which introduces a security hole • To counteract this Java has a security model called the Java sandbox which prevents applets from performing certain functions, e.g. • file input, output, or • delete operations • This scheme provides secrecy and integrity
Client Computer Security Cont’d • JavaScript is a scripting language developed by Netscape • When a Web page is downloaded and contains embedded JavaScript code, it runs on the user’s (client) computer • Javascript can be used to attack the client’s computer • destroy the hard disk • Disclose email stored in mailboxes • Capture information stored in Web forms (e.g. credit card information)
Client Computer Security Cont’d • Try the following JavaScript code which through the use of a recursive routine locks up your Web browser
Client Computer Security Cont’d • Graphics, browser plug-ins and email attachments can include executable content • Some graphic file formats contain special instructions on how to render the graphic • The embedded code can be used to attack your computer • Plug-ins enhance your browser’s capabilities but can also pose a threat
Client Computer Security Cont’d • A virus is software that attaches itself to another program • A macro virus is a type of virus that is coded as a macro • A worm is a type of virus that replicates itself on the computer it affects • Email attachments may include word processing files, spreadsheets, databases, images which may contain viruses • Viruses within Word and Excel macros (Visual Basic for Applications) can damage your computer
Client Computer Security Cont’d • Viruses tend to prey on operating system (or Web server) vulnerabilities • To counteract viruses • Ensure you have installed the latest security patches • Also ensure that you are running the latest Antivirus software with the latest virus updates
Client Computer Security Cont’d Digital Certificates • One way of verifying the source of information is through a digital certificate • A digital certificate is an attachment to a message which verifies the sender of the message • It contains an encrypted message that • identifies the author • Indicates whether the certificate is valid or not
Client Computer Security Cont’d • The creator of the digital certificate proclaims: • That theyhave attached Mr. X public key • and signed (a hash of) it with their private key • These digital certificates must be created by someone you trust • A digital certificate has two parts: • Plaintext • States who the certificate is created for and that the public key is attached • The plaintext hashed and signed (using a message authentication code and a digital signature)
Client Computer Security Cont’d • Other information on the digital certificate is: • The certificate’s owner’s identifying information, such as name, organisation and address • The certificate owner’s public key • Dates between which the certificate is valid • Serial number of the certificate • Name of the certificate issuer • Digital signature of the certificate issuer
Client Computer Security Cont’d • Digital certificates are issued by a certification authority (CA) • To individuals or organisations • Appropriate proof of identity must be provided • One of the oldest and best know certification authority is VeriSign