CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
|
|
- Shon McBride
- 8 years ago
- Views:
Transcription
1 70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and Internet security. This is important in e-commerce security because authentication is necessary for verifying the identity of users which is crucial when an organization uses the Internet for its business. Strong authentication mechanisms ensure that persons involved in the transactions are the entities they claim to be. In e-commerce applications, encryption and decryption algorithms are used to secure communications and ensure the privacy of data sent from one customer to merchant vice versa. In this thesis, the proposed extended SGC-PKC algorithm has been used to provide non-repudiation through self signatures which proves that a specific user has performed certain operations at a given time. The extended SGC-PKC algorithm proposed in this work provides a secure and non-breakable environment for deploying e-commerce and also provides a reliable environment for building virtually any type of electronic transactions, from corporate intranets to Internet-based e-commerce applications.
2 71 Based on protocol developed in chapter 3 we will study the enhancements achieved by deploying ESGC-PKC to traditional explicit certificate based application. Traditional public key cryptographic systems use either hierarchical certification or web of trust based certification method to authorize the public key and identity of the certificate holder. SGC can be deployed in both these applications. This chapter explains the deployment of the proposed extended SGC-PKC algorithm in three non-commercial applications namely e-tender systems, online beneficiary system and financial management system. Security analysis has been carried out for each application with respect to authentication, confidentiality and integrity. 4.2 DEPLOYMENT OF ESGC-PKC IN AN E-TENDER SYSTEM Introduction Tendering is a method by which councils acquire goods and services and includes the core activities like the advertising of the requirements for goods or services, preparation of tender documents, registration of suppliers to receive tender documents, pre-qualification of suppliers for a particular tender, delivery of tender documents between the council and bidders, opening of responses to the tender, evaluation of responses to the tender and awarding of the contract. E-tendering is the method of carrying out the tendering process using electronic means such as, Internet and specialist e-tendering software applications. An e-tendering system facilitates the complete tendering process from the advertisement of the requirements through the placing of the contract. This includes the exchange of all relevant documents in electronic format. In order to realize better cost savings and to increase efficiency, replacing the manual paper-based tender procedures by electronic - facilitated
3 72 system has become an essential element in process re-engineering. With a highly automated e-tendering system, tendering works such as tender specification, advertising, tender aggregation as well as the evaluation and placing of the contract can be prepared at ease ESGC-PKC in e-tender By deploying the extended SGC-PKC in the e-tender system, the access control mechanism and also the security audit trails increase the security accountability. In this scenario, all bidders are able to generate their own keys for every tender publishing and they can separately register for a particular tender. In e-tendering, bidding information is to be collected by the system from every supplier for the opening process. Opening of bid is handled by use of a technique called e-chat, where in the bidding price of every bidder in the current tender is shown to others. The bidder opens his tender proposed document with the use of his keys, which is already generated by the bidder itself. By comparing the prices of all bidders, the administrator chooses the level 1 (lowest quoted) bidder at the same time. In the e-tendering application developed in this work, the user key generation module provides the public and private key for the bidder with the use of identity, partial key and secret value (obtained from the bidder). The bidders have been provided with a facility to view the list of tenders and make bidding on the tenders in which (tender) they are interested. The bidder can bid a tender by providing their bidding ID, tender reference number, tender amount quoted by the particular bidder, the tender document. Moreover, another bidder can also bid the same tender by providing their details by using a different web browser which wills multicast it to different bidding companies.
4 Online Meeting for e-tender The final stage of this e-tender system is the online meeting. After the bid documents have been submitted by the bidders, the documents are kept confidential and are maintained in a secured directory, to ensure that no one opens the documents before the due date. Only on the specified date, the documents can be opened as mentioned as bid opening date and time in the tender details. On the day of opening, the bidder has to login and visit the organization s site during the tender opening time period in order to view the opening of the bid documents. This application has been developed to enable the bidders to view the opening of the documents i.e. the server s state, from a remote machine while opening the bid documents. For this purpose, MulticastSockets are used in order to transmit the packets from the server to the bidder s remote system. The multicast datagram socket class has been used in the work for sending and receiving Internet Protocol (IP) multicast packets. Multicast is used here for communication in order to communicate only with a selected set of connected members. MulticastSocket is a User Datagram Packet (UDP), with additional capabilities for implementing joining "groups" of other multicast hosts on the Internet. A multicast group is specified by a class D IP address and by a standard UDP port number. One would join a multicast group by first creating a MulticastSocket with the desired port and then by invoking the joingroup (InetAddress groupaddr) method. When one sends a message to a multicast group, all subscribing recipients to that host and port receive the message. The sender socket needn't be a member of the multicast group to send messages to it. When a socket
5 74 subscribes to a multicast group/port, it receives datagram sent by other hosts to the group/port, as do all other members of the group. On successful decryption of the tender document for each and every bidder on the online chat, it is viewable by all the bidders for a tender. A certificate is created at this time based on the organization s formats and requirements provided during the registration process. This generated certificate will be used for signing the bidder document to ensure the authentication and confidentiality. Every bidder will join the chat and open his document. The corresponding bidder s price will be displayed in the online chat. At last, the lowest price bidder will be chosen as the bid winner which can be viewed by every bidder. Effect on turnaround time depends on number of bidders for existing e-commerce and extended SGC-PKC based e-commerce. The processing delay at the server was kept constant and data sizes for different bidders of 100KB, 200KB, 500KB and 1MB were used. This was done for different scenarios of product discovery from 1 to10 bidders, and the results are shown in Figure 4.1. Figure 4.1 Effect of turnaround time for different bidders
6 Security Analysis In an e-tender, where the consumer and the merchant communicate indirectly via software entities and the Internet, trust must be somehow established between the two parties. In order to achieve trust, the following security functions must be performed Authentication: Each party need to authenticate its counterpart, i.e. to make sure that the counterpart is the one he claimed to be. Integrity: Each party needs to make sure that the received messages are not altered or fabricated by other than their counterpart. Confidentiality: Each party wants to keep the content of their communication secret. Message authentication: Each party wants to make sure that the received messages do really come from his counterpart. In order to achieve these, digital certificates have been generated and used in this research work. The generation of digital certificates for a bidder s happens using a sequence of steps. Once the bidder fills the form and submits it, the data submitted by the bidder is encrypted using the extended SGC-PKC algorithm proposed in this work. The implemented new proposed SGC algorithm has been implemented using the Java Cryptographic Extension (JCE) feature. The encrypted values are sent to the merchant site as byte values. On the merchant site, the byte values are converted back into BigIntegers and are decrypted using their private keys.
7 76 On successful decryption, a directory will be created for that bidder by the name of the unique Tax payer s Identification Number (TIN). In that directory, a unique digital certificate will be created for that bidder organization unit by the name of that TIN. The certificate is created based on the organization details provided during the registration process. This generated certificate is used for signing the bidder document to ensure the authentication, integrity and confidentiality. 4.3 ESGC-PKC FOR ONLINE BENEFICIARIES FUND TRANSFER Introduction The second application considered in this research work is the Online Beneficiaries Fund Transfer, where the newly proposed SGC-PKC algorithm has been deployed and tested. This deployment of extended SGC- PKC algorithm in the online beneficiaries funds transfer applications eliminates the potential threats and vulnerabilities that can occur on this online system Security Model The security model for the online beneficiaries fund transfer application is based on the extended SGC-PKC without pairings. This integration of online transactions and non-pairing based extended SGC-PKC, in the online beneficiary fund transfer system provides an enormous potential in the real time environment. Implementation of this model has been carried out using Java security class methods since they provide methods for generating public key certificates. However, the built-in methods of Java have been extended in this
8 77 research work in order to implement the newly proposed extended SGC-PKC algorithm. The certificate can be used to verify that a public key belongs to an individual. Canonical encoding rules (CER) have been used in this work which is a restricted variant of Basic Encoding Rules for producing unequivocal transfer syntax for data structures. A Personal Information Exchange (PFX) file has been used in this implementation file which contains public and private key information used to securely sign, encrypt or authenticate something. This file is typically used as a means of creating certificates to authenticate Websites, applications or encrypted file systems. The Figure 4.2 shows the extended self-generated-certificate developed in this work. Figure 4.2 Certificate of ESGC
9 Online Beneficiaries Fund Transfer The extended SGC-PKC without pairings proposed in this work can fit in any application, where the user wants to do transactions with multiple users in secure manner i.e., it will be adopted in one-to-many communications. In this application, the users need to register themselves before they perform any transactions. Whenever the user registers all his/her details, the user must accept the terms and conditions so that when they submit it to the key generation module, a certificate will be generated. The online beneficiary fund transfer security model proposed in this work has been implemented as aforesaid online chatting, where every account has its own public key certificate to communicate with the server. So, the customer can communicate with other customers (who are all beneficiaries) via the server and also the customer can do one-to-many transactions by selecting a particular beneficiary who is in the created list. In the current online transaction processing systems, an online fund transfer using a beneficiary happens with one side authentication only where the customer has the beneficiary s account number for transaction. The customer submits the money transfer order to the bank then the bank validates the request and transfers the money to the beneficiary s account. The communication between the customer and the bank is performed using SSL (https), where the customer s request is encrypted and sent to the bank server. In the server, the request is decrypted using the private key of the customer and it is processed. After the successful processing of the request, the amount will be transferred to the beneficiary s account from the customer s account. In this research work, the proposed extended SGC-PKC has been integrated with the beneficiary application for improving the security measures in the online account-to-account fund transfer. The following
10 79 features are provided for registering in our online banking account-to-account fund transfer application. Therefore, the customers are requested to register by providing the information requested in the registration form. Based on the customer s details (information), individual certificates are generated by this application for each and every customer. After registration, the customer can login with use of created username, password and the provided pin number. After login, the customer can view their details and in addition they can perform other operations like checking the balance amount, withdrawing and depositing. In the same page, the customer can include a list of other customers in the beneficiaries list and the customer can have an authenticated transaction with these beneficiaries Beneficiary Module The beneficiary list is created by the customer by providing beneficiary details for their registration. Now, the beneficiary (another customer) is sent with a message with the options Accept and Reject for the confirmation of the list based on their willingness to be a beneficiary. After the beneficiaries are included in the customer list, the facility for transfer of amount to multiple beneficairies will be established by this application. This system contains all the beneficiary names to the particular customer and also shows the balance amount of him/her and ask for transferring amount. Once the transaction is over, the balance amount will be shown to the customer. Figure 4.3 shows the effect on turnaround time depends on number of beneficiaries for existing online beneficiaries fund transfer and extended SGC-PKC based online beneficiaries fund transfer.
11 80 Figure 4.3 Effect of turnaround time for different beneficiaries Security Analysis This non-pairing extended SGC-PKC supported online beneficiary fund transfer has been designed in such a way that it provides the security services like authentication of beneficiaries. This type of security solutions for online payment transactions prevents payments from being manipulated by non-beneficiaries. While making a payment, the extended SGC-based security services prompts the customers to verify the data provided upon entering a beneficiary to whom the customer have not made a funds transfer before using a high profile password. Authentication is not required however for all new beneficiaries. The beneficiaries who are already approved do not require re-verification. It enables the customers to confirm new beneficiaries easily. The online account-to-account fund transfer is based on reliable customers as beneficiaries and hence it ensures integrity. The encryption and decryption are happened by the user generated keys, thus there will be surety on the data transaction between the beneficiaries.
12 FINANCIAL MESSAGING SYSTEM USING ESGC-PKC Introduction Financial Messaging is used word-wide in different countries on various forms for financial message transactions. Financial Messaging System finds maximum utilization is Electronic Fund Transfer Systems. The primary goal of any Electronic Fund Transfer Systems is to enable the circulation of money in its economy. Fund Transfers can happen between inter or intra banks where it is necessary to carry out these transactions securely and efficiently. It is recognised worldwide that an efficient and secure payment system is an enabler of economic activity. It provides the features essential for effecting payments and transmission of monetary policy. Payment systems have encountered many challenges in the past and are constantly adapting. The four broad tenets of any financial messaging system are Safety, Security, Soundness and Efficiency, which are necessary to reduce risk. A security system for financial system must address the issues relating to confidence, with specific reference to the users of these systems. In such systems, soundness will be aimed at ensuring that the systems are built on strong edifices and that they stand the test of time. Efficiency represents the measures aimed at efficiencies in terms of costs so as to provide optimal and cost effective solutions. Most of the current finance systems are built using PKI for securing its transaction. Even though PKI is widely adopted and well known security infrastructure, it has some serious draw back (Ellison and Schneier 2007) Financial Messaging System Application In this thesis, financial messaging system is the third application which has been considered for testing proposes extended SGC-PKC. This
13 82 SGC-PKC can fit in any application, where the user wants to do transactions with multiple users in secure manner i.e., it will adapt to one-to-many communications. In this application, the users must register themselves before performing any transactions. Whenever the user registers all his/her details are given to the system and the user must accept the terms and conditions provided by the system. When the user completes the registration procedure, the system generates a digital certificate to the user Communication Figure 4.4 shows the architecture of Financial Messaging System. Bank A is directly connected to Central Server, the banks C and D are members of the Common Gateway and their branches are connected to Common gateway which in turn is connected to Central Server. In the architecture shown in Figure 4.4 and the message flow for intra and interbank scenarios are explained in subsequent sections. Figure 4.4 FMS architecture
14 Intra-bank Messages The intra-bank message flow has been specially handled by the Bank internal server or using common gateway Inter-bank Messages In general, the Inter-bank Bank messages flow first to parent Gateway, then to Server, and finally to Destination Gateway towards the destination Branch. However, under common gateway, if the message is meant for another bank which is a member of common Gateway, the parent Gateway and destination gateways would be under same server and because of this FMS treats as intra-bank message from and to a member bank under common gateway would be treated as intra and this would be transparent to the users. In view of the Figure 4.4, the messages flow between Bank C to Bank D though inter-bank in nature would be handled as an intra-bank. The Current FMS system uses the traditional PKI system for all communication messages which requires the trusted third party to verify the certificate, which can be replaced with SCG certificates. Figures 4.5 and 4.6 shows the implementation of messages are sending and receiving securely by the extended SGC-PKC based algorithm from user to server. The message has been encrypted with the public key of the certificate created for that user. The encrypted message along with the file attached is sent to the server by means of the Financial Messaging System, which takes care of the encrypted messages which is being sent from client to the server. The message and document are decrypted at the server side by means of the private key from the certificate generated for that user. The main operation carried out by this system is fund transfer.
15 84 Figure 4.5 Sending messages Figure 4.6 Receiving messages
16 85 Figure 4.7 shows the effect on turnaround time depends on number of banks for existing financial messaging system and extended SGC-PKC based financial messaging system. Figure 4.7 Effect of turnaround time for different banks Security Analysis Authentication Authentication is performed easily by verifying the use of destination bank certificate. All the banks that are having the relevant keys are generated by the key generation module which is used for verification. The ESGC binds the bank identity and the public key together. The authentication is greatly achieved because the verification is done only by the sender s public key and its identity. It ensures that the origin of a request message or response message for creating the destination list is correctly identified, with an assurance that the identity is not false.
17 86 Integrity With respect to the newly proposed SGC, if there are any changes in the bank details then the public key, private key and the certificate are made by the respective bank only by creating a new certificate. The transaction is held without loss of data because all the cipher contents are generated by use of the relevant keys. Thus, the keys are generated based on the information given by the bank and also it is purely generated by the bank only. Moreover, the keys for extraction are known only to the banks. Thus, it ensures that only authorized banks are able to access/view the transmitted information. Confidentiality Confidentiality ensures that the transmitted information is accessible only for reading by authorized banks. The encryption and decryption are purely done by the keys involved in the certificate which is generated by the customer itself. So, there is no point on non-privacy on the information which is transmitted on beneficiary based account-to-account fund transfer. This is accomplished by enforcing access control policies. 4.5 RESULTS AND DISCUSSION Table 4.1 shows the comparison of the time consumption of various public key algorithms and key management schemes for three e-commerce applications. It shows that for all three e-commerce applications the ESGC- PKC is consume very low number of seconds compared with the existing algorithms based e-commerce applications.
18 87 Table 4.1 Time consumption of various PKC for secure transactions (in seconds) Applications/ Algorithms E-Tender Online Beneficiary Fund Transfer (in milliseconds) Financial Messaging RSA ELGAMAL ECC SGC-PKC ESGC-PKC Time comparison between the existing non-commercial e-commerce application and SGC based e-commerce applications is shown in Figure 4.8. For the newly proposed SGC based e-commerce applications, the time consumption is very low with the existing cryptosystem based e-commerce applications. The main part of computation is purely depending on the number of secure transactions. Figure 4.8 ESGC transaction performances
19 88 Table 4.2 shows a comparison of the newly proposed SGC-integrated e-commerce system security before and after. The comparison is based on effectiveness of blocking security attacks related to the system. It is focused that the newly proposed SGC algorithm is handled all the attacks. Table 4.2 A comparison of ESGC-integrated e-commerce before and after Security Services Security Attacks Before ESGC After ESGC Authentication Certificate Replacement No Completed IP spoofing Partial Completed Malicious Partial Completed Message Replacement No Completed DoS No Completed Access Control Buffer Overflow Partial Completed DoS No Completed Integrity Message Replacement No Completed Certificate Replacement No Completed Compromised Key Attack No Completed Confidentiality Brute-Force Partial Completed Dictionary Partial Completed Figure 4.9 shows the efficiency comparison between the existing e-commerce applications and the extended SGC-based e-commerce applications algorithms regarding various security services such as confidentiality, authentication, access control and integrity. The efficiency comparison is purely based on the results of the security attacks on various security services as mentioned in the Table 4.2. It is found from the
20 89 comparison only the newly proposed SGC based application is able to employ all the security services. Figure 4.9 Efficiency of security services on deployed e-commerce 4.6 SUMMARY The proposed ESGC-PKC has been deployed in an e-tender system that maintains several bidders. The bidders are bidding for a particular tender, the level 1 bidder is chosen by use of e-chat in the presence of all other bidders in the meeting and the various security analysis will provided. By integrating the ESGC-PKC with FMS based fund transfer, one bank can transact with multiple banks in secure manner. It is proved that the major security services like authentication, integrity and confidentiality are achieved. Non-pairing ESGC-PKC has been deployed on online beneficiary based account-to-account fund transfer and therefore one customer can transact with multiple customers in secure manner. It is proved that the major security services like authentication, integrity and confidentiality is also achieved. Finally, Financial Messaging System has been implemented as the third application. By deploying the proposed extended SGC-PKC in all these applications, the security of these e-commerce systems has been enhanced.
Overview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationSecurity & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173
Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationSecuring your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationUnderstanding Digital Certificates and Secure Sockets Layer (SSL)
Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationSecuring your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.
Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate A STEP-BY-STEP GUIDE to test, install and use a thawte Digital Certificate on your MS IIS Web
More informationChapter 10. Cloud Security Mechanisms
Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationWEBARROW: A CASE STUDY OF SECURE WEB DEPLOYMENT
WEBARROW: A CASE STUDY OF SECURE WEB DEPLOYMENT Namzak Labs White Paper, 2002-02 Version 1 September 30, 2002 Overview As deployment of computer applications over the Internet becomes more prevalent, companies
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationSecure Use of the New NHS Network (N3): Good Practice Guidelines
Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0003.01 Prog. Director Mark Ferrar Status Approved Owner Tim Davis Version 1.0 Author Phil Benn Version
More informationSSL Overview for Resellers
Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an
More informationELECTRONIC COMMERCE WORKED EXAMPLES
MODULE 13 ELECTRONIC COMMERCE WORKED EXAMPLES 13.1 Explain B2B e-commerce using an example of a book distributor who stocks a large number of books, which he distributes via a large network of book sellers.
More informationController of Certification Authorities of Mauritius
Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)
More informationWIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES
WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES Balachandra Muniyal 1 Krishna Prakash 2 Shashank Sharma 3 1 Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationUnderstanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions
A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationISM/ISC Middleware Module
ISM/ISC Middleware Module Lecture 13: Security for Middleware Applications Dr Geoff Sharman Visiting Professor in Computer Science Birkbeck College Geoff Sharman Sept 07 Lecture 13 Aims to: 2 Show why
More informationWebsense Content Gateway HTTPS Configuration
Websense Content Gateway HTTPS Configuration web security data security email security Support Webinars 2010 Websense, Inc. All rights reserved. Webinar Presenter Title: Sr. Tech Support Specialist Cisco
More informationChapter 37. Secure Networks
Chapter 37 Network Security (Access Control, Encryption, Firewalls) Secure Networks Secure network is not an absolute term Need to define security policy for organization Network security policy cannot
More informationSingle Sign-On Secure Authentication Password Mechanism
Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationMANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But
More informationSECURITY IN ELECTRONIC COMMERCE - SOLUTION MULTIPLE-CHOICE QUESTIONS
MULTIPLE-CHOICE QUESTIONS Each question has only one correct answer, which ought to be clearly pointed out with an 'X'. Each question incorrectly answered will be evaluated as minus one third of the mark
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More information10 Secure Electronic Transactions: Overview, Capabilities, and Current Status
10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationName: 1. CSE331: Introduction to Networks and Security Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35.
Name: 1 CSE331: Introduction to Networks and Security Final Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35 Total /135 Do not begin the exam until you are told to do so. You
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationUnderstanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions
Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationFramework of e-commerce
Framework of e-commerce Alka Arora Lecturer, Department of CSE/IT, Amritsar College of Engg.& Tech,Amritsar.143 001, Punjab, India, E-mail :alka_411 @rediffmail.com. Abstract This paper provides a detailed
More informationCoSign for 21CFR Part 11 Compliance
CoSign for 21CFR Part 11 Compliance 2 Electronic Signatures at Company XYZ Company XYZ operates in a regulated environment and is subject to compliance with numerous US government regulations governed
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationPowerChute TM Network Shutdown Security Features & Deployment
PowerChute TM Network Shutdown Security Features & Deployment By David Grehan, Sarah Jane Hannon ABSTRACT PowerChute TM Network Shutdown (PowerChute) software works in conjunction with the UPS Network
More informationWeb Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn
Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to
More informationEnterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere
Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere White Paper 7KH#&KDOOHQJH Virtual Private Networks (VPNs) provides a powerful means of protecting the privacy and integrity
More informationqwertyuiopasdfghjklzxcvbnmqwertyui opasdfghjklzxcvbnmqwertyuiopasdfgh jklzxcvbnmqwertyuiopasdfghjklzxcvb
qwertyuiopasdfghjklzxcvbnmqwertyui opasdfghjklzxcvbnmqwertyuiopasdfgh jklzxcvbnmqwertyuiopasdfghjklzxcvb The e-cheque System nmqwertyuiopasdfghjklzxcvbnmqwer System Specification tyuiopasdfghjklzxcvbnmqwertyuiopas
More informationDKIM Enabled Two Factor Authenticated Secure Mail Client
DKIM Enabled Two Factor Authenticated Secure Mail Client Saritha P, Nitty Sarah Alex M.Tech Student[Software Engineering], New Horizon College of Engineering, Bangalore, India Sr. Asst Prof, Department
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationYou re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com
SSL You re FREE Guide to (Secure Sockets Layer) What is a Digital Certificate? SSL Certificates, also known as public key certificates or Digital Certificates, are essential to secure Internet browsing.
More informationPRIVACY, SECURITY AND THE VOLLY SERVICE
PRIVACY, SECURITY AND THE VOLLY SERVICE Delight Delivered by EXECUTIVE SUMMARY The Volly secure digital delivery service from Pitney Bowes is a closed, secure, end-to-end system that consolidates and delivers
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationWhite Paper. Enhancing Website Security with Algorithm Agility
ENHANCING WEBSITE SECURITY WITH ALGORITHM AGILITY White Paper Enhancing Website Security with Algorithm Agility Enhancing Website Security with Algorithm Agility Contents Introduction 3 Encryption Today
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationWhat security and assurance standards does Trustis use for TMDCS certificate services?
Frequently Asked Questions What is a Digital Certificate? What is a Root Certificate? How do Digital Certificates Work? Who needs a Digital Certificate? How do I get a Digital Certificate Can I use my
More informationPrivyLink Internet Application Security Environment *
WHITE PAPER PrivyLink Internet Application Security Environment * The End-to-end Security Solution for Internet Applications September 2003 The potential business advantages of the Internet are immense.
More informationAngel Dichev RIG, SAP Labs
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine SSL
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationcipher: the algorithm or function used for encryption and decryption
! "# $ %& %'()! *,+ & -.! % %- / 0-1 2+ 34 576!! 8 9! ": ;
More informationSnow Agent System Pilot Deployment version
Pilot Deployment version Security policy Revision: 1.0 Authors: Per Atle Bakkevoll, Johan Gustav Bellika, Lars, Taridzo Chomutare Page 1 of 8 Date of issue 03.07.2009 Revision history: Issue Details Who
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More information159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
More informationCopyright Telerad Tech 2009. RADSpa. HIPAA Compliance
RADSpa HIPAA Compliance 1. Introduction 3 1.1. Scope and Field of Application 3 1.2. HIPAA 3 2. Security Architecture 4 2.1 Authentication 4 2.2 Authorization 4 2.3 Confidentiality 4 2.3.1 Secure Communication
More informationWhat is the point of encryption if you don t know who for?
1 What is the point of encryption if you don t know who for? Dr. Colin Walter Head of Cryptography - Comodo Inc. Chairman of Peripherals Working Group Trusted Computing Group. Co-chair - Cryptographic
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationSecurity Goals Services
1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;
More informationHow to Create E-Commerce Web Site
How to Create E-Commerce Web Site By A. Sittikorn Direksoonthorn BIS 3687: E-Banking and Payment System Assumption University 1/2004 Be on the Web, or Be out of Business Quick Win Agenda Encryption in
More informationGlobal Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)
Managed Communications JPMorgan - Global Client Access Managed Internet (EC Gateway) Managed Communications Overview JPMorgan offers a variety of electronic communications services that are reliable and
More informationELECTRONIC COMMERCE OBJECTIVE QUESTIONS
MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module
More informationAuthentication is not Authorization?! And what is a "digital signature" anyway?
Authentication is not Authorization?! And what is a "digital signature" anyway? Prepared by R. David Vernon Revised 12/01 Introduction REV 1A As part of the IT Architecture Initiative, the Office of Information
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationSecuring an IP SAN. Application Brief
Securing an IP SAN Application Brief All trademark names are the property of their respective companies. This publication contains opinions of StoneFly, Inc., which are subject to change from time to time.
More informationCSCI 454/554 Computer and Network Security. Topic 8.1 IPsec
CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why
More informationWhite Paper Delivering Web Services Security: The Entrust Secure Transaction Platform
White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More information