Embed Size (px)
DESCRIPTION
Security policy
Citation preview
Electronic Commerce Security
Electronic Commerce Security
Full implementation of electronic commercesecurity requires• Security policy• Authentication• Assurance(Encryption)• Web site security• Secured payment methods
Security policy
Security Policies
• A security policy defines what is considered valuable and specifies what steps are to be taken to protect those assets.
• It makes clear what is being protected and why.
• It clearly states the responsibility for that protection.
• It provides a ground on which to interpret and resolve conflicts that arise.
• It should be general and changes slowly over time.
Security Policies
Security Policies
• Standards– Standards are intended to codify successful
practice of security in an organization.– They should change slowly over time.– They should be general.– They change more often than standards.– They may be violated, if necessary.
• Guidelines– Guidelines interpret standards for a particular
environment.– They are specific to particular machines or
situations.
Security Policies
Risk Assessment
• Before making security policies, we must determine the following:– What to protect– What to protect from– How to protect it
• Basic goals of security:– Availability: Service not denied to rightful user– Confidentiality: Information not accessible to
unauthorized users– Integrity: Data not tempered with
• Elements of risk analysis:– Identifying assets– Identifying threats
Risk Assessment
Risk Assessment
• Cost of loss– cost of repairing and replacements– cost of company reputation
• Cost of prevention– cost of buying/installing additional software– cost of additional employee training
Cost-Benefit Analysis
• Adding up the numbers– Know the cost of predicted loss, cost of
prevention and the probability of event occurrence.
– Multiply each cost by its probability and determine the priority of their importance.
Risk Assessment
Identifying Assets
Use the CISTM site as an example• Network
– In the Beckman Institute domain– Connected through Ethernet Fiber Optic
• Hardware– Dell PowerEdge 6300 server– IBM RS/6000 server
• Software– Operating system: Windows NT 5.0 Server on
the Dell computer/AIX 4.3 on the IBM computer
Identifying Assets
– Web server: Microsoft Internet Information Server/Lotus Domino server
• Data– Web content– Course material– Research material
Identifying Assets
• People– Administrators– Privileged users: researchers from the center– Ordinary users: students from classes
Identifying Assets
Identifying Threats
Typical threats include:• Unauthorized access• Disclosure of information• Denial of service
Unauthorized Access
• Intruders gain access as administrators• They will be able to change content, delete
files/users, etc• It is the highest security breach
Disclosure of Information
• Materials not published on the public WWW are disclosed. Achieved by breaking into the host machine
• Interception of network data sent from browser to server or vice versa. Achieved through network eavesdropping.
• Eavesdroppers can operate from any point on the pathway between browser and server including: – The network on the browser's side of the
connection. – The network on the server's side of the
connection (including intranets).
Disclosure of Information
– The end-user's Internet service provider (ISP). – The server's ISP. – Either ISPs' regional access provider.
Disclosure of Information
Denial of service
• Attackers cripple the system by jamming or sending virus
• Users that reply on the system to perform their jobs are denied service
Access Control• Access control refers to the regulation of
access to the system to prevent unauthorized or unwanted access.
• Software programs such as firewall provide an effective means to control access by setting up a filter through which incoming and outgoing packets must pass.
• A policy must be made stating what resource is available to whom.
• Each user is assigned appropriate level of read/write/execute access..
Access Control
• Physical aspects of network security must also be considered.– Computers should be physically secured.– Physical access to devices should be regulated
Access Control
Data Integrity
• Protection of the information from being altered without the permission of the owner of the information.
• The word information may include items such as financial account records, passwords, private documents, and credit card numbers.
Data Integrity
• Prevention: – read-only file systems
• Detection of changes: – comparison copies– checksum– message digest
Data Integrity• Data can be protected by using read-only
file systems.• Benefits
– Only need to do backup once.– No need to run periodic scan on these files as
their contents will not change.– No need to set disk quota since the file size
grows in a monitored way.
Prevention
• Drawbacks– User data is too volatile for read-only media.– The entire disk must be read-only which can
cause waste of space.– A machine will need two disks, one for user-
files and one for the read-only files.
Data Integrity
Data Integrity
• Comparison Copies: Keep a copy of the unaltered data and check periodically.
• Benefit of comparison copies: – It is the most certain method.– An altered version can be recovered simply by
a replacement of the stored copy.
Detection of Changes
• Drawback of comparison copies:– Requires twice as much storage as the original
file.– It might involve the violation of copyright or
license of certain files that allow only one copy.
Data Integrity
Data Integrity
• Checksum– Store the checksum of the files and check
periodically for possible alterations. – However, files can sometimes be altered with
the preservation of its checksum. – A stronger mechanism such as message digests
should be used to generate a checksum that is not easily spoofed.
Detection of Changes
• Message digest– a special number produced by a function that is
very difficult to reverse. – The function is designed so that a small change
in input may result in large change in output– It can be used to verify whether the content of
file has been changed.
Data Integrity
Privacy/Confidentiality
• Protect the data from being read or copied by unauthorized users.
• Items to be protected include credit card numbers, personal information, etc.
• Common types of data piracy:– packet sniffing– eavesdropping
• Data encryption is an effective way to protect data privacy.
Privacy/Confidentiality
Policy Issues
Who is allowed to use the resource• Researchers (professor, grad students in the
center)
Who may have system administrationprivileges• Grant only enough privilege to accomplish
the necessary task• On the other hand, people must be given
admin rights to get their jobs done
Policy Issues
Handling an Incident
• All security-related sites should have a policy for handling an incident made in advance. Otherwise the activities taken might lose focus.
• Steps to be taken when handling an incident:– Notification and exchange of information– Protecting evidence and activity logs– Containment - limit the extent of an attack– Eradication– Recovery– Follow-up
Handling an Incident
Other Resources• CERT(TM) Advisory
– Send mail to: [email protected]– Message Body: subscribe cert <FIRST NAME>
<LAST NAME>• VIRUS-L List
– Send mail to: listserv%[email protected]
– Message Body: subscribe virus-L FIRSTNAME LASTNAME
• Internet Firewalls– Send mail to: [email protected]– Message Body: subscribe firewalls user@host
Other Resources
Authentication
Authentication
• Definition: The process of identifying a user.
• Three classical ways of proving an identity:– user provides some information, such as
passwords– user shows something, such as card key– measure something about the user, such as
fingerprint
• Effective ways to enforce authentication:– One-time passwords: passwords are used only
once– Kerberos
Authentication
Kerberos
• Created in MIT• Provides real-time authentication in an
insecure distributed environment
How does Kerberos work?
• Authentication– Users or services get “tickets” used to identify
themselves• Ticket, a sequence of a few hundred bytes,
can be imbedded or forwarded• Encryption
– Secret, cryptographic keys for secure communication with network resources
Authentication Process
Step 1A client sends a request to the authentication server, requesting “credentials” for a given application server.The credentials can be directly for an application server or for a Ticket Granting Server
Step 2The authentication server responds with these credentials, encrypted in the client’s key.The credentials consist of the following:– A “ticket” for the server– A temporary encryption key (session key)
Authentication Process
Step 3If the ticket is for a Ticket Granting Server, client requests a ticket for the application server from the TGS
Authentication Process
Step 4The Ticket Granting Server replies with a ticket for the application server
Authentication Process
Step 5The client transmits the ticket (which contains client’s identity and a copy of session key)
Authentication Process
Step 6The session key, now shared by client and application server, is used to authenticate the client, and can be used to authenticate the server
Authentication Process
1 23
4
5
6
Kerberos Authentication Server
Kerberos Ticket Granting Server
Kerberos Client
Kerberos Application Server
Assurance (Encryption)
Encryption
• One Way Function• Private key• Public key• DES• RSA
One way Function
• Traditional login: – User logs in with password– Host compares it with stored password– Drawback: host can be broken into and
password can be stolen
• With one-way function– Host stores results from one-way functions of
the password– User logs in with password– Host performs one-way function on the entered
password– Host compares result of one-way function with
the value it stored
One way Function
• Advantage of one-way function: – host does not need to know the password– So the password can not be stolen
• Why one-way function works:– Definition: easy to compute f(x) from x but
difficult to compute x from f(x)– Example: Smashing a plate is easy; hard to put
the pieces together
One way Function
Private Key Encryption
• Also called symmetric key • The same key is used both for encryption
and decryption• Encryption will be broken if the key is
stolen
Real World Example of Private key Encryption
Data Encryption Standard (DES)• A 64-bit block of plaintext foes in one end of
the algorithm• A 64-bit clock of ciphertext comes out the
other end• It is symmetric since same algorithm and key
are used for both encryption and decryption
• Key length is usually 56 bits• DES is somewhat old fashioned and not so
secure any more
Real World Example of Private key Encryption
Public Key Encryption
• Also called asymmetric key• Two different keys: public one and private
one• Computationally hard to deduce the private
key from the public key• Anyone with the public key can encrypt a
message but not decrypt it
• Only the person with the private key can decrypt the message
Public Key Encryption
Real World Example of Public Key encryption
RSA• The easiest and safest public key algorithm
today• Relies on the “presumed” difficulty of
factoring large numbers• RSA’s security is never proved or
disproved by mathematicians
• How it works:– 1. Choose two random large prime numbers p
and q. n=p*q.– 2. Randomly choose encryption key e, such
that e and (p-1)(q-1) are relatively prime– 3. Calculate decryption key d=e-1mod((p-1)(q-
1))– 4. e and n are public key; d is private key
Real World Example of Public Key encryption
Digital Signature
• Digital signature must have the following properties:– Authentic– Unforgeable– Not reusable– The signed document must be unalterable– can not be repudiated
• How digital signatures work– The opposite of public key encryption– 1. Alice encrypts document with private key,
thereby signing the document– 2. Alice sends signed document– 3. Bob decrypts it with public key, thereby
verifying it
Digital Signature
• Combining digital signature with encryption– 1. Alice signs document with private key– 2. Alice encrypts signed message with Bob’s
public key and sends to Bob– 3. Bob decrypts with his private key– 4. Bob verifies with Alice’s public key
Digital Signature
Web Site Security
Type of Threats
From the part on “Security Policy”, we learned that typical threats include:• Unauthorized access• Disclosure of information• Denial of service
Security Problems
Specific problems for web site administration• Access points to the web server can be
compromised:– Local area network links– Dialup telephone line– Internet
• Misconfigured systems– Misconfigured systems form a large percentage
of security problems– Today’s operating system and software are too
complex for non-specialists to manage
Security Problems
Protecting the System
• Through Controls – Once we Reconfigured the system, we added
controls• Through Network Connections:
– Firewall– Gateway
• Through Encryption– Hardware and software– Communications
• Through Logging Activities– Recognize unauthorized activities through the
audit trail logging service provided by web servers
Protecting the System
Audit Trails
Help system administrators track security violations and break-in attempts
Firewall
• Definition: collection of components that is placed between two networks
• Properties:– All traffic in either direction must pass through
the firewall– Only traffic authorized by the local security
policy will be allowed to pass– The firewall itself is immune to penetration
• CGI security• Java security
More concerns
CGI Security
CGI (Common Gateway Interface) scripts:• Used to add interactivity and functionality
to a web site• Execute user command on user input data• Major source of security holes
How to Make CGI secure
• Never trust a script from outside source• To write CGI, compiled languages such as
C are safer than interpreted languages like Perl and shell scripts
• Place CGI scripts in a “wrapper”
Java Security• Applet is a Java program that is run from
inside a web browser• Applets loaded over the net are prevented
from – reading and writing files on the client file system– making network connections except to the
originating host– starting other programs on the client.
Secured Payment Methods
Payment methods
Payment methods and their security features• Online credit card• Internet payment system• Smart card application
Credit card transaction flow
Merchant
Consumer
Acquiring Bank
Issuing Bank
Interchange Network
1. Purchase
2. Authorization and Settlement
3. Clearing
4. Billing and Payment
Online Credit Card Security
Two ways to implement security for onlinecredit card transaction:• Secure communication: Secure HTTP and
Secure Socket Layer (SSL)
• Secure Electronic Transactions (SET): – Jointly developed by Visa and MasterCard to
provide secure credit card transactions over open networks like the Internet
Online Credit Card Security
Flow of a SET Transaction
Merchant
Buyer with SET Wallet
Obtain Cardholder Certificate
SET Payment Gateway
Issuing Bank
Interchange Network (Visa, MasterCard)
Acquiring Bank
Obtain Merchant Certificate
3.Authorization
5. Settlement1. Order Description
4. Receipt2. Payment Request
Internet Payment Systems
• First Virtual: http://www.fv.com• CyberCash: http://www.cybercash.com
Smart Cards
An object the size of a plastic credit card that contains a processor, and an interface to the outside world
Benefits:• Portable storage• Secure storage: Secure and tamperproof
storage for all information stored on it
• Trusted execution environment: Not vulnerable to viruses and intrusion risks that plague desktop computers
Smart Cards
