|
O
O
r `se of anti-virus software is perhaps the first defense
against any virus attacks and one of the most significant
technology for ensuring that the systems do not mal
function due to virus attacks.
r Since virus attacks have the potential to cause damage to
both the information and systems of each of the players in
e-commerce, the trading partners hesitate to use a system
that is prone to virus attacks.
r It is, therefore, essential to ensure that no malicious code
is communicated to their systems via the e-commerce
infrastructure.
r Equally important is that the session between the two
trading partners does not attract any virus threats.
· #· #
· # ·#
a
!"
$
"
·
r ut the
of a firewall is derived from its ability to be
selective about what it lets through and what it blocks. It can
"filter" the arriving packets based upon any combination of
the originating machine's IP address and port and the
destination machine's IP address and port.
r Hardware -irewalls
Protect an entire network
Implemented on the router level
`sually more expensive, harder to configure
r Software -irewalls
Protect a single computer
`sually less expensive, easier to configure
"
&"
&"
"#
³Connection" is actually
comprised of individual packets
traveling between those two
"connected" machines.
Õ
$
&&&&&"
r Encryption
Transforms data into cipher text readable only by
sender and receiver
Secures stored information and information
transmission
Provides 4 of 6 key dimensions of e-commerce
security:
Õ. aessage integrity
2. Non-repudiation
3. Authentication
4. Confidentiality
O
R
2
ù
2
PKI IN-AST`CT`E
R
l elies on two basic components: an algorithm and a
key
l An is a method used to
a message
and a is an object used to ÷
a message.
l In a system where the letters are substituted for other
letters, the ³key´ is the chart of paired letters and
algorithm is the substitution.
l If two parties want to communicate, they must use the
same algorithm, in some cases use the same key.
Ñ
PKI IN-AST`CT`E
Ñ
PKI IN-AST`CT`E
J
l The ³state of art´ in authentication rests on PKI.
l It has become the cornerstone for secure e-
payments.
l It refers to the technical components,
infrastructure, and practices needed to enable
the use of public key encryption, digital
signatures and digital certificates with a
network application.
l Network applications include SCa, VPNs,
secure e-mail, and intranet applications. ÑÑ
PKI IN-AST`CT`E
Plaintext Plaintext
Encryption Decryption
aessage Ciphertext aessage
2
)ù
*
2
"+&&
#
r öust an example:
Public Key = 4, Private Key = Õ/4, message a =
5
Encryption:
r Ciphertext C = a * Public Key
r 5 * 4 = 20
Decryption:
r Plaintext a = C * Private Key
r 20 * ¼ = 5
$ )$
'
-
PKI IN-AST`CT`E
$ ù
'
O
'
, *
-.
"/
2
2
!
'
El Gamal 56 !
2&
SA Õ28 @!
$$ '(
Diffie-Hellman `p to 2048
How difficult to crack a key?
Attacker Computer esources Keys / Second
Individual attacker One high-performance desktop machine & Software 2^Õ ± 2^24
$ ù
'
r Hash function:
aathematical algorithm that produces fixed-length
number called message or hash digest
r Hash digest of message sent to recipient along with
message to verify integrity
r Hash digest and message encrypted with recipient¶s public
key
r Entire cipher text then encrypted with recipient¶s private
key²creating digital signature²for authenticity, non-
repudiation
O
$ ù
"0
O
0
'
O
|
0
'
O
0
"
,
- $
!/
"
0
1
&
# # @
# #
2
r eference
ù
*
r eference
*&0
|%
r A Digital ID typically contains the following information:
Your public key, Your name and email address
Expiration date of the public key, Name of the CA who issued your
Digital ID
|&
,|.
@ $
"
! !
"
$ ù
&
,$ù.
r Strong encryption
Encryption methods that cannot be cracked by brute-force
(in a reasonable period of time).
The world fastest computer needs thousands of years to
compute a key.
r Weak encryption
A code that can be broken in a practical time frame.
56-bit encryption was cracked in Õ999.
64-bit will be cracked in 20ÕÕ.
Õ28-bit will be cracked in 2Õ0 .
$
1$
,$1$.
2
$
|
5
-2
*3
r Tiger team: Group whose sole job activity is
attempting to break into a site
r Originated in Õ9 0s with `.S. Air -orce
r y Õ980s-Õ990s, had spread to corporate
arena
r aost use just ³white hats´ and refuse to hire
known grey or black hats
)**
1*&&
8
1*&&
9
o
Indian Government constituted National Task
-orce on IT & SD
Institutional setup
EC Council of India
India EDI-ACT Committee
Technical Assessment Group