Date post: | 12-Feb-2018 |
Category: |
Documents |
Upload: | puteri-syaheera |
View: | 224 times |
Download: | 4 times |
of 41
7/23/2019 E-commerce Security and Payment Systems
1/41
E-COMMERCE SECURITPAYMENT SYSTEMS
E-COMMERCE SECURITPAYMENT SYSTEMS
Y PUTERI SYAHEERA INTI JAAFAR
ATIQAH AQILAH INTI AHMAD MUFIT
NURUL AMIERA SYUHADA INTI
RAZALI
7/23/2019 E-commerce Security and Payment Systems
2/41
E-COMMERCE SECURITY AND PAYMENT SYST
7/23/2019 E-commerce Security and Payment Systems
3/41
4.3 : TECHNOLOGY SOLUTIO
7/23/2019 E-commerce Security and Payment Systems
4/41
Protecting Internet Communicat
ENCRYPTIONThe process of transforming plain text or data into cipher text that canno
anyone other than the sender and the receiver
7/23/2019 E-commerce Security and Payment Systems
5/41
Purpose:-
* To secure store !"#or$%t!o"
* To secure !"#or$%t!o"
tr%"s$!ss!o"
In a substitution cipher, eer! occurgien#etter is re$#ace% s!stematica##! &
In a transposition cipher,t'e or%erin
in eac' (or% is c'ange% in some s!ste
7/23/2019 E-commerce Security and Payment Systems
6/41
7/23/2019 E-commerce Security and Payment Systems
7/41
7/23/2019 E-commerce Security and Payment Systems
8/41
a) Symmetric Key Encryption
T'e sen%er an% receier use t'e same )e! to encr!$t an% %t'e message
T'e $ossi&i#ities "or sim$#e su&stituion * trans$osition c'i$'are en%#ess :+
In digital age,com$uters are so$o(er"u# an% "ast
t'at t'eseancient means o"encr!$tion can
&e &ro)en uic)#!
S!mmetric )e!encr!$tion
reuires t'at&ot' $arties
s'are t'e same)e!
In commeuse, ('er
are not a## $t'e sam
team,!ou (nees a secr
"or eac' o$arties (('om !transact
7/23/2019 E-commerce Security and Payment Systems
9/41
The Data Encryption Standard (DES)
-ee#o$es &! t'e Nationa# Securit!genc!/NS0 an% I12
Use a +&itencr!$tion )e!
Advanced Encryption Standard (AES)
2ost (i%e#! use% s!mmetric )e!encr!$tion a#gorit'm
O5ering 678+,697+ an% 7+&it)e!s
7/23/2019 E-commerce Security and Payment Systems
10/41
b) Public Key Encryption / Public Key Cryptography
7/23/2019 E-commerce Security and Payment Systems
11/41
Public Key Encryption Using Digital Signatures anHash Digest
Hash unction Digital Signature
signed cipher text that
can be sent over the
Internet
A close parallel to
handwritten signature
Even more unique than
a handwritten signature
Unique to the document
and changes for every
document
An algorithm that produces a
fixed-length number called a
hash or message digest
unction can be simple
!ount the number of
digital "s in a message#it
can be more complex
$roduce a "%&-bit number
that reflects the number of
's and "s
7/23/2019 E-commerce Security and Payment Systems
12/41
d) Digital EnvelopesA technique that uses symmetric encryption for large documents#but public (ey
encrypt and send the symmetric (ey
d) Digital EnvelopesA technique that uses symmetric encryption for large documents#but public (ey
encrypt and send the symmetric (ey
e) Digital Certificates and Public Key Infrastructure (PKI)e) Digital Certificates and Public Key Infrastructure (PKI)
7/23/2019 E-commerce Security and Payment Systems
13/41
-igita# Certicate P;I P
!imitations to Encryption Solutions
T'ere is no guarantee t'e eri"!ingcom$uter o"
t'e merc'ant is secure
Cs are se#"+se#ecte% organi
7/23/2019 E-commerce Security and Payment Systems
14/41
PUBLIC AND PRIVATE KEY IN ENCRYPTION
7/23/2019 E-commerce Security and Payment Systems
15/41
SECU=ING CHNNELS O> CO22UNICTION
1. Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
Secure negotiated session
A client"server session in #hich thU$! o% the re&uested document'a#ith the contents'contents o% %ormand the cooies echanged areencrypted*
Session Key
A uni&ue symmetric encryption eychosen +ust %or this single securesession
7/23/2019 E-commerce Security and Payment Systems
16/41
SS!,T!Sprovides data encryption'serverauthentication' optional client authentication anmessage integrity %or T-P,.P connections
Protects the integrity o% the messagesechanged
-annot provide irre%utability
7/23/2019 E-commerce Security and Payment Systems
17/41
/irtual Private0et#ors (/P0s)
? ##o(s remote users to secure#!access a cor$oration@s #oca# areanet(or) ia t'e Internet,using aariet! o" APN $rotoco#s
? Use aut'entication an% encr!$tionto secure in"ormation "romunaut'ori
7/23/2019 E-commerce Security and Payment Systems
18/41
P=OTECTING NETBO=;S
1. Firea!!s
Re"er to eit#er #ardare or so"taco$$unication packets and pre%e
packets "ro$ enterin& t#e netork
security po!icy
Contro!s tra""ic to and "ro$ ser%er
For'iddin& co$$unication "ro$ u
sources
!!oin& ot#er co$$unications "r
sources to proceed
Can "i!ter tra""ic 'ased on packet a
7/23/2019 E-commerce Security and Payment Systems
19/41
Pac)et #ters$$#icatiogate(a!s
2 3a+or method 4re#alls
7/23/2019 E-commerce Security and Payment Systems
20/41
2* Proy Servers
So"t(are serer t'at 'an%#es a## communications origin"rom or &eing sent to t'e Internet
Ca##e% dual"home systems &ecause t'e! 'ae t(o neinter"aces
To internal computers)no(n as t'e gate(a!
To eternal computers )no(n as a mai# serer or numa%%ress
7/23/2019 E-commerce Security and Payment Systems
21/41
.nstrusin Detection and Preventation S
Instrusion %etection s!stem/I-S0
EDamines net(or)trac,(atc'ing to see i" it
matc'es certain $atterns or$recongure% ru#es in%icatie o"
an attac)
Instrusion $ree
s!stem /IPSHas a## t'e "unctiona
I-S,(it' t'e a%%itionata)e ste$s to $reent
sus$icious acti
7/23/2019 E-commerce Security and Payment Systems
22/41
P=OTECTING SE=AE=S N- CLIENTS
5* 6perating System SecurityEnhancements
To ta)e a%antage o" automatic com$usecurit!
u$gra%es
Users can easi#! %o(n#oa% t'ese secur"or "ree
Preent &! sim$#! )ee$ing serer an% c
o$eratings!stems an% a$$#ications u$ to %ate
2* Anti"/irus So%t#are
Easiest an% #east+eD$ensie (a! to $reentt'reats to
s!stem integrit! is to insta## anti+irusso"t(are
nti+irus $rograms can &e set u$ so t'at e+mai#
attac'ments are ins$ecte% &e"ore c#ic) on
7/23/2019 E-commerce Security and Payment Systems
23/41
4.4+ 2NGE2ENT POLICIES, 1USINP=OCE-U=ES, N- PU1LIC LB
7/23/2019 E-commerce Security and Payment Systems
24/41
1orld#ide' in 2758' companies areepected to spend over 9:; billion onsecurity hard#are' so%t#are andservices (
7/23/2019 E-commerce Security and Payment Systems
25/41
securit! $#an: 2anagemenPo#icies
To minimi
7/23/2019 E-commerce Security and Payment Systems
26/41
igure =*52 DE/E!6P.0< A0 E-633E$SE-U$.T> P!A0
it ! ' i it#
7/23/2019 E-commerce Security and Payment Systems
27/41
security p!an 'e&ins it#
1. Risk assess$ent* an assess$ent o" t#e risk and points
%u!nera'i!ity
First step+ to in%entory t#e in"or$ation and kno!ed&e assets
o" t#e e,co$$erce site and co$pany.
E-a$p!e o" in"or$ation risk+ Custo$er in"or$ation proprieta
desi&ns 'usiness acti%ities secret process and ot#er interna
in"or$ation.
7/23/2019 E-commerce Security and Payment Systems
28/41
Security po!icy* a set state$ents prioriti/in& t#e inrisks identi"yin& accepta'!e risk tar&ets and id
t#e $ec#anis$ "or ac#ie%in& t#ese tar&ets.
Second step+ 0eter$ined to 'e t#e #iest prio
assess$ent.
E-a$p!e risk assess$ent + #o &enerates and
in"or$ation in t#is "ir$ 2#at e-istin& security
and etc
7/23/2019 E-commerce Security and Payment Systems
29/41
. I$p!e$entation p!an The steps will take a achieve the
security plan goals
T#ird step: Determine the levels of acceptable risk
into a set of tools, technologies, policies, andprocedures.
eed an organi!ational unit in charge of security and a
security officer
7/23/2019 E-commerce Security and Payment Systems
30/41
The security organi?ation e%ucates an% trains users,)ee$ management a(are o" securit! t'reats an%&rea)%o(ns an% maintain too#s c'osen to im$#ementsecurit!.
Access control %etermine ('ic' outsi%er an% insi%ercan gain
#egitimate access to net(or)s.
6utsider : ccess contro#s re(a##s an% $roD! ser .nsider: Login $roce%ures /username, $ass(or%s, aaccess co%es0
7/23/2019 E-commerce Security and Payment Systems
31/41
Authentication procedures use o" %igita#signatures, certicates o" aut'orit!.
@iometric devices its eri"! $'!sica# attri&utesassociates (it' an in%ii%ua# suc' as nger$rint orretina /e!e0 scan or s$eec' recognition s!stem.
7/23/2019 E-commerce Security and Payment Systems
32/41
Security toens are $'!sica# %eices orso"t(are t'at generate an i%entier t'at canuse in a%%ition or $#ace $ass(or%
Authori?ation policies %i5ering #ee#s o"access to in"ormation assets
Authori?ation management systems:('en user is$ermitte% to access certain $arts o"
(e&site
;* Security Audit" t'e routine reie( t'#ogs /i%enti"!ing 'o( outsi%er using site a
2ont'#! re$ort s'ou#% &e $ro%uce t'e $atterns.
2an! sma## rms 'ae s$rung u$ in t'e!ears to $roi%e t'ese serice to #arge cosites.
7/23/2019 E-commerce Security and Payment Systems
33/41
THE $6!E 6 !A1S A0D PU@!.-P6!.-.ES
Ao#untar! an% $riate e5orts 'ae $#a!e% a er!#arge ro#e in i%enti"!ing crimina# 'ac)ers an% assisting
#a( en"orcement.
2aorit! o" states no( reuire com$anies maintain$ersona# %ata on t'eir resi%ents
1! increasing t'e $unis'ment o" c!&ercrimes F + U.S goernment create a %eterrent to "urt'er'ac)er action
1! ma)ing suc' actions "e%era# crimes F + Goernment is ae eDtra%ite internationa#'ac)ers an%
$rosecute t'em (it'in t'e U.S
Table =*; U*S E"-633E$-E SE-U$.T> !E
7/23/2019 E-commerce Security and Payment Systems
34/41
Table =*; U*S E -633E$-E SE-U$.T> !E
7/23/2019 E-commerce Security and Payment Systems
35/41
E6$TS
Several organi?ation some private andsome public are devoted to tracing do#ncriminal organi?ations and individual attacagainst internet
Private organi?ation -E$T -oordination-enter at -arnegie 3ellon UniversityB
" -E$Tmonitors and trac online criminalactivity " Assist organi?ation in identi%yingB
GOAE=N2ENT POLICIES N- CONT=OLS ON ENC=YPTION SO
7/23/2019 E-commerce Security and Payment Systems
36/41
United States' both -ongress and the eecutive branchhave sought to regulate the uses o% encryption and torestrict availability and eport o% encryption systemBmeans to preventing crime and terrorism
our organi?ation have inCuenced the internationaltrac in encryption so%t#are
7/23/2019 E-commerce Security and Payment Systems
37/41
1Y PUTE=I, 2IE=, TIH
E-COMMERCE SECURITY AND PAYMENT SYST
7/23/2019 E-commerce Security and Payment Systems
38/41
E COMMERCE SECURITY AND PAYMENT SYST
4.3 +TECHNOLOGY SOLUTIONS
4.4+ 2NGE2ENT POLICIES,1USINESS
P=OCE-U=ES, N- PU1LIC LBS
UESTIONS
7/23/2019 E-commerce Security and Payment Systems
39/41
UESTIONS
1. ist ! "ey di#ension of e$co##erce security
%. E&plain 'hat is fire'all in protecting net'or"
. ist out the steps of developing an eco##erce
security plan.
NSBE=S
7/23/2019 E-commerce Security and Payment Systems
40/41
NSBE=S1. ! "ey of di#ension of e$co##erce security *
. +essage intergrity. ,onrepudiation. -uthentication. Confidential
%. ire'all in protecting net'or" *
. Controls traffic to and fro# servers and clients orbidding co##unication fro# untrust'orthy
sources
. teps of developing an eco##erce security plan.. Perfor# a ris" assess#ent. Develop a security policy. Develop a i#ple#entation plan. Create a security organi0ation. Perfor# a security audit
7/23/2019 E-commerce Security and Payment Systems
41/41
1Y PUTE=I, TIH, 2IE=