Scribd Logo
Hochladen

Willkommen bei Scribd!

  • 8924 Unit2pt22014

    Hochgeladen von

    Kritika Jain
    27 Ansichten19 Seiten
    .

    Originaltitel

    8924_Unit2pt22014

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    .

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    27 Ansichten19 Seiten

    8924 Unit2pt22014

    Hochgeladen von

    Kritika Jain
    .

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 19

    Internet Security: Protocols and

    Standards
    Part-2

    Internet Security
    A successful e-commerce environment is built on
    trust in the integrity of the communication network
    that links the buyer and the merchants.
    With open exchange of information on internet, more
    security is needed to minimize the vulnerability.

    Internet Security
    Measures for security over Internet are:
    Web Application:
    SSL Secure Socket Layer
    S-HTTP Secure Hypertext Transfer Protocol

    Security for e-commerce transaction


    SET Secure Electronic Transaction

    Security for e-mail


    PGP Pretty Good Privacy
    S/MIME Multipurpose Internet Mail Extension
    MSP- Message Security Protocol

    SSL- Secure Socket Layer

    It is a key protocol for secure Web transactions.


    Secures data packets at the network layer.
    Originally it was developed by Netscape.
    Now it is widely used as a standard for encrypting data on the
    Internet.
    It is used by all Netscapes browser products and Microsoft
    Internet Explorer 3.0 or higher versions.
    One requirement for using SSL is that both merchants web
    server and customers web browser must use the same
    security system.

    SSL- Secure Socket Layer


    Advantage of this protocol is that as it is used by all
    URLs beginning with http, no problem arise in
    interfacing online.
    It provides three basic services:
    Server authentication
    Client authentication
    Encrypted SSL connection

    SSL- Secure Socket Layer


    SSL server authentication uses public key
    cryptography to validate the servers digital signature.
    Similarly public key cryptography is used to validate
    clients machine.
    It allows client and server to select an encryption
    algorithm for secure connection.
    The key to this algorithm is transmitted using public
    key cryptography.
    Communication is performed using secret key.

    S-HTTP Secure Hypertext Transfer Protocol


    It is a protocol used to secure web transactions
    HTTP is a request response communication mechanism
    between a web browser and a web server.
    Do not confuse between the two- HTTPS and S-HTTP
    Hypertext Transfer Protocol Secure (HTTPS) is a
    combination of the Hypertext Transfer Protocol with the
    SSl/TLS protocol to provide encrypted communication and
    secure identification of a network web server.
    HTTPS connections are often used for payment transactions on
    the World Wide Web and for sensitive transactions in corporate
    information systems.

    S-HTTP Secure Hypertext Transfer Protocol


    HTTPS and S-HTTP were both defined in the mid-1990s to
    address this need. Netscape and Microsoft supported HTTPS
    rather than S-HTTP, leading to HTTPS becoming the de facto
    standard mechanism for securing web communications.
    It provides:
    Confidentiality
    Authenticity
    Integrity
    Ensures nonrepudiation
    It is more robust that SSL
    But is not widely popular because of Netscape market
    penetration.

    S-HTTP Secure Hypertext Transfer Protocol


    It is compatible with HTTP and can integrate with
    HTTP applications.
    It allows client machine and server machine to
    communicate easily through encrypted data exchange
    over Internet
    It supports only symmetric key cryptography and does
    not require digital certificates or public key.
    As it operates on application layer, it provides user
    authentication and is capable of securing only parts of
    documents.

    SET Secure Electronic Transaction


    It is a specification designed by VISA, MasterCard and
    Europay.
    It is used for handling fund transfer from credit card issuer to
    merchants bank account.
    It is a well known payment model based on signature.
    It provides:
    Confidentiality
    Authentication
    Integrity
    Of payment card transmission
    It uses a variety of encryption techniques, digital signatures
    and certificates.

    SET Secure Electronic Transaction


    SET requires customer to register their accounts once
    with the card issuing authority/ bank to provide
    appropriate digital signature.
    Two things are needed by the customer:
    Digital certificate
    Digital wallet

    Digital Wallet
    It is an online shopping device that seals personal
    information in a free plug-in that can be invoked
    when making a Purchase.
    This eliminates having to retype credit card
    information in future transaction.
    Customer can select payment method and shipping
    address to accomplish with the purchase.

    Steps
    You made a purchase.
    Software has done the certificates exchange.
    You receive
    e-merchants public key,
    payment processors key and
    a unique transaction identifier issued by the merchant.
    Then create Order Information (OI) and payment Instruction
    (PI) including the e-merchants assigned transaction identifier.
    Now execute hashing function to make digest of the OI and PI.
    You get a dual signature by encrypting with private key
    (ensures that OI and PI are related together).

    Steps
    When finished with the steps you get a message
    containing:
    OI, including merchants transaction identifier.
    A digest of OI
    PI, including merchants transaction identifier, encrypted
    with a random symmetric key.
    A digest of PI
    A dual signature digest (OI Digest + PI Digest) encrypted
    with your private key.
    Your account number plus the random symmetric key
    encrypted with the payment processors public key.

    Security for e-mail


    Three main protocol governs the secure
    communication through e-mail
    PGP Pretty Good Privacy
    S/MIME Multipurpose Internet Mail Extension
    MSP- Message Security Protocol

    PGP Pretty Good Privacy


    It was created by Philip Zimmermann in 1991.
    He used it to encrypt his own messages.
    He released the toolkit over internet allowing anyone
    to create private key and encrypt their messages.
    The US govt. disapproved it.
    He founded PGP Inc. in 1996.
    A year later it was sold to Network Associates.

    S/MIME Multipurpose Internet Mail


    Extension
    It was developed by RSA in 1996.
    It was built on public key cryptography standards
    It provides security for different data types and for email attachments.
    It has two key attributes: Digital signature
    Digital envelope

    Electronic Business MS114

    S/MIME Multipurpose Internet Mail


    Extension
    Signature is created using hashing algorithm which
    creates digest
    Digest is encrypted using public key cryptography.
    The digital signature ensures that nothing has been
    done to the message during transmission.
    The digital wallet ensures that message remains
    private.

    Electronic Business MS114

    UNIT-II

    MSP -Message Security Protocol


    It is mainly used by US government.
    It provides security for e-mails attachments across
    multiple platforms.
    It operates at application level.
    The message is send in encrypted format with the
    required decryption key to validate the message at the
    recipients end.

    Electronic Business MS114

    UNIT-II

    Das könnte Ihnen auch gefallen