Beruflich Dokumente
Kultur Dokumente
E-commerce 2017
business. technology. society.
13th edition
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
dimensions of e-commerce security, and the tension between security and other values. • Class Discussion
• 5.2 Identify the key security threats in the e-commerce environment. – What is the difference between hacking and cyberwar?
• 5.3 Describe how technology helps secure Internet communications channels and protect – Why has cyberwar become potentially more
networks, servers, and clients. devastating in the past decade?
• 5.4 Appreciate the importance of policies, procedures, and laws in creating security. – Is it possible to find a political solution to MAD 2.0?
• 5.5 Identify the major e-commerce payment systems in use today. – What damage can be done by cyberweapons like
• 5.6 Describe the features and functionality of electronic billing presentment and payment Flame and Snake?
systems.
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
1
07-Oct-17
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
Figure 5.1: The E-commerce Security Table 5.3: Customer and Merchant
Environment Perspectives on the Different Dimensions of
E-commerce Security
DIMENSION CUSTOMER’S PERSPECTIVE MERCHANT’S PERSPECTIVE
Integrity Has information I transmitted or Has data on the site been altered without
received been altered? authorization? Is data being received from
customers valid?
Nonrepudiation Can a party to an action with me later Can a customer deny ordering products?
deny taking the action?
Authenticity Who am I dealing with? How can I be What is the real identity of the customer?
assured that the person or entity is who
they claim to be?
Confidentiality Can someone other than the intended Are messages or confidential data accessible to
recipient read my messages? anyone other than those authorized to view
them?
Privacy Can I control the use of information What use, if any, can be made of personal data
about myself transmitted to an collected as part of an e-commerce transaction?
e-commerce merchant? Is the personal information of customers being
used in an unauthorized manner?
Availability Can I get access to the site? Is the site operational?
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
2
07-Oct-17
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
3
07-Oct-17
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
4
07-Oct-17
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
5
07-Oct-17
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
• DDoS smokescreening
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
6
07-Oct-17
• Heartbleed bug • Fake offerings, fake Like buttons, and fake apps
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
7
07-Oct-17
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
• Protecting networks
– Firewalls, proxy servers, IDS, IPS
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
8
07-Oct-17
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
9
07-Oct-17
Public Key Cryptography Using Digital Figure 5.7: Public Key Cryptography with
Signatures and Hash Digests Digital Signatures
• Sender applies a mathematical algorithm (hash function) to
a message and then encrypts the message and hash
result with recipient’s public key
• Sender then encrypts the message and hash result with
sender’s private key—creating digital signature—for
authenticity, nonrepudiation
• Recipient first uses sender’s public key to authenticate
message and then the recipient’s private key to decrypt the
hash result and message
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
10
07-Oct-17
Digital Certificates and Public Key Figure 5.9: Digital Certificates and
Infrastructure (PKI) Certification Authorities
• Digital certificate includes:
– Name of subject/company
– Subject’s public key
– Digital certificate serial number
– Expiration date, issuance date
– Digital signature of CA
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
11
07-Oct-17
• Anti-virus software
– Easiest and least expensive way to prevent threats to system
integrity
– Requires daily updates
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
12
07-Oct-17
• Security audit
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
13
07-Oct-17
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
14
07-Oct-17
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
Copyright © 2018, 2017, 2016 Pearson Education, Inc. All Rights Reserved
15