1 / 13

Security in Electronic Commerce

Security in Electronic Commerce. The need for Public Key Infrastructure Budi Rahardjo Presented at BPPT, Jakarta, Indonesia 10 February 2000. Outline. Brief intro on {computer, network, information} security and its relation to electronic commerce

april
Télécharger la présentation

Security in Electronic Commerce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Electronic Commerce The need for Public Key Infrastructure Budi RahardjoPresented at BPPT, Jakarta, Indonesia10 February 2000

  2. Outline • Brief intro on {computer, network, information} security and its relation to electronic commerce • The need for Public Key Infrastructure, Certification Authority (CA), Incident Response Team • Security issues in Indonesia Security in ecommerce - Budi Rahardjo

  3. Introduction • No need to introduce on Electronic Commerce.[Has been presented by previous speakers.] • Trust, Security and Confidence are esential to underpin Electronic Commerce • Ecommerce will succeed if security level is acceptable. Security in ecommerce - Budi Rahardjo

  4. Security Issues • Security services: • Confidentiality / privacy • Integrity • Non-repudiation • Authentication • Access control • Availability • Some can be achived with cryptography • Encryption & Decryption • Private key system vs Public key system Security in ecommerce - Budi Rahardjo

  5. Encryption Private [symmetric, shared] key cryptosystem Shared (secret) key Decryption Plaintext Plaintext Ciphertext My phone555-1234 My phone555-1234 Y$3*@ Security in ecommerce - Budi Rahardjo

  6. Private key cryptosystem • Uses one (secret) key to encrypt and decrypt. • Problem in key distribution and management • The number of keys increases exponentially (n)(n-1)/2 • Key distribution requires separate secure channel • Advantage: faster operation compared to public key • Examples: DES, IDEA Security in ecommerce - Budi Rahardjo

  7. Encryption Public (asymmetric) key cryptosystem Public key repositoryCertificate Authority (CA) Public key Private key Decryption Plaintext Plaintext Ciphertext My phone555-1234 My phone555-1234 Y$3*@<>* Security in ecommerce - Budi Rahardjo

  8. Public key cryptosystem • Use different keys to encrypt and decrypt. • Less number of keys. • Require key repository.Management of keys may be more complicated. • Disadvantage: • requires extensive computing power to calculate • Examples: RSA, ECC Security in ecommerce - Budi Rahardjo

  9. Certification Authority (CA) • The need for Public Key Infrastructure • The need to have a National Certification Authority • An Indonesian National CA initiative is under progressIndosat/Indosatcom, Pos/Wasantara, Telkom, Deprindag (MITI), ITB, UI • There may be more than one Cas • Other CAs • Verisign • Entrust • International Secure Electronic Transaction Organisation (ISETO) Security in ecommerce - Budi Rahardjo

  10. Incident Response Team • ID-CERT: cert.or.idIndonesia Computer Emergency Response Team • Modeled after CERT, COAST Purdue • Public services • Research & development, education • Commercial services Security in ecommerce - Budi Rahardjo

  11. Security incidents in Indonesia • Many web sites have been vandalized. The following are recent hacked • Jackarta Stock Exchange • Bank Central Asia • Indosatnet • Other incidents • Port scanning / probing • Mail spamming Security in ecommerce - Budi Rahardjo

  12. Other security issues • Standarization • X509 • Law, cyberlaw • cryptography usage? Digital signature law? Intellectual property rights? Privacy issues? Critical Infrastructure Security in ecommerce - Budi Rahardjo

  13. Affiliation • Budi RahardjoPPAU Mikrolektronika - InterUniversity Research on MicroelectronicsInstitut Teknologi Bandungemail: br@paume.itb.ac.idPhone: (62-22)250-6280PIKSI ITB - Computing Servicesemail: budi@piksi.itb.ac.idPhone: (62-22) 250-3031IDNICbudi@idnic.net.idIDCERTemail: budi@cert.or.id Security in ecommerce - Budi Rahardjo

More Related