Professional Documents
Culture Documents
Seema Sahai
ECOMMERCE
Examples Amazon.com - The Internets largest virtual bookstore Security First National Bank - The first original virtual bank eTrade - An online stock broker at reduced prices Wall Street Journal Interactive - An online version of the WSJ Commonalties in examples drive definition
Use of a common electronic medium Perform commercial exchanges of value Transaction between two entities
ECOMMERCE
Examples
Digital Content Peer-to-Peer (starting with Napster); Apples iTunes Music Store Mobile eCommerce - Vending (and other) machine purchases Using cell phone of other specialized token or smart card Master Card - August 28, 2003 - MasterCard International today unveiled MasterCard SideCard, the stylish new payment card which features a modified design small enough to fit on a key ring. MicroPayments Allows Web Surfers a method to make small Purchases (under $1)
Internet was never designed with security in mind. Many companies fail to take adequate measures to protect their internal systems from attacks. Security precautions are expensive {firewalls, secure web servers, encryption mechanisms}. Security is difficult to achieve.
RISKS
Chaos Club
Forbes
ATMs
PayPal
Future Risks
Dramatic growth in B-B, B-C, and B-G Internet terminals in stores, airports, bars
In ShortAnything that contains personal information Such as a magnetic strip on a card Driver's License Credit Card ATM Card Medical Provider Cards
Hackers
MY NETWORK
Internet
Internet
Internal Network
Security methodology Proper security must provide the appropriate assurance that in any transaction:
1. Both parties are identified and authenticated 2. Both parties can only perform the actions they are supposed to 3. The transaction information is correct/unaltered 4. The transaction is kept confidential 5. There is proof the transaction occurred (norepudiation)
Security methodology
These assurances provide:
Identification
Authentication Authorization A Secure Solution Confidentiality Integrity
Non-Repudiation
Firewall Solutions
Functions of a Firewall Between a trusted and untrusted network Controls traffic based on service, source, destination, user ID
Strong Authentication
What you know, what you have, who you are (where you are?) Several main types Time based tokens Challenge response Public key (client side certificates) Smart card based
Security Architecture
Business Application
Application Web Server Server Entity One (Business a.k.a. Bank of David) Firewall
Internet
End User
End User PC Entity Two (User a.k.a. Fred)
Security Architecture
Authentication Client Yes/No Response
Authentication Server
Application Web Server Server Entity One (Business a.k.a. Bank of David)
Firewall
Internet
Security Architecture
Authentication Client
Decrypt with Decrypt with business users public digital private key signature key
Private Key
Authentication Server
Application Web Server Server Public Key Storage Entity One (Business a.k.a. Bank of David)
Firewall
Internet
Security Architecture
Authentication Client
Private Key
Authentication Server
Application Web Server Server Public Key Storage Entity One (Business a.k.a. Bank of David)
Firewall
Certificate Directory Certificate Authority Private Key End User PC Entity Two (User a.k.a. Fred)
X= S[F(y)*p] Computes message hash 0110101110
Internet
Security Architecture
Authentication Client
Private Key
Authentication Server
Application Web Server Server Public Key Storage Entity One (Business a.k.a. Bank of David)
Firewall
User Certificate
Certificate Directory Certificate Authority Private Key End User PC Entity Two (User a.k.a. Fred)
End User Signature
User Certificate
Security Architecture
0110101110 Authentication Client
Re-computes message hash Decrypts message hash with users public key
X= S[F(y)*p]
Private Key
0110101110
Authentication Server
Application Web Server Server Public Key Storage Entity One (Business a.k.a. Bank of David)
Firewall
Certificate Directory Certificate Authority Private Key End User PC Entity Two (User a.k.a. Fred)
Internet
Secure Protocols
S-HTTP security enhanced version of the HTTP protocol wraps entire message in a secure envelope SSL secures the channel with session keys provides data encryption, server and client authentication in version 3 SET provides authentication and encryption for credit card transactions
Internet
Traditional Security
Host security Secure applications / programming Network security / partitioning Physical security Policies, procedures, guidelines, standards
Good security solutions are available; the key is applying them Public perception will change over time Need to focus on business risks
TACKLING CYBER CRIMES INTELLECTUAL PROPERTY RIGHTS AND COPYRIGHTS PROTECTION ACT
IT ACT PROVISIONS
email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law. Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. Digital signatures have been given legal validity and sanction in the Act.
IT ACT PROVISIONS
The Act now allows Government to issue notification on the web thus heralding egovernance statutory remedy in case if anyone breaks into companies computer systems or network and causes damages or copies data
CYBER CRIMES
CYBER CRIMES AGAINST PERSONS eg melissaand lovebug virus CYBER CRIMES AGAINST PROPERTY eg computer vandalism CYBER CRIMES AGAINST GOVERNMENT eg Al-Qaeda
TAMPERING WITH COMPUTER DOCUMENTS HACKING WITH COMPUTER SYSTEM PUBLISHING OBSCENE MATERIAL ON INTERNET BREACHING OF CONFIDENTIALITY AND PRIVACY
INDIAN EVIDENCE ACT,1872 BANKERS BOOK EVIDENCE ACT,1891 GENERAL CLAUSES ACT,1897
CONCLUSION
CYBER LAWS_ ESSENTIAL FEATURE IN TODAYS WORLD OF INTERNET
THANK YOU