Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Security in Ecommerce

    Hochgeladen von

    Mukund Hinduja
    16 Ansichten18 Seiten
    The presentation encloses the security techniques and methods used for securing the pathway of E-Commerce.

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PPTX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    The presentation encloses the security techniques and methods used for securing the pathway of E-Commerce.

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    16 Ansichten18 Seiten

    Security in Ecommerce

    Hochgeladen von

    Mukund Hinduja
    The presentation encloses the security techniques and methods used for securing the pathway of E-Commerce.

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 18

    DESIGNING SECURITY

    IN E-COMMERCE
    By- Mukund Hinduja
    Introduction
    What is E-Commerce Security ?

    E-Commerce security is the protection of e-commerce assets from unauthorized


    access, use, alteration or destruction.
    Network Security Goals
     Confidentiality: Ability to ensure that messages and data are available only to those who
    are authorized to view them.

     Integrity: Ability to ensure that information being displayed on a web site or


    transmitted/received over the internet has not been altered in any way by an unauthorized
    party.

     Availability: Ability to ensure that an e-commerce site continues to function as intended.

     Authentication: Ability to identify the identity of a person or entity with whom you are
    dealing on the internet.

     Nonrepudiation: Ability to ensure that e-commerce participants do not deny online


    actions.
    Introduction to “Cryptography”

     Plaintext : The message


     Encryption : To put information into a special form(code) especially in
    order to stop people being able to look at or understand it.
     Ciphertext : The encrypted message
     Decryption : The process of retrieving the plaintext from the ciphertext
     Encryption and Decryption makes use of a "key and a coding method”.
    Concept of Encryption and Decryption
    Goals of Cryptography
     Security goals:
    privacy (secrecy, confidentiality)
    • only the intended recipient can see the communication.

    authenticity (integrity)
    • the communication is generated by the alleged
    sender.
    Encryption techniques
     There are three important encryption
    techniques now in use:
     Symmetric or “private key” encryption

     Asymmetric or “public key” encryption

     Digital signature, which are based on a


    variation of public key encryption.
    Symmetric Encryption Technique
    Asymmetric algorithm
    - Use different key for encryption and decryption.
    - Permits the encryption key to be public (anyone can encrypt with the sites
    public key), whereas only the right recipient or site can decrypt the message.
    - The encryption key is also called public key and the decryption key is called
    secret key or private key.
    Encryption key Decryption key

    Plaintext Ciphertext Original plaintext


    Encryption Decryption Bhupendra
    Mukund
    Public-key cryptosystem-authentication mode
    Public-key cryptosystem-encryption mode
    Cryptography-based protocols,
    applications & solutions
     Secure Socket Layer (SSL/TLS)
     Digital Signatures
     Digital Certificates
     Secure Electronic Transaction (SET)
     Authentication POP (APOP)
     Pretty Good Privacy (PGP/GPG)
     Kerberos
     Secure shell (SSH)
    Pretty Good Privacy (PGP/GPG)
     An application for encryption, digitally signing, decryption, and
    verifying the integrity and authenticity of messages.
     Allows user to encrypt/decrypt whole message using a veriety of
    public key encryption algorithms.
     Allow user to create and verify digital signatures.
     Now available, in a variety of ports and re- writes, for all popular
    operating systems.
    Secure ElectronicTransaction (SET)

     An open encryption and security specification for protecting


    payment card transaction on the internet
     Feature:
    1) Protects privacy of transmitted payment and ordering
    2) Ensures integrity of all transmitted data
    3) Provides authentication that a payment card holder is a
    legitimate
    4) Allows payment card holder to verify that the merchant has a
    relationship whit an institution that allow it to accept payment
    cards.
    Digital Signatures
     An electronic and Digital Signatures
     Authenticates the identity of the sender of a message, or the signer of a
    document,
     Or ensures that the contents of a message are intact.
     Digital Signatures features:
     Are easily transportable,
     Cannot be imitated by someone else,
     And can be automatically time-stamped.
     The ability to ensure that the original signed message arrived means
    that :
    • the sender can not easily repudiate it later.
    Digital Signatures
     Digital Signatures are a cryptographic technique and are one of the
    most important application of asymmetric public-key cryptography.
     They are electronic or digital signature that can be used to
    authentication the identity of the sender of the message or the
    signer of the document(to ensure that content of the sent message
    unchange) .
     A “Signature” is a pair of functions (Sig , Ver) of a key pair and a bit
    stream M.
    Digital Signatures
    THANKYOU

    Das könnte Ihnen auch gefallen