Idea Transcript
219322 Electronic Commerce Engineering Lecture 5
Laudon & Traver: Chapter 5 Security and Encryption Papazoglou & Ribbers: Chapter 13 Reliability and Quality of Service for e-Business
Copyright © 2007 Pearson Education, Inc.
Slide 4-2
The E-commerce Security Environment: The Scope p of the Problem
Overall size of cybercrime unclear; amount of losses significant but stable; individuals face new risks of fraud that may involve substantial uninsured losses Symantec: Over 50 overall attacks a day against business firms between July 2004–June 2005 2005 Computer Security Institute survey 56% of f respondents d t h had dd detected t t db breaches h off computer security within last 12 months and 91% 9 %o of tthese ese su suffered e ed financial a c a loss oss as a result esu t Over 35% experienced denial of service attacks Over 75% detected virus attacks
Copyright © 2007 Pearson Education, Inc.
Slide 5-4
The E-commerce Security Environment Figure 5.4, Page 253
Copyright © 2007 Pearson Education, Inc.
Slide 5-5
Di Dimensions i off E-commerce E S Security it
Integrity: ability to ensure that information being di l displayed d on a W Web b site i or transmitted/received i d/ i d over the h Internet has not been altered in any way by an unauthorized party Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online actions Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet C fid ti lit ability Confidentiality: bilit tto ensure th thatt messages and dd data t are available only to those authorized to view them Privacy: ability to control use of information a customer provides about himself or herself to merchant Availability: ability to ensure that an e-commerce site continues to function as intended
Copyright © 2007 Pearson Education, Inc.
Slide 5-6
Customer and Merchant Perspectives on the Different Dimensions of E-commerce Security Table 5.1, Page 254
Copyright © 2007 Pearson Education, Inc.
Slide 5-7
The Tension Between Security and Other Values
Security vs. ease of use: the more security measures that are added added, the more difficult a site is to use use, and the slower it becomes Too much security can harm profitability, while not enough security can put you out of business Tension between the desire of individuals to act y y ((to hide their identity) y) and the needs to anonymously maintain public safety that can be threatened by criminals or terrorists. The Internet is both anonymous and pervasive pervasive, an ideal communication tool for criminal and terrorist groups (Coll and Glasser, 2005).
Copyright © 2007 Pearson Education, Inc.
Slide 5-8
Security Threats in the E-commerce Environment
Three key points of vulnerability: Client Server Communications channel
Copyright © 2007 Pearson Education, Inc.
Slide 5-9
A Typical E-commerce Transaction Figure 5.5, Page 257
SOURCE: Boncella, 2000. Copyright © 2007 Pearson Education, Inc.
Slide 5-10
Vulnerable V l bl Points P i t in i an E-commerce E Environment Figure 5.6, Page 258
SOURCE: Boncella, 2000. Copyright © 2007 Pearson Education, Inc.
Slide 5-11
Security Threats in the E-commerce Environment (cont’d) ( )
Most common threats: Malicious code Phishing Hacking and cybervandalism Credit card fraud/theft Spoofing (pharming) Denial of service attacks Sniffing g Insider jobs Poorly designed server and client software
Copyright © 2007 Pearson Education, Inc.
Slide 5-12
Malicious Code (“malware”)
Try to impair computers computers, steal email addresses addresses, logon credentials, personal data, and financial info. Viruses: computer program that has ability to replicate and spread d tto other th files; fil mostt also l d deliver li a ““payload” l d” off some sort (may be destructive or benign); include macro viruses, file-infecting viruses, and script viruses W Worms: designed d i d tto spread d ffrom computer t tto computer; t can replicate without being executed by a user or program like virus T j horse: Trojan h appears tto be b b benign, i b butt th then d does something other than expected Bots: can be covertly installed on computer; responds to externall commands d sent b by the h attacker k to create a network of compromised computers for sending spam, generating a dDoS attack, and stealing info from computers
Copyright © 2007 Pearson Education, Inc.
Slide 5-13
Phishing
Any deceptive, online attempt by a third party to obtain confidential information for financial gain Most popular type: e-mail scam letter, e.g., Nigerian’s rich former oil minister seeking a bank account to deposit millions of dollars, fake “account verification” emails from eBay or CitiBank asking to give up personal account info info, bank account no., and credit card no. One of fastest growing forms of e-commerce crime 97,592 unique new phishing emails sent within the first 6 months of 2005, >40% increase compared to 2nd half of 2004 2004.
Copyright © 2007 Pearson Education, Inc.
Slide 5-14
Hacking and Cybervandalism
H k Individual Hacker: I di id l who h iintends t d tto gain i unauthorized th i d access to computer systems Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably) Cybervandalism: Intentionally disrupting, defacing or destroying a Web site Types of hackers include: White hats – hired by corporate to find weaknesses k in i th the fi firm’s ’ computer t system t Black hats – hackers with intention of causing harm Grey hats – hackers breaking in and revealing system flaws without disrupting site or attempting to profit from their finds.
Copyright © 2007 Pearson Education, Inc.
Slide 5-15
Credit Card Fraud
Fear that credit card information will be stolen deters online purchases Overall rate of credit card fraud is lower than users thank, 1.6-1.8% of all online card transactions (CyberSource Corporation, Corporation 2006) 2006). US’s federal law limits liability of individuals to $50 for a stolen credit card. Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity One solution: New identity verification mechanisms
Copyright © 2007 Pearson Education, Inc.
Slide 5-16
Spoofing (Pharming)
Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else Spoofing a Web site is called “pharming,” which involves redirecting a Web link to another IP address different from the real one Pharming is carried out by hacking local DNS servers. Threatens integrity of site by stealing business from the true site, or altering orders and sending them to the true site for processing and delivery delivery. Threatens authenticity by making it hard to discern the true sender of a message.
Copyright © 2007 Pearson Education, Inc.
Slide 5-17
Insight on Society: “Evil Twins” and “Pharming”: g Keeping p g Up p with the Hackers? Class Discussion
What are “evil twins” and “pharming” p g What is meant by “social engineering techniques?” What is the securityy weakness in the domain name system that permits pharming? What steps can users take to verify they are communicating with authentic sites and networks?
Copyright © 2007 Pearson Education, Inc.
Slide 5-18
DoS and dDoS Attacks
Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network Use of bot networks built from hundreds of compromised workstations workstations. no. of DoS attacks per day grew from 119 during last 6 months of 2004 to 927 during first 6 months of 2005 a 679% increase (S 2005, (Symantec mantec 2005) 2005). Distributed denial of service (dDoS) attack: hackers p to attack target g network use numerous computers from numerous launch points Microsoft and Yahoo have experienced such attacks.
Slide 5-19
Copyright © 2007 Pearson Education, Inc.
Denial of Service
Ping Flooding Attacker sends a flood of pings to the intended victim The ping packets will saturate the victim’s bandwidth
Internet
Attacking System(s)
SOURCE: PETER SHIPLEY
Victim System
Denial of Service
SMURF ATTACK Uses a ping packet with two extra twist Attacker chooses an unwitting g victim Spoofs the source address ICMP = Internet Control Message Protocol Sends request to network in broadcast mode INTERNET 1 SYN PERPETRATOR VICTIM
10,000 SYN/ACKs -- VICTIM IS DEAD INNOCENT REFLECTOR SITES BANDWIDTH MULTIPLICATION: A T1 (1.54 Mbps) can easily yield 100 MBbps of attack
ICMP echo (spoofed so source ce address add ess of victim) ictim) Sent to IP broadcast address SOURCE: CISCO ICMP echo reply
DDoS Attack Illustrated
Hacker
1 Hacker scans
Internet for unsecured systems that can be compromised
Unsecured Computers
Internet Scanning Program
DDoS Attack Illustrated
Hacker
Zombies
Hacker secretly installs zombie agent programs, turning unsecured computers t into i t zombies 2
Internet
DDoS Attack Illustrated
Hacker
Master Server
3 Hacker selects a Master Server to send commands to the zombies
Zombies
Internet
DDoS Attack Illustrated
Hacker
Master Server
4 Using client program, hacker sends commands d tto Master M t Server to launch zombie attack against a targeted system
Zombies
Internet Targeted System
DDoS Attack Illustrated
Hacker
Master Server
Master Server sends signal to zombies bi to t launch l h attack on targeted system 5
Zombies
Internet Targeted System
DDoS Attack Illustrated
Hacker
Master Server
Zombies
6
Targeted system is overwhelmed by bogus requests that shut it down for legitimate users
Request Denied
Internet Targeted System
User
Other Security Threats
Sniffing: Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network I id jjobs: Insider b Si Single l llargestt fi financial i l th threatt 23% of business firms experienced an “inside security breach” breach in their systems in 2004 (Computer Security Institute, 2005; Yuan, 2005). Poorly designed server and client software: I Increase in i complexity l it off software ft programs (e.g., MS’s Win32 API) has contributed to an p increase is vulnerabilities that hackers can exploit
Copyright © 2007 Pearson Education, Inc.
Slide 5-28
Technology Solutions
Protecting Internet communications (encryption) Securing channels of communication (SSL, S-HTTP, S HTTP, VPNs) Protecting networks (firewalls) Protecting servers and clients
Copyright © 2007 Pearson Education, Inc.
Slide 5-29
Tools Available to Achieve Site Security Figure 5.7, Page 269
Copyright © 2007 Pearson Education, Inc.
Slide 5-30
Protecting Internet Communications: Encryption
Encryption: The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver Purpose: Secure stored information and information transmission Provides: Message M iintegrity t it Nonrepudiation Authentication Confidentiality
Copyright © 2007 Pearson Education, Inc.
Slide 5-31
Symmetric Key Encryption
Also known as secret key encryption Both the sender and receiver use the same digital key to encrypt and decrypt message Requires a different set of keys for each transaction Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit k keys up th through h 2048 bit bits
Copyright © 2007 Pearson Education, Inc.
Slide 5-32
Symmetric S t i Encryption E ti and d yp Decryption
© 2004 D. A. Menascé. All Rights Reserved.
Public Key Encryption
Public key cryptography solves symmetric key encryption problem of having to exchange secret key Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) Both keys are used to encrypt and decrypt message Once keyy is used to encrypt yp message, g , same key y cannot be used to decrypt message For example, sender uses recipient’s public key to encryptt message; recipient i i t uses hi his/her /h private i t kkey to decrypt it
Copyright © 2007 Pearson Education, Inc.
Slide 5-34
Public P bli Key K Encryption E ti and d yp Decryption
© 2004 D. A. Menascé. All Rights Reserved.
Public Key Cryptography – A Simple Case Figure 5.8, Page 272
Copyright © 2007 Pearson Education, Inc.
Slide 5-36
Public Key Encryption using Digital Signatures g and Hash Digests g
Public key encryption provides confidentiality, but not authentication integrity, authentication, integrity and nonrepudiation. nonrepudiation Application of hash function (mathematical algorithm) by sender prior to encryption produces hash (message) digest that recipient can use to verify integrity of data Hash function produces a fixed fixed-length length number called hash or message digest. Examples a p es o of hash as function u ct o include c ude MD4 a and d MD5. 5 Double encryption with sender’s private key (digital signature) helps ensure authenticity and nonrepudiation di ti Slide 5-37
Copyright © 2007 Pearson Education, Inc.
Message g Digest g
Message Large
© 2004 D. A. Menascé. All Rights Reserved.
Message Digest Function
101…1010 0 0 0 Small (e.g., 128 bits)
Message g Digest g A
B
Message Digest Function
Digest A
Digest B
If A =B => Digest A = Digest B © 2004 D. A. Menascé. All Rights Reserved.
Message g Digest g
?
Message Digest Function
Digest A
E t emel hard Extremely ha d to get A from f om Digest A! © 2004 D. A. Menascé. All Rights Reserved.
Public Key Cryptography with Digital Signatures g Figure 5.9, Page 274
Copyright © 2007 Pearson Education, Inc.
Slide 5-41
Digital Envelopes
Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing e) and a d symmetric sy e c key ey encryption e c yp o ((faster, as e , time) but more secure) Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key
Copyright © 2007 Pearson Education, Inc.
Slide 5-42
Public Key Cryptography: Creating a Digital g Envelope p Figure 5.10, Page 275
Copyright © 2007 Pearson Education, Inc.
Slide 5-43
Digital Di it l C Certificates tifi t and d Public P bli Key K Infrastructure (PKI)
Still missing a way to verify identity of Web sites. By using digital document issued by a trusted third party called certificate authority (CA) Digital certificate: Digital document that includes: Name of subject or company Subject’s public key Digital certificate serial number Expiration date Issuance date Digital signature of certification authority (trusted third party t institution) i tit ti ) th thatt iissues certificate tifi t Other identifying information Public Keyy Infrastructure ((PKI): ) refers to the CAs and digital certificate procedures that are accepted by all parties
Copyright © 2007 Pearson Education, Inc.
Slide 5-44
Digital Certificates and Certification Authorities Figure 5.11, Page 277
Copyright © 2007 Pearson Education, Inc.
Slide 5-45
Limits to Encryption Solutions
PKI applies mainly to protecting messages in transit PKI is not effective against insiders Protection of private keys by individuals may be haphazard N guarantee that No h verifying if i computer off merchant h is secure CAs are unregulated, self-selecting organizations
Copyright © 2007 Pearson Education, Inc.
Slide 5-46
Insight on Technology: Advances in Quantum Cryptography Q yp g p y May y Lead to the Unbreakable Key Class Discussion
Why are existing encryption systems over ti time more vulnerable? l bl ? What is quantum encryption? What is the weakness of a symmetric key y ((even one based on quantum q system techniques)? Would quantum quantum-encrypted encrypted messages be immune to the growth in computing power?
Copyright © 2007 Pearson Education, Inc.
Slide 5-47
Securing Channels of Communication
Secure S S Sockets k t Layer L (SSL) (SSL): M Mostt common form f off securing channels of communication; used to establish a secure negotiated g session ((client-server session in which URL of requested document, along with contents, is encrypted) S HTTP Alt S-HTTP: Alternative ti method; th d provides id a secure message-oriented communications protocol designed for o use in co conjunction ju ct o with t HTTP SSL is designed to establish a secure connection between two computers, S-HTTP is designed to send i di id l messages securely. individual l Virtual Private Networks (VPNs): Allow remote users to securely access internal networks via the Internet Internet, using Point-to-Point Tunneling Protocol (PPTP)
Copyright © 2007 Pearson Education, Inc.
Slide 5-48
Secure Negotiated Sessions Using SSL Figure 5.12, Page 281
Copyright © 2007 Pearson Education, Inc.
Slide 5-49
Protecting Networks: Firewalls and Proxy Servers
Firewall: Hardware or software filters communications packets k t and d prevents t some packets k t from f entering t i the th network based on a security policy Firewall methods include: Packet filters – looks inside data packets to decide whether they are destined for a prohibited port or originate from a prohibited IP address address. Application gateways – filters communications based on the application being requested, rather than the source or destination d ti ti off the th message. Application gateways provide greater security than packet filters, but can compromise system performance
Copyright © 2007 Pearson Education, Inc.
Slide 5-50
Protecting Networks: Firewalls and Proxy y Servers
Proxy servers: Software servers that handle all communications originating from or being sent to the Internet Initially for limiting access of internal clients to external Internet servers Can be used to restrict access to certain types of sites, such as porno, auction, or stock-trading stock trading sites, sites or to cache frequently frequentlyaccessed Web pages to reduce download times
Copyright © 2007 Pearson Education, Inc.
Slide 5-51
Firewalls and Proxy Servers Figure 5.13, Page 283
Copyright © 2007 Pearson Education, Inc.
Slide 5-52
Protecting Servers and Clients
Operating system controls: Authentication and access control mechanisms Anti-virus software: Easiest and least expensive way to prevent threats to system integrity
Copyright © 2007 Pearson Education, Inc.
Slide 5-53
AS Security it Pl Plan: Management M t Policies P li i
Steps in developing a security plan Perform risk assessment: assessment of risks and points of vulnerability Develop D l security it policy: li sett off statements t t t prioritizing i iti i information risks, identifying acceptable risk targets, and identifying y g mechanisms for achieving g targets g Develop implementation plan: action steps needed to achieve security plan goals Create security organization: in charge of security; educates and trains users, keeps management aware of security issues; administers access controls controls, authentication procedures and authorization policies Perform security audit: review of security practices and procedures
Copyright © 2007 Pearson Education, Inc.
Slide 5-54
Developing an E-commerce Security Plan Figure 5.14, Page 286
Copyright © 2007 Pearson Education, Inc.
Slide 5-55
The Role of Laws and Public Policy
New llaws h N have granted t d llocall and d national ti l authorities th iti new tools and mechanisms for identifying, tracing and p prosecuting g cybercriminals y National Infrastructure Protection Center – unit within National Cyber Security Division of D Department t t off Homeland H l dS Security it whose h mission i i is to identify and combat threats against U.S. technology tec o ogy a and d te telecommunications eco u cat o s infrastructure ast uctu e USA Patriot Act Homeland Security y Act Government policies and controls on encryption software
Copyright © 2007 Pearson Education, Inc.
Slide 5-57
OECD Guidelines
2002 Organization g for Economic Cooperation p and Development (OECD) Guidelines for the Security of Information Systems and Networks has nine principles: Awareness Responsibility Response Ethics Democracy Risk assessment Security design and implementation Security management Reassessment
Copyright © 2007 Pearson Education, Inc.
Slide 5-58