Security Issues in E-Business Internet Security Four Cornerstones of Secure EC: 1. Authenticity 2.

2. Privacy Contents of the message should be secret & only known to the sender & receiver. Process to verify the identity of a user as they log on to a network e.g. gmail

3. Integrity Refers to the condition of data after it has been transmitted to another location as compared to its original condition.

4. Nonrepudiation Sender of the message can deny whether they have actually sent the msg or not?

Threats or Cyber Attacks 1) Denial-of-Service Attacks: DOS is an attempt to make a computer or network resource unavailable to its intended users Designed to disable the n/w by flooding it with useless traffic or activity Doesnt do any technical damage, can do substantial financial damage to an e-business Symptoms: Unusually slow network performance (opening files or accessing web sites) Unavailability of a particular web site Inability to access any web site Dramatic increase in the number of spam emails received

2) Viruses: A program fragment that is attached to a legitimate program with the intention of infecting other programs. It is hidden, self replicating computer s/w that propagates by infecting i.e. inserting a copy of itself into and becoming part of another program Virus cant run by itself, it requires its host program to be run to make the virus active E.g.: inability to boot, deletion of files, inability to create or save files 3) Trojan : This is a computer program appear to have a useful function , but also has hidden and potentially malicious functions that evade security mechanism. The idea of modifying a normal program to do nasty things in addition to its usual function and arranging for the victim to use the modified version is known as Trojan horse attack.they do not replicate themselves Trojan horses contain malicious code that when triggered cause loss, or even theft, of data. For a Trojan horse to spread, you must invite these programs onto your computers; for example, by opening an email attachment or downloading and running a file from the Internet. Trojan.Vundo is a Trojan horse. 4) Worm: A computer program that can run indepenently. It can propagate a complete version of itself on to other host on a network and may consume computer resources destructively. It differs from a virus in only that a virus piggyback on an existing program , whereas a worm is a complete program itself. 5) Spam: Spam has nuisance value in that it clogs most of the internet highway around the world causing losses by way of improper utilization of bandwidth , it is used to propagate viruses and worms Encryption Process of making information unintelligible to the unauthorized reader Both the sender & receiver have to know what set of rules (cipher) was used to transform the original information into its coded form (cipher text) Decryption Reverse of encryption Make the information intelligible to the authorized reader Both encryption & decryption requires: an algorithm an d a key to encode or decode the msg respectively. Cryptography

 Cryptography or cryptology: "hidden, secret"; is the practice and study of techniques for secure communication among the parties. Objectives: Privacy; Authenticity; Integrity; Non-repudiaiton Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The originator of an encrypted message shared the decoding technique needed to recover the original information only with intended recipients, thereby precluding unwanted persons to do the same Applications of cryptography include ATM cards, computer passwords, and electronic commerce. Parts of Cryptography 1. Plaintext: The original msg in human readable form. 2. Ciphertext :The plaintext msg after it has been encrypted into unreadable form. 3. Encryption Algorithm: mathematical formula used to encrypt the plain text into cipher text & vice versa. 4. Key: the secret key used to encrypt and decrypt a msg. Advantages Algorithms are difficult to devise If someone cracks your encrypted msg, switch to a new key rather than changing the algorithm Types of Cryptography 1) Private Key Cryptography: Symmetric or synchronous or Secret Key Cryptography.same key was used to both encrypt and decrypt a msg. Sender and receiver have to agree in advance on the key.Most widely used symmetrical algo is DES Difficulties: a. internet msgs are sent b/w ppl or ppl & machines that have never met

b. if a server private key is distributed to thousand of people it will not remain secret any more. 2)Public Key Cryptography Asymmetric or asynchronous Key Cryptography Utilize a pair of keys one pubic and one private. Msgs encoded with either key can be decoded by the other Advantages: confidentiality (sender uses receiver public key to encrypt & decoded by receivers private key) public key can be sent across the internet and we can get from the server or service provider

Speed is the major concern due to longer keys while SKC uses shorter keys and its faster Digital Envelope: combination of SKC and ASKC Digital Signatures A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions Based on public key encryption .Digital signatures can also provide non-repudiation Working of Digital Signature Sender creates a signature phrase and encrypt it with his/her own private key . This phrase is then attached to the msg and the combined msg is encrypted with recipients public key . Upon receipt, the message is first decrypted with recipients private key. The signature phrase is then decrypted with the sender public key.

 If the phrase is successfully decrypted then the recipient knows that the message could have only been sent by the holder of the senders private key. RSA algorithm can be used to create private and public key. Benefits of Digital Signature Authentication : When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. Integrity : If a message is digitally signed, any change in the message will invalidate the signature Digital Certificates Digital Certificates are the electronic counterparts to driver licenses, passports and membership cards. You can present a Digital Certificate electronically to prove your identity or your right to access information or services online. A Digital Certificate is issued by a Certification Authority (CA) and signed with the CA's private key. VeriSign is a CA & issue three types of certificates. Class 1 verifies that e-mail has actually comes from the users address. Class 2 checks the users identity against a commercial credit database & class 3 require notarized(legally justified). Standard certificate format is X.509 certificate format Use of Digital Certificates Digital Certificates can be used for a variety of electronic transactions including e-mail, electronic commerce, groupware and electronic funds transfers. Netscape's popular Enterprise Server requires a Digital Certificate for each secure server. For example, a customer shopping at an electronic mall run by Netscape's server software requests the Digital Certificate of the server to authenticate the identity of the mall operator and the content provided by the merchant. Without authenticating the server, the shopper should not trust the operator or merchant with sensitive information like a credit card number. The Digital Certificate is instrumental in establishing a secure channel for communicating any sensitive information back to the mall operator.

Firewalls A firewall is a system or group of systems that enforces a security policy b/w an organizations network and the internet. Determines which inside services may be accessed from the outside, which outsiders are permitted access to the permitted inside services, and which outside services may be accessed by insiders. Not just a router, a combination of devices that provides security for a n/w. Is a part of overall security policy (published security guidelines to inform users of their responsibilities)that creates a perimeter defence designed to protect the information resources of the organization. Operates on a set of user defined rules. These rules govern the flow of data into and out of firewall. Rules decide which packet of data , depending on the originating IP address , should be allowed to pass in to the organization s network. A firewall system can be a router , a personal computer , a host or a collection of host set up specifically to shield a site or a subnet from protocols and services that can be abused from hosts outside the networks Benefits of Firewalls Protection of Vulnerable Services Controlled Access to Site Systems Concentrated Security Enhanced Privacy Need for Usage Statistics on network Firewall Components 1)Network policy: 1. Service access policy: It defines those services which will be allowed or explicitly denied from the restricted network. How these services will be used and condition for exceptions to this policy 2. Firewall design policy: It defines the rules used to implement the service access policy. Firewall generally implement one of the following two design policy

a) Permit any service unless it is expressly denied. b) Deny any service unless it is expressly permitted 2)Advanced authentication mechanisms Advanced Authentication measures such as smart cards, authentication tokens , biometric & s/w based mechanism are designed to counter the weakness of traditional passwords. The passwords generated by advanced Authentication devices can not be reused by an attacker who has monitored a connection. These are also called one time password i.e. these generate a response conjunction with s/w or h/w on the host and so the generated password is unique for every login. 3) Packet filtering IP Packet Filtering is done by using a router designed for filtering packets as they pass b/w the routers interfaces A Packet Filtering router can filter Packets based on some or all of the following fields: 1. Source IP address 2. Destination IP address 3. TCP/UDP source port 4. TCP/UDP destination port 4)Application Gateways To counter some of the problem associated with filtering routers , firewalls need to use s/w applications to fwd and filter connections for services such as telnet and FTP Such an application is referred to as proxy services while the host running the proxy services is known as Application Gateway Types of Firewalls Dual-homed gateways: A special server called the bastion gateway connects a private internal n/w to the outside internet.

The gateway server has two n/w cards so that data packets reaching one card are not relayed to the other card. Instead special s/w program called proxies run on gateway server and pass repackaged packets from one n/w to another There is a proxy for each Internet service e.g. HTTP proxy , FTP proxy Firewall & proxy control both inside and outside traffic

Screen-host gateways: With a Screen host Gateway a n/w router is used to ensure that all inbound traffic must pass through bastion gateway. HTTP: Hypertext Transfer Protocol HTTP, the Hypertext Transfer Protocol, is the application-level protocol that is used to transfer data on the Web. HTTP comprises the rules by which Web browsers and servers exchange information HTTP operates at the highest layer of the TCP/IP Internet reference model, the Application layer How Does HTTP Work? HTTP Is a request-response protocol. For example, a Web browser initiates a request to a server, typically by opening a TCP/IP connection. The request itself comprises a request line, a set of request headers, and an entity.

The server sends a response that comprises a status line, a set of response headers(e.g. e-mail headers: to, from, subject), and an entity.

The entity in the request or response can be thought of simply as the payload(body of data), which may be binary data.. When the response has been completed, either the browser or the server may terminate the TCP/IP connection, or the browser can send another request. SSL: Secure Socket Layer

 SSL protocol was developed by Netscape Communications to provide security during a communication session. SSL operate above the TCP layer and provide protection to applications such as FTP , TELNET & HTTP. SSL include services such as client and server authentication , data integrity and confidentiality Secure HTTP was developed for commerceNet , a consortium promoting the establishment of electronic commerce on the net. SHTTP provide security to individual transcations. PKI The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA) . For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgettable in public key certificates issued by the CA. Features OF PKI It allows parties to have free access to the signers public key available in the directories of CA. Public keys are freely distributed while private keys are securely held by the owners. It entails an assurance that the public key corresponds to the signers private key implying trust between parties as if they know each other. Parties with no prior agreement , operating on network can have the highest level of trust in one another.

IDS: Intrusion Detection Systems IDS complement the firewall. External users can connect to the internal intranet via an unauthorised modem that does not pass through the firewall. If the threat comes from with in the organization the firewall doest not recognize those threats bcz it monitors only traffic b/w the internal and external network. There are two types of IDS 1. Host Based IDS:- Work based on a reactionary approach in which the IDS monitor system log files. When a log activity matches a pre-determined attack signature , an alert is generated. 2. Network based IDS:- works by monitoring real time traffic similar to the way a n/w sniffer function. Malicious activity is identified by matching n/w traffic to predefined attack signature.