CS453: Introduction to Information Security for E-Commerce

CS453: Introduction to Information Security for E-Commerce

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton List Some Bad Things We Dont Want to Happen What Can Go Wrong? Exposure of confidential data Yours, customers

Loss, modification or destruction of data Denial of Service And other sabotage Inability to insure integrity Transaction completed? Data valid? Traditional Security Issues Confidentiality

Prevent unauthorized access or reading of information Integrity Insure that writing or operations are allowed and correct Availability System functions cannot be denied Security in the Real World

Professionals must address: Specification/Policy Requirements, analysis, planning, Implementation/mechanisms Algorithms, protocols, components, etc. Correctness/assurance Proof, testing, verification, attacks, etc. The Human Factor

Protecting against bad users and clever attackers All critical: CS453 focuses on the 2nd item Terms for Activities Related to E-Commerce Security Authentication Identification of a user for access Authorization Defining and enforcing rules or levels of

access Repudiation A party later denying a transaction has occurred Goal: insuring non-repudiation Briefly: Security Policy You should define a security policy document for your site or application A form of non-functional requirements

Might include: General philosophy toward security (high-level goals etc.) Items to be protected Whos responsible for protecting them Standards and measures to be used: how to measure to say youve built a secure system Whats Coming in this Unit?

Authentication Proving a user is who they say they are Methods? Passwords Digital signatures, digital certificates Biometrics (fingerprint readers etc.)

Smart cards and other HW Well discuss Cryptography Mechanisms: algorithms, web servers, biometrics, SSL Authorization We wont say much about this Approaches include: Access control lists

Capabilities Multi-level security systems Non-Repudiation Non-repudiation of origin proves that data has been sent Non-repudiation of delivery proves it has been received Digital signatures

And more crypto Digital Certificates On the Internet, no one knows youre a dog. Or do they? For commerce, we cant always allow anonymity How does UVas NetBadge work? http://www.itc.virginia.edu/netbadge/ Public Key Infrastructure (PKI)

Certifying Authorities in the commercial world E.g. VeriSign SSL: Secure Socket Layer A network protocol layer between TCP and the application. Provides: Secure connection client/server transmissions are encrypted, plus tamper detection Authentication mechanisms From both clients point of view and also servers

Is the other side trusted, who they say they are? Using certificates Is the Certificate Authority trusted? Cryptography Cryptography underlies much of this Interesting computer science And historical interest too Well touch on that But always try to come back to the practical and

e-commerce Topics: Symmetric Key Crypto.; Public Key Crypto.; Digital Signatures; Digital Certificates; SSL

Recently Viewed Presentations

  • Marine Corps Prohibited Activities And Conduct (PAC ...

    Marine Corps Prohibited Activities And Conduct (PAC ...

    DEOCS- measures perceptions of the organization's members on a variety of assessment factors, provides the commander the initial indicators on what may be going right, or wrong, within the organization as perceived by its members, and identifies key areas that...
  • NHR 9 Ninth International National Data Repository Conference

    NHR 9 Ninth International National Data Repository Conference

    Times Arial Tahoma Wingdings 굴림 Default Design 1_Default Design 2_Default Design CDA Common Data Access Ltd - Well DataStore - Seismic DataStore - DEAL - UKCS Virtual NDR Common Data Access Limited Presentation Outline Slide 3 CDA Governance & Funding...
  • INDOT-LPA Contract - IN.gov

    INDOT-LPA Contract - IN.gov

    Project Cost and Budget Tab. Most projects have only a Primary fund type. If there is more than one type of funds on your project, this will generally be noted in the State/LPA contract. Generally the total of your Federal...
  • PPS of HAIs and antimicrobial use in European acute care ...

    PPS of HAIs and antimicrobial use in European acute care ...

    ECDC Point Prevalence Survey of healthcare-associated infections and antimicrobial use in European acute care hospitals. ... AMR. PDR. AM (6) SIR. ... PPS of HAIs and antimicrobial use in European acute care hospitals, protocol version 5.3, Sep 2016 Last modified...
  • Archbishop Holgate's School A Church of England Academy

    Archbishop Holgate's School A Church of England Academy

    Your Fire lead (you are in purple) will inform Jacqui Sissons of anyone missing. Please demonstrate appropriate behaviour for students to follow. Please talk quietly. Jacqui Sissons. ... Nick Allcock would deal with Satellite rooms and Amy Whaite will inform...
  • GOAL Meeting January 28, 2015 - North Allegheny

    GOAL Meeting January 28, 2015 - North Allegheny

    Schizophrenia: Jeopardy-style game that teaches you about the characteristics of this complex disorder. Research: Questions neuroscientists ask and the research methods they use to try to answer them. ... In which author's novel is it "always winter but never Christmas"?...
  • 802.24 Opening Report - IEEE Standards Association

    802.24 Opening Report - IEEE Standards Association

    Scope of the 802.24 TAG. The IEEE 802.24 Vertical Applications TAG focuses on application categories that use IEEE 802 technology and are of interest to multiple IEEE 802 WGs and have been assigned to IEEE 802.24 by the IEEE Executive...
  • Plantary Motions - Department of Physics and Astronomy

    Plantary Motions - Department of Physics and Astronomy

    Law 3 Orbital period squared divided by average distance cubed is a constant Orbital speeds decrease (a lot!) with increasing distance from the sun Objects at same distances follow same orbits Kepler's Laws ©2002 Michael Zeilik Planetary Motions Kepler's Laws:...