Upload
cali-maris
View
217
Download
2
Embed Size (px)
Citation preview
5/4/00 EMTM 553 1
EMTM 553: E-commerce Systems
Lecture 7: Implementing Security
Insup Lee
Department of Computer and Information Science
University of [email protected]
www.cis.upenn.edu/~lee
5/4/00 EMTM 553 2
Protecting ElectronicCommerce Assets
• You cannot hope to produce secure commerce systems unless there is a written security policy– What assets are to be protected– What is needed to protect those assets– Analysis of the likelihood of threats– Rules to be enforced to protect those assets
5/4/00 EMTM 553 3
Protecting ElectronicCommerce Assets
• Both defense and commercial security guidelines state that you must protect assets from– Unauthorized disclosure– Modification– Destruction
• Typical security policy concerning confidential company information– Do not reveal company confidential information to
anyone outside the company
5/4/00 EMTM 553 4
Minimum Requirements for Secure Electronic Commerce
Figure 6-1
5/4/00 EMTM 553 5
Protecting Intellectual Property
• The dilemma for digital property is how to display and make available intellectual property on the Web while protecting those copyrighted works
5/4/00 EMTM 553 6
Companies Providing Intellectual Property Protection Software
• ARIS Technologies (part of verance.com)– Digital audio watermarking systems
o Embedded code in audio file uniquely identifying the intellectual property
• Digimarc Corporation– Watermarking for various file formats– Controls software and playback devices
5/4/00 EMTM 553 7
Companies Providing Intellectual Property Protection Software
• SoftLock Services– Allows authors and publishers to lock files containing
digital information for sale on the Web– Posts files to the Web that must be unlocked with a
purchased ‘key’ before viewing
• Digitalgoods.com– infrastructure and integrated services necessary to
securely market and distribute multimedia digital content to its maximum audience
5/4/00 EMTM 553 8
Protecting Client Computers
• Active content, delivered over the Internet in dynamic Web pages, can be one of the most serious threats to client computers
• Threats can hide in– Web pages– Downloaded graphics and plug-ins– E-mail attachments
• Misplaced trust– Web sites that aren’t really what they seem and trick
the user into revealing sensitive data
5/4/00 EMTM 553 9
Protecting Client Privacy
• Cookies– Small pieces of text stored on your computer and
contain sensitive information that is not encrypted– Anyone can read and interpret cookie data– Do not harm client machines directly, but potentially
could still cause damage– Two types: session cookie and persistent cookie
5/4/00 EMTM 553 10
Dealing with Cookies
• Can be set to expire within 10, 20, or 30 days• Retrievable only by the site that created them• Collect information so that the user doesn’t
have to continually enter usernames and passwords to access Web sites
• Earlier browsers simply stored cookies without comment
• Today’s browsers allow the user to– Store cookies without permission or warning– Receive a warning that a cookie is about to be stored– Unconditionally disallow cookies altogether
5/4/00 EMTM 553 11
Monitoring Active Content
• Netscape Navigator and Microsoft Internet Explorer browsers are equipped to allow the user to monitor active content before allowing it to download
• Digital certificates provide assurance to clients and servers that the participant is authenticated
5/4/00 EMTM 553 12
Digital Certificates
• Also known as a digital ID• An attachment to an e-mail message• Embedded in a Web page• Serves as proof that the holder is the person or
company identified by the certificate• Encoded so that others cannot read or
duplicate it• Ex: visit www.amazon.com and click on a
padlock
5/4/00 EMTM 553 13
VeriSign
• Oldest and best-known Certification Authority (CA)
• Offers several classes of certificates– Class 1 (lowest level)
o Bind e-mail address and associated public keys– Class 4 (highest level)
o Apply to servers and their organizationso Offers assurance of an individual’s identity and
relationship to a specified organization
• Visit www.verisign.com
5/4/00 EMTM 553 14
Structure of a VeriSign CertificateFigure 6-4
5/4/00 EMTM 553 15
Microsoft Internet Explorer
• Provides client-side protection right inside the browser
• Reacts to ActiveX and Java-based content• Authenticode verifies the identity of
downloaded content• The user decides to ‘trust’ code from individual
companies
5/4/00 EMTM 553 16
Security Warning and Certificate ValidationFigure 6-5
5/4/00 EMTM 553 17
Internet Explorer Zones and Security LevelsFigure 6-6
5/4/00 EMTM 553 18
Internet Explorer Security Zone Default SettingsFigure 6-7
5/4/00 EMTM 553 19
Netscape Navigator
• User can decide to allow Navigator to download active content
• User can view the signature attached to Java and JavaSript
• Security is set in the Preferences dialog box• Cookie options are also set in the Preferences
dialog box
5/4/00 EMTM 553 20
Setting Netscape Navigator PreferencesFigure 6-8
5/4/00 EMTM 553 21
A Typical Netscape Navigator Java Security Alert
Figure 6-9
5/4/00 EMTM 553 22
Viewing a Content Provider’s CertificateFigure 6-10
5/4/00 EMTM 553 23
Protecting Electronic Commerce Channels
• Protecting assets while they are in transit between client computers and remote servers
• Providing channel security includes– Channel secrecy– Guaranteeing message integrity– Ensuring channel availability– Authentication
• Cannot prevent eavesdropping through snooping in general
5/4/00 EMTM 553 24
Providing Transaction Privacy
• Encryption– The coding of information by using a mathematically
based program and secret key to produce unintelligible characters
– Steganographyo Makes text invisible to the naked eye
– Cryptographyo Converts text to strings that appear to have no
meaning
5/4/00 EMTM 553 25
Encryption
• 40-bit keys are considered minimal,128-bit keys provide much more secure encryption
• Encryption can be subdivided into three functions– Hash Coding
o Calculates a number from any length string– Asymmetric (Public-key) Encryption
o Encodes by using two mathematically related keys– Symmetric (Private-key) Encryption
o Encodes by using one key, both sender and receiver must know
5/4/00 EMTM 553 26
Hash Coding, Private-key, and Public-key EncryptionFigure 6-11
5/4/00 EMTM 553 27
Significant Encryption Algorithms and StandardsFigure 6-12
5/4/00 EMTM 553 28
Secure Sockets
Layer (SSL) Protocol
• Developed by Netscape Communications• Secures connections between two computers• Provides a security handshake in which the
client and server computers exchange the level of security to be used, certificates, among other things
• Secures many different types of communications between computers
5/4/00 EMTM 553 29
Secure Sockets
Layer (SSL) Protocol
• Provides either 40-bit or 128-bit encryption• Session keys are used to create the cipher text
from plain text during the session• The longer the key, the more resistant to
attack• Protocol is called https
– Ex: www.amazon.com
5/4/00 EMTM 553 30
SSL Handshake
The SSL handshake consists of nine steps that authenticate the two parties and create a shared session key. [Stein]
5/4/00 EMTM 553 31
SSL Web Server InformationFigure 6-14
5/4/00 EMTM 553 32
Secure HTTP (S-HTTP) Protocol
• Developed by CommerceNet Consortium• Extension to HTTP that provides numerous security
features– Client and server authentication– Spontaneous encryption– Request/response nonrepudiation
• Provides symmetric and public-key encryption, and message digests (summaries of messages as integers)
• Whereas SSL is designed to establish a secure connection between two computers, S-HTTP is designed to send individual messages securely.
5/4/00 EMTM 553 33
Ensuring Transaction IntegrityFigure 6-15
5/4/00 EMTM 553 34
Guaranteeing Transaction Delivery
• Neither encryption nor digital signatures protect packets from theft or slowdown
• Transmission Control Protocol (TCP) is responsible for end-to-end control of packets
• TCP requests that the client computer resend data when packets appear to be missing
5/4/00 EMTM 553 35
Protecting theCommerce Server
• Access control and authentication– Controlling who and what has access to the server– Requests that the client send a certificate as part of
authentication– Server checks the timestamp on the certificate to
ensure that it hasn’t expired– Can use a callback system in which the client
computer address and name are checked against a list
5/4/00 EMTM 553 36
Protecting theCommerce Server
• Usernames and passwords are the most common method of providing protection for the server
• Usernames are stored in clear text, while passwords are encrypted
• The password entered by the user is encrypted and compared to the one on file
5/4/00 EMTM 553 37
Logging On With A Username And PasswordFigure 6-16
5/4/00 EMTM 553 38
Operating System Controls
• Most operating systems employ username and password authentication
• A common defense is a firewall– All traffic from inside to outside and outside to inside
must pass through it– Only authorized traffic is allowed– The firewall itself must be immune to penetration
5/4/00 EMTM 553 39
ApplicationApplication
Firewalls
smtp: 25
ftp: 21
telnet: 23
http: 80
ftp: 21
PresentationPresentation
SessionSession
TransportTransport
NetworkNetwork
Data LinkData Link
PhysicalPhysical
OSI
Site 2
Site 1Internet
Traffic Cop
5/4/00 EMTM 553 40
Check Point Software’s Firewall-1 Web PageFigure 6-17