Three-Tier Security Model for E-Business: Building Trust and Security for Internet Banking Services

Size: px
Start display at page:

Download "Three-Tier Security Model for E-Business: Building Trust and Security for Internet Banking Services"

Transcription

1 ISBN (Print), (CD-ROM) Proceedings of the Second Symposium International Computer Science and Computational Technology(ISCSCT 09) Huangshan, P. R. China, 26-28,Dec. 2009, pp Three-Tier Security Model for E-Business: Building Trust and Security for Internet Banking Services Yu Lasheng 1, and MUKWENDE Placide 2 1 Central South University/Department of Computer Science, Changsha, China 2 Central South University/Department of Computer Science, Changsha, China Abstract The biggest problem facing Internet banking today is the thorny issues of trust and security of online transactions. In fact, the vast majority of customers are concerned about the safety of their transaction, and they can t simply trust the web fearing that their transactions and credentials might not be safe due to the increasing number of online Internet attacks. A new model for processing Internet banking transactions is presented in this paper, it increases trust and security over the existing model, by allowing customers and banks to authenticate each other, and sign processed transactions online, It enhances security through use of a three-tier, trusted, layered, and secure channel. The model ensures that only qualified people can access Internet banking accounts, that the information viewed remains private and can t be modified by third parties, and that any transactions made are traceable and verifiable. Index Terms Internet banking, security model, transaction signing, mutual authentication, Application Layer Security I. INTRODUCTION The emergence of the Internet as the global distribution medium is motivating the banking industry to grow their computerized network through the use of Internet Banking. Doing such business via Internet introduces new challenges for security and trustworthiness. Trust and security are key enablers of the Information Society; specifically, they are the first and foremost requirements needed to be addressed by Internet banking systems. For customers to use Internet banking services comfortably, they must have confidence that their online services are trustworthy and secure. Similarly, for banks to provide Internet banking services they need confidence in the security of online transactions. Internet security is well known and many security models and protocols have been developed for it. Secure Sockets Layer/Transport Layer Security (SSL/TLS) is recognized as the de facto Internet banking standard to offer trust and security for transactions [1]. It is claimed by Certification Authority(s) that the use SSL Certificate on company s Web server can securely collect customer s sensitive information online, win customer s trust, and increase business by giving customers confidence that their credentials and transactions are safe [2]. However, 2009 ACADEMY PUBLISHER AP-PROC-CS-09CN nowadays, trust and security has been diminished by the increasing number of local attacks (malicious software on client side such as, Trojan-horse), remote attacks (phishing, pharming), which are used to steal customer s credentials or SSL user session. An attacker can combine local and remote attacks; this can result in more serious damage [3]. In traditional banking, trust and security results from: firstly, customer and Bank to authenticate each other; secondly, they conducting transactions in a secure environment; and finally, signing and keeping copies of the transaction sheets by either party. This paper uses the same approach to restore trust in a digital environment by authenticating bank and customer using physical credentials to access Internet banking accounts, a threetier security model is used to provide a secure environment. Digital signatures are also used to imitate traditional paper-based signature into the digital realm by adding a digital "fingerprint" as a signature to an electronic transaction document, and either side keeps a copy of the signed document [4]. Firstly, this paper presents approaches of existing Internet banking security models, followed by the weaknesses of using SSL/TLS protocol alone to provide trusted environment for tunneling transaction data across Internet. Next, the paper shows how to create a trusted and secure environment using layered security protocols, and then proceeds by creating a Challenge-Response authentication scheme which is used to authenticate both customer and the bank. Finally we design an overview of a transaction singing scheme which shows how either party is signing the transaction document and how each one keeps a copy of the document, effectiveness of the new model are revealed. We end-up by highlighting what is important about this paper and possible considerations for future researchers. II. EXISTING INTERNET BANKING MODELS Internet-based (electronic) banking schemes rely on the existence of an Internet connection over which a customer can access bank services [5]. Customers can use existing "browser" software such as Mozilla Firefox or Microsoft's Internet Explorer as the client interface to the bank system. In this model, the bank's server provides

2 HTML forms-based interface through which customers can make requests and conduct transactions, communication security is provided by the SSL protocol which is built into the browser, or else, Customers can download Java applets from the bank-server's web site. The downloaded applet provides the interface through which customer transactions can take place. In this case, communication security is provided by the applet in addition to the security provided by SSL [E] (see Fig. 1). Any Internet banking system must solve the issues of authentication, confidentiality, integrity, and nonrepudiation; to ensure that only qualified people can access Internet banking accounts, that the information viewed remains private and can t be modified by third parties, and that any transactions made are traceable and verifiable [1]. For confidentiality and integrity, SSL/TLS is the de facto Internet banking standard, whereas for authentication and nonrepudiation, no single scheme has become predominant yet [1]. For that reason, the diversity of Internet banking models which exist today (using SSL as the trusted tunnel) depends on authentication methods available, and security level of a model depends on authentication mechanism used to counter attacks. Specifically, Internet banking authentication methods are classified according to their resistance to two types of common attacks: offline credential-stealing attacks, and online channel-breaking attacks. Figure 2 shows security level of existing models. Offline credential stealing attacks aim to fraudulently gather a user s credentials either by invading an insufficiently protected client PC via malicious software (such as a virus or Trojan horse) or by tricking a user into voluntarily revealing his or her credentials via phishing. Online channel-breaking attacks, instead of trying to get the user s credentials, the intruder unnoticeably interrupts messages between the client PC and the banking server by masquerading as the server to the client and vice versa [1]. The level of security (see Figure 2) depends on whether crosses the offline-credential stealing attacks boundary (in horizontal direction) and/or online-channelbreaking attacks boundary (in vertical direction). The Public Key Infrastructure (PKI) hard tokens, using challenge based authentication, has been proved to cross both attacks-boundaries [3] [1]. However, nonrepudiation Web Browser HTML, Username XML, JavaScript, Password Java Applet, E-Token Web Application Server JavaBeans XML JSP Application logic, data access, and security codes Figure1. Single-layer SSL web-based Security model for Internet banking system Security Repudiation of services Phishing attacks Malicious software attacks None Offline credential stealing attack boundary Static password (PW) One time PW (timer based) (challenge based) PKI Hard Token (Challenge based) Online chann breaking atta boundary Security mode Figure 2. Comparison of existing models based on authentication mechanisms, using SSL tunneling of transactions by any participating party (bank or customer) cannot be achieved. In addition due to limited knowledge of users to assess the difference between fake and authentic servers, secure and non-secure servers, protected and non-protected clients; reduces the level of security and trust provided by SSL tunnel, which implies the requirement to strengthen this tunnel with other tunnels. III. CHALLENGES OF SINGLE-LAYER-BASED SECURITY MODELS USING SSL/TLS PROTOCOL SSL/TLS protocol being used as the de-facto Internet security standard; provides authentication, confidentiality, integrity and nonrepudiation of messages transmitted over Internet between the web browser and the web server only [8] [11]. However, this protocol operates below the Application layer in TCP/IP networks and doesn t provide way to ensure whether a user is, in fact, who he or she claims to be by asking for direct or indirect proof of the knowledge about some sort of secrecy or credential. It is a common mistake for some users to believe that their online banking sessions are perfectly safe when they use an SSL connection. Security experts continually state that everything is safe if there is a yellow padlock symbol in the browser window or the URL start with https rather than http [2]. The following facts explain why SSL doesn t guarantee the safety and security of transaction over the Internet: SSL is designed as a secure tunnel from the end user computer s browser to the server s web server of the bank, doesn t protect the end points such as user s computer. A Trojan exploits this security hole. In addition to that, SSL is beyond providing end-user authentication services [3] [6]. The security offered by SSL is based on the use of digital certificates of financial entities web servers for which many internet users are not able to discern the validity of a certificate, and may not even pay attention to it [6]. 115

3 Different browsers versions will offer different levels of security as some are restricted to the use of strong cryptography. For example, some older versions of Netscape and Internet Explorer will even be restricted to offering only weak encryption, unless they are connecting to servers using Server-Gated Cryptography enabled SSL certificate. So, depending on the browser s vender and version some will only be capable of encrypting at 40 or 56-bit encryption, while more recent browser versions are capable of 128 and even 256-bit encryption key [2]. Not all Certification Authorities may be validated by all browsers. Some are recognized by a number of browsers, and there are even increasing number of fake CAs which may be recognized by some browsers [2]. These limit the service portability as some banks are enforcing security by restricting customers to use a particular browser (for instance: Bank of China restrict customers to use Internet Explorer, which implies that customers wanting Internet banking services are requested to use only Microsoft operating systems). The above mentioned facts prove that SSL is not enough to provide trust and security required for Internet banking. Therefore, it is mandatory to add other security protocols below and above it in order to provide a trusted environment for customers and banks to process their transactions safely. IV. BUILDING TRUST AND SECURITY WITH A THREE- TIER SECURITY MODEL Trust and security are key enablers of the Information Society; specifically, they are the first and foremost requirements need to be addressed by Internet banking systems. For customers to use and feel comfortable with Internet Banking services they must have confidence that their online services are trustworthy and secure. Similarly, for Banks to provide Internet banking services they need confidence in the security of online transactions. Trust and security are very closely connected. Trust depends on the actual architecture of the security management system, but the bottom line to gain users trust, the security management system must ensure users that the system is secured and well-protected [7]. In traditional banking trust and security are built-up by many reasons; but, the most important being: First, every bank must be authorized and certified by the controlling government to issue banking services; and then, customers are also certified by the government; banks process services which they offer in a secure environment (which is a secure office); next, customers requesting services need to authenticate themselves to the bank, similarly, banks are authenticated customers before starting their transactions; finally, each party verifies, validates and signs transaction documents, and keeps copy of the signed document. Authentication + Encryption + Certification Authority = Trust [2]. Authentication, Encryption, and Certification Authority are well known security mechanisms for processing Internet-based services for a very long time, and they are currently in use by the existing Internet banking models. However, they are not able to provide the required level of trust and security (for Internet banking) depending on the way they are used. In this section we explain how to adapt the traditional banking approach to increase the level of trust and security (over the existing one-tier SSL-based security model) using three-tier model for Internet banking. A. Building a Secure Environment In computing industry services reliability is achieved through duplication of all services involved over a number of different service providers at different levels. Thus, reliable security can be achieved by duplicating it over different levels. The existing environment (SSL trusted tunnel) has proved to have some weaknesses, and the level of security depends on the authentication mechanism used (back to section 2, Figure 2). Therefore, we need, first, to examine why high security provided by SSL is being weakened, and then try to build a secure environment by taking into account those weaknesses. SSL is designed as a secure tunnel from end-user s webbrowser (on client host) to the bank s web-server (on server host). A Trojan exploits this fact. For instance: a Trojan which drops a DLL and registers its CLSID as a browser helper object in the registry, is able to intercept any information that is entered into a web page before it is encrypted by SSL and sent out. (This is an example of a credential stealing attack). Another example: a Trojan running on an infected computer can alter the local host s file to redirect any request to an IP address controlled by the attacker. The Trojan can also install a self-signed root certificate on the infected computer (using free tools like OpenSSL to create these certificates), this enables attacker to generate official-looking SSL connections from the infected computer to the malicious web server hosting the spoofed Internet banking application. Once the user has been trapped on such a spoofed (fake) Internet banking application, the attacker can act as manin-the-middle and relay any challenge-response protocol that might be implemented by the original Internet banking application system. This in an example of a channel-breaking attack using a malicious software (a Trojan). Thus, SSL by itself is neither able to pass the offline-credential stealing attacks boundary nor able to cross the channel-breaking boundary. The only guaranteed way to counter against any form of channelbreaking attack: is by carefully checking the IP addresses Secure data Client Java Applet Web Browser Client Operating System Secure data Internet Banking Application Web Application Server Server Operating System Figure 3. Three-tier Security Model for Internet banking 116

4 involved in the session and their owners. To counter against all forms of credential-stealing attacks, is by: extending the number of passwords of password to infinity; encrypt the password before it is entered; and finally, change the method for entering authentication data, such that password can never be intercepted. Therefore, our model (see Figure 3) provides trustworthy security for Internet banking, by reinforcing SSL tunnel with two tunnels given one at the IP layer, and another at the Application layer, of TCP/IP networks. 1. Security Layer 1: Internet Protocol Security (IPSec Tunnel ) Internet Protocol security (IPSec) is a protocol, not a service, that provides confidentiality, integrity, and authentication services for IP-based network traffic. [8] Because IPSec provides host-to-host protection, can be used to counter network threats, including eavesdropping, tampering, man-in-the-middle attacks, IP spoofing, and other password-based attacks [11]. Taking advantages of IPv6 which has built-in support services for confidentiality and integrity of messages between hosts operating systems, with its huge address space, Internet Service providers will have sufficient IP addresses to allocate enough addresses to every customer so that every IP device has a truly unique address whether it is behind a firewall or not. In that situation where a customer is having a computer with a fixed IP address from which he always performs Internet banking operations; it is desirable to configure the bank s web server and customer s client to always establish a Virtual Private Network before customer s access to his Internet banking account. The recorded IP will always be used to authenticate the client host and its owner, and this will thwart all forms of channel-breaking attacks. 2. Security layer 3: Application Layer Security (ALS) Application layer security refers to methods of protecting web applications at the application layer from malicious attacks that may expose private information counter against all form of credential-stealing attacks [9] [10]. We achieve these by using tamper resisting offline smartcards that are based on Public Key Infrastructure (PKI): credentials are encrypted using public-private keys encryption before they are entered on the client computer (which may be infected). The number of password is increased from one to infinity using Challenge-based Mutual Authentication mechanism user can choose any random challenge number at any time (see Figure 4). To counter against any cross-site scripting attacks, symmetric encryption is done with the use of secret key (K S ) between the client Java Applet (A) and bank s server (B). It is necessary to note that the secret key needs not to be encrypted because of the security provided by the lower level layers. Using ALS above SSL, increases further the required level of confidentiality and integrity required for Internet banking. However, readers need to know that ALS is not a standard protocol as there is no single scheme that has become predominant yet for it [10]. B. Challenge-Based Mutual Authentication In the age of faceless Internet banking, authentication provides crucial online identity; customers and banks need to get to know one another before conducting business. The use of SSL to authenticate the bank s server to customer is weakened by the use of digital certificate which the customer is not able to discern, particularly, SSL doesn t provide user authentication which leads to remote attacks such as phishing, pharming and password-guessing. Use of simple passwords, even one-time passwords as well as token based authentication is vulnerable to local attacks such as Trojan-horse. A better way to provide authentication in order to improve security is through use of tamper resisting PKI Smartcards to identify customers, and Challenge- Response protocol to authenticate the bank s server. Figure 4 addresses how a customer and the bank authenticate each other. The bank s server is authenticated with the use of an offline smartcard, which has a built-in public key of the Bank (PU B ), a public and private key pair of the Customer (PU C, PR C ) and a public encryption algorithm such as RSA. The Server is maintaining all the public keys of customers with corresponding smartcards secrete identification (ID C ) numbers. For authentication the following steps (matched by number to figure 4) occur: Web browser Java Applet (A) (4) E(PUB, [IDC N1]) (5) KS E(PUc, [N1 TAN]) (6) E(PUc, [N1 TAN]) (3) E(PUB, [IDC N1]) Customer s Smartcard (C) (1) PIN (2) N1 (Random n digit challenge) Bank s Server (B) Customer Figure 4. PKI Challenge-Response Authentication Model 1. Customer is authenticated to the smartcard by entering the PIN number. 2. Customer enters an n-digit random challenge (N 1 ) into the smartcard. 3. The smartcard which is used in an offline card reader uses server s public key to encrypt customer s identity (ID C ) and a random challenge (N 1 ). The encrypted message is sent manually to the Java Applet client (A). 4. A forward the encrypted message to the bank s server (B). B decrypts the message with his private key and verifies the ID C and recovers N B sends a message to A containing session key (K S ) and a message encrypted with customer s public key 117

5 (PU C ) and containing customer s challenge number (N 1 ) as well as a transaction number (TAN). 6. The message received by A is entered manually into the smartcard (C), N1 is recovered and TAN is stored for future use during this session. The ID C must be a secret code that uniquely identifies the customer and his credit card. This code is sent to the server to authenticate the customer. For example; ID C may be a function of anything that can be used to identify customer (such as Social Security Number or username) and password (PIN), ID C = f k1 (SSN, PIN), and this value must be kept in banks database as f k2 (SSN, PIN) where k1 and k2 two different secret keys for a hash function f. This authentication scheme leaves an insider with little information which may be used to access customers banking accounts. The scheme verifies also the client and bank s certificates, which enhances the degree of trust between customer and bank. C. Transaction Signing In traditional banking, trust on the performed transaction comes from involving the two parties in approving and signing the transaction s agreement document and put a stamp on it; each party keeping a copy of the signed and stamped document after the transaction is over. Clearly, no one can refute the transaction as his signature is unique, and no one else knows how to sign the document except him. The same procedure can be used in e-business where a customer uses his PKI Smartcard s private key to sign the document while the bank uses its server s private key. A secret Transaction Number (TAN) generated by the bank s server acts as a stamp of the transaction. TAN act as the agreement number between the user and the server to perform all the transaction in the current session. TAN may be computed as a fixed length hash value of a function which takes the Customer identity (ID C ) and Bank identity (ID B ) and the current date and time; TAN = f(id C, ID B, Date & Time). TAN acts as a time stamp during the signing of transaction. Because, ID C, and ID B are kept private, it leaves the attacker with zero knowledge on how to generate this stamp. The following steps (matched by number to figure 5) occur during transaction verification and approval: Web browser Java Applet (A) (3) E(PRB, [MD TAN]) Customer s Smartcard (C) (1)Transaction request (2) E(PRB, [MD TAN]) (7) E[PRC, E(PRB, [MD TAN])] (6) E[PRC, E(PRB, [MD TAN])] (5) Signature authorization (PIN) (4) Transaction status message Figure 5. Transactions signing Model Bank s Server (B) Customer 1. A (customer s through the applet) request B to process the transaction. 2. B verifies the transaction, generates a message digest (MD) of the transaction, and sends to A a message containing MD and TAN encrypted with PR B. 3. A verifies the integrity of the transaction by computing MD of the transaction and compare it with that one gathered from B. The singed message from B is sent to C for approval. 4. C verifies TAN and generates a transaction status message and requests customer to approve the transaction by entering his PIN. 5. Customer approves the transaction by entering the smartcard PIN. However, a different PIN may be used toward better security. 6. C signs the message signed by B, and forwards it to A, and stores a copy for future reference. 7. A forwards the message to B. B verifies the customer s signature and authorize the processing of the transaction. V. EFFECTIVENESS OF THE NEW MODEL Any Internet banking system must solve the issues of authentication, confidentiality, integrity, and nonrepudiation [1]. Confidentiality and integrity have been built-up by constructing a secure environment, (using IPSec bellow SSL, and ALS above SSL), the environment counters all forms of credential-stealing attacks as well as channel-breaking attacks: information viewed remains private and can t be modified by third parties. For authentication, the model extends the onefactor PKI hard tokens (challenge-based authentication) to two-factor Client-Host-IP authentication and PKI- Mutual challenge-based authentication: only qualified people can access Internet banking accounts. Nonrepudiation which is not provided by any of the existing models has been provided by the new model using transaction signing scheme and keeping copies of processes transaction: any transactions made are traceable and verifiable. Trust is increased and ensured based on the following two hypotheses (which have been proved to be true Ref. [7]) Users tendency to trust is positively associated with the perceived level of security ; Banks assurances are positively associated with the level of trust in adopting internet banking. [7]. Figure 6, shows how the level of security has been increased with the new model. Thus, the level of trust has been increased with the new model. The security provided by the new model which crosses the two attacks boundaries, even providing nonrepudiation service, guarantees safety which can make customers trust Internet banking. With this model, as from now, banks can guarantee customers to be confident enough that Internet banking accounts can be 118

6 accessed from customers computer only, and that transactions made are traceable and verifiable (using even their smartcards), and if hackers attempt to do so with the use of another computer the banks will bear the liability and costs in cases. Security Repudiation of services Phishing attacks Malicious software attacks Offline credential stealing attack boundary None Static password (PW) One time PW Client Host IP (timer based) (challenge based) PKI Hard Tokens (Challenge based) PKI Mutual, Challenge based with Transaction signing Online channel breaking attack boundary Security model Figure 1. Effectiveness of the new model compared with the security of existing models. VI. CONCLUSION Implementing the three-tier security model for Internet Banking will offer safe Internet banking transactions that protect both the customers and banks. Customers will gain confidence that they are sending their personal information to legitimate banks servers and not impostors, and that the privacy of their transaction and credentials is ensured during the transmission over the unsafe network. In turn, the banks and customers will receive signed transactions that either party cannot later refute as each party will have copies of signed and stamped transactions. The use of IPSec increase trust as only the customers PCs can be used online to access customers related accounts. The use of PKI offline smartcard readers to provide mutual authentication, ensures that only qualified people can access banking accounts. Signing transactions ensures that the transactions are traceable and verifiable. Hence, trust level is increased proportionally to the increased level of security. However, there is one overhead of manual data exchange between the offline smartcard reader and the client applet, which requires automation in future researches. REFERENCES [1] ALAIN Hiltgen, Zurich Thorsten Kramp, and Thomas Weigold, Secure Internet Banking Authentication, IEEE 2006 [2] Thawte, The value of Authentication, 18 July [3] Candid Wueest: Threats to Online Baning, Symantec Security Response, Dublin, 2006 [4] Osama Danhash, Phu Dung Le and Bala Srinivasan, Security Analysis for Internet Banking Models, (IEEE 2007) [5] Study.pdf. 13 August 2009 [6] Antonio San Martino, Xavier Perramon, Defending E- Banking Services; an Antiphishing Approach, IEEE [7] Prof. Ali Sanayei, Ali Noroozi, Security of Internet Banking Services and its linkage with Users Trust, IEEE 2009 [8] Willian Stallings, Cryptography and Network Security Principles and Practices, Fourth Edition (2006), pp [9] protection-wp.pdf, 22 August 2009 [10] 18, September 2009 [11] Ross J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2001, pp

Security Goals Services

Security Goals Services 1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;

More information

Threats to Online Banking

Threats to Online Banking WHITE PAPER: SYMANTEC SECURITY RESPONSE Threats to Online Banking Candid Wüeest Symantec Security Response, Dublin Originally published by Virus Bulletin, July 2005. Copyright held by Virus Bulletin, Ltd.,

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Securing your Online Data Transfer with SSL

Securing your Online Data Transfer with SSL Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

PrivyLink Internet Application Security Environment *

PrivyLink Internet Application Security Environment * WHITE PAPER PrivyLink Internet Application Security Environment * The End-to-end Security Solution for Internet Applications September 2003 The potential business advantages of the Internet are immense.

More information

Is your data safe out there? -A white Paper on Online Security

Is your data safe out there? -A white Paper on Online Security Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

What is an SSL Certificate?

What is an SSL Certificate? Security is of the utmost importance when doing business on the Web. Your customers want to know that their information is protected when crossing data lines. A Thawte SSL Web Server Certificate or SuperCert

More information

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure

More information

Secure web transactions system

Secure web transactions system Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

Chapter 10. Cloud Security Mechanisms

Chapter 10. Cloud Security Mechanisms Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based

More information

Economic and Social Council

Economic and Social Council UNITED NATIONS E Economic and Social Council Distr. GENERAL ECE/TRANS/WP.30/AC.2/2008/2 21 November 2007 Original: ENGLISH ECONOMIC COMMISSION FOR EUROPE Administrative Committee for the TIR Convention,

More information

SSL Overview for Resellers

SSL Overview for Resellers Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an

More information

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Understanding Digital Certificates and Secure Sockets Layer (SSL) Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173 Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

DEVELOPING CERTIFICATE-BASED PROJECTS FOR WEB SECURITY CLASSES *

DEVELOPING CERTIFICATE-BASED PROJECTS FOR WEB SECURITY CLASSES * DEVELOPING CERTIFICATE-BASED PROJECTS FOR WEB SECURITY CLASSES * Shamima Rahman Tuan Anh Nguyen T. Andrew Yang Univ. of Houston Clear Lake 2700 Bay Area Blvd., Houston, TX 77058 rahmans3984@uhcl.edu nguyent2591@uhcl.edu

More information

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc. Copyright 2007 Pearson Education, Inc. Slide 5-1 E-commerce business. technology. society. Second Edition Kenneth C. Laudon Carol Guercio Traver Copyright 2007 Pearson Education, Inc. Slide 5-2 Chapter

More information

LBSEC. http://www.liveboxcloud.com

LBSEC. http://www.liveboxcloud.com 2014 LBSEC http://www.liveboxcloud.com LiveBox Srl does not release declarations or guarantee regarding this documentation and its use and declines any expressed or implied commercial or suitability guarantee

More information

WEBARROW: A CASE STUDY OF SECURE WEB DEPLOYMENT

WEBARROW: A CASE STUDY OF SECURE WEB DEPLOYMENT WEBARROW: A CASE STUDY OF SECURE WEB DEPLOYMENT Namzak Labs White Paper, 2002-02 Version 1 September 30, 2002 Overview As deployment of computer applications over the Internet becomes more prevalent, companies

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications Slides by Connor Schnaith Cross-Site Request Forgery One-click attack, session riding Recorded since 2001 Fourth out of top 25 most

More information

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Chap. 1: Introduction

Chap. 1: Introduction Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed

More information

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon 1 Common security requirements Basic security tools Secret-key cryptography Public-key cryptography Example Online shopping with Amazon 2 Alice credit card # is xxxx Internet What could the hacker possibly

More information

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Applied Technology Abstract The Web-based approach to system management taken by EMC Unisphere

More information

Security IIS Service Lesson 6

Security IIS Service Lesson 6 Security IIS Service Lesson 6 Skills Matrix Technology Skill Objective Domain Objective # Configuring Certificates Configure SSL security 3.6 Assigning Standard and Special NTFS Permissions Enabling and

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

SSL Certificates 101

SSL Certificates 101 Whether you are an individual or a company, you should approach online security in the same way that you would approach physical security for your home or business. Not only does it make you feel safer

More information

Advance Technique for Online Payment Security in E-Commerce : Double Verification

Advance Technique for Online Payment Security in E-Commerce : Double Verification Advance Technique for Online Payment Security in E-Commerce : Double Verification Shilpa Research Scholar Shri Krishan Institute of Engineering & Technology, Kurukshetra University Kurukshetra, India er.shilpa2011@gmail.com

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

Web Security. Crypto (SSL) Client security Server security 2 / 40. Web Security. SSL Recent Changes in TLS. Protecting the Client.

Web Security. Crypto (SSL) Client security Server security 2 / 40. Web Security. SSL Recent Changes in TLS. Protecting the Client. 1 / 40 Crypto () Client security Server security 2 / 40 Trusting The Server s Client SET The Failure of SET Aside: The SET Root Certificate The Client s Server Who Issues Web Certificates? Mountain America

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

Security Evaluation CLX.Sentinel

Security Evaluation CLX.Sentinel Security Evaluation CLX.Sentinel October 15th, 2009 Walter Sprenger walter.sprenger@csnc.ch Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel.+41 55-214 41 60 Fax+41 55-214 41

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Information Security

Information Security Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked

More information

ISM/ISC Middleware Module

ISM/ISC Middleware Module ISM/ISC Middleware Module Lecture 13: Security for Middleware Applications Dr Geoff Sharman Visiting Professor in Computer Science Birkbeck College Geoff Sharman Sept 07 Lecture 13 Aims to: 2 Show why

More information

Network Security: Introduction

Network Security: Introduction Network Security: Introduction 1. Network security models 2. Vulnerabilities, threats and attacks 3. Basic types of attacks 4. Managing network security 1. Network security models Security Security has

More information

information security and its Describe what drives the need for information security.

information security and its Describe what drives the need for information security. Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.

More information

Layered security in authentication. An effective defense against Phishing and Pharming

Layered security in authentication. An effective defense against Phishing and Pharming 1 Layered security in authentication. An effective defense against Phishing and Pharming The most widely used authentication method is the username and password. The advantages in usability for users offered

More information

DreamFactory Security Whitepaper Customer Information about Privacy and Security

DreamFactory Security Whitepaper Customer Information about Privacy and Security DreamFactory Security Whitepaper Customer Information about Privacy and Security DreamFactory Software publishes rich applications for salesforce.com. All of our products for salesforce use the DreamFactory

More information

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat. Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity

More information

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to

More information

Cryptography and network security CNET4523

Cryptography and network security CNET4523 1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local

More information

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Comodo Authentication Solutions Overview

Comodo Authentication Solutions Overview Comodo Authentication Solutions Overview Client Authentication Certificates Two-Factor Authentication Content Verification Certificates Mutual Authentication Foreword Conducting business online offers

More information

By Jan De Clercq. Understanding. and Leveraging SSL-TLS. for Secure Communications

By Jan De Clercq. Understanding. and Leveraging SSL-TLS. for Secure Communications By Jan De Clercq Understanding and Leveraging SSL-TLS for Secure Communications ii Contents Chapter 2: Leveraging SSL/TLS for Secure Web Communications....... 21 Setting Up SSL/TLS on a Web Server..................................

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

Using Entrust certificates with VPN

Using Entrust certificates with VPN Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics

More information

TELE 301 Network Management. Lecture 18: Network Security

TELE 301 Network Management. Lecture 18: Network Security TELE 301 Network Management Lecture 18: Network Security Haibo Zhang Computer Science, University of Otago TELE301 Lecture 18: Network Security 1 Security of Networks Security is something that is not

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/ DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing

More information

When visiting online banking's sign-on page, your browser establishes a secure session with our server.

When visiting online banking's sign-on page, your browser establishes a secure session with our server. The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server. How Encryption

More information

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication Page 1 of 8 Introduction As businesses and consumers grow increasingly reliant on the Internet for conducting

More information

Beginner s Guide to SSL Certificates

Beginner s Guide to SSL Certificates WHITE PAPER: BEGINNER S GUIDE TO SSL CERTIFICATES White Paper Beginner s Guide to SSL Certificates Making the Best Choice When Considering Your Online Security Options Beginner s Guide to SSL Certificates

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

BEGINNERS GUIDE BEGINNERS GUIDE TO SSL CERTIFICATES: MAKING THE BEST CHOICE WHEN CONSIDERING YOUR ONLINE SECURITY OPTIONS

BEGINNERS GUIDE BEGINNERS GUIDE TO SSL CERTIFICATES: MAKING THE BEST CHOICE WHEN CONSIDERING YOUR ONLINE SECURITY OPTIONS BEGINNERS GUIDE TO SSL CERTIFICATES: MAKING THE BEST CHOICE WHEN CONSIDERING YOUR ONLINE SECURITY OPTIONS BEGINNERS GUIDE TO SSL CERTIFICATES INTRODUCTION Whether you are an individual or a company, you

More information

ADVANCE AUTHENTICATION TECHNIQUES

ADVANCE AUTHENTICATION TECHNIQUES ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,

More information

Introducing etoken. What is etoken?

Introducing etoken. What is etoken? Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Fundamentals of Network Security - Theory and Practice-

Fundamentals of Network Security - Theory and Practice- Fundamentals of Network Security - Theory and Practice- Program: Day 1... 1 1. General Security Concepts... 1 2. Identifying Potential Risks... 1 Day 2... 2 3. Infrastructure and Connectivity... 2 4. Monitoring

More information

BEGINNER S GUIDE TO SSL CERTIFICATES: Making the best choice when considering your online security options

BEGINNER S GUIDE TO SSL CERTIFICATES: Making the best choice when considering your online security options BEGINNER S GUIDE TO SSL CERTIFICATES: Making the best choice when considering your online security options BEGINNERS GUIDE TO SSL CERTIFICATES Introduction Whether you are an individual or a company, you

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

Keystroke Encryption Technology Explained

Keystroke Encryption Technology Explained Keystroke Encryption Technology Explained Updated February 9, 2008 information@bluegemsecurity.com (800) 650-3670 www.bluegemsecurity.com Executive Summary BlueGem Security is introducing keystroke encryption

More information

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,

More information

SSL VPN vs. IPSec VPN

SSL VPN vs. IPSec VPN SSL VPN vs. IPSec VPN White Paper 254 E. Hacienda Avenue Campbell, CA 95008 www.arraynetworks.net (408) 378-6800 1 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc. SSL VPN vs. IPSec VPN White

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Citrix MetaFrame XP Security Standards and Deployment Scenarios

Citrix MetaFrame XP Security Standards and Deployment Scenarios Citrix MetaFrame XP Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame XP Server for Windows with Feature Release 3 Citrix Systems, Inc. Information in this document

More information

Last update: February 23, 2004

Last update: February 23, 2004 Last update: February 23, 2004 Web Security Glossary The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to

More information

A Study on Secure Electronic Medical DB System in Hospital Environment

A Study on Secure Electronic Medical DB System in Hospital Environment A Study on Secure Electronic Medical DB System in Hospital Environment Yvette E. Gelogo 1 and Sungwon Park 2 * 1 Catholic University of Daegu, Daegu, Korea 2 Department of Nursing, Hannam University, 133

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

GT 6.0 GSI C Security: Key Concepts

GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts Overview GSI uses public key cryptography (also known as asymmetric cryptography) as the basis for its functionality. Many of the

More information

Strong Security in Multiple Server Environments

Strong Security in Multiple Server Environments White Paper Strong Security in Multiple Server Environments VeriSign OnSite for Server IDs Contents 1. Introduction 1 2. Security Solutions: The Digital ID System 2 2.1. What Is a Digital ID? 2 2.2 How

More information

Why you need secure email

Why you need secure email Why you need secure email WHITE PAPER CONTENTS 1. Executive summary 2. How email works 3. Security threats to your email communications 4. Symmetric and asymmetric encryption 5. Securing your email with

More information

Securing mobile devices in the business environment

Securing mobile devices in the business environment IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile

More information

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure) Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.

More information