Embed Size (px)
DESCRIPTION
SSL and E-commerce Security. g z2155 Guangwei Zhang. E-commerce. US e-Commerce and Online Retail sales projected to have reached $204 billion, an increase of 17 percent over 2007. Part of our life now. E-commerce Security Issue. Security issue is the top concern in the e-commerce - PowerPoint PPT Presentation
Citation preview
SSL AND E-COMMERCE SECURITYgz2155Guangwei Zhang
E-COMMERCEPart of our life now
US e-Commerce and Online Retail sales projected to have reached $204 billion, an increase of 17 percent over 2007
E-COMMERCE SECURITY ISSUE Security issue is the top concern in the e-
commerce Most people tend to fear that the website
compromise their personal information. People may not use e-commerce websites
just because of the worry about security and privacy
THREE KINDS OF SECURITY THREATS Server part Client part Network part
SECURITY ISSUES OF SERVERS Server install important software and store
valuable information. Firewall is used
SECURITY ISSUES OF CLIENTS The systems of clients have inherent insecurity. Virus problem Trojan problem
fatal to e-commerce
SECURITY ISSUES OF NETWORK The information transmitted can be viewed
by others The information can be modified during
transmission The two sides of the transaction don’t meet
with each other SSL can solve these problems
SSL INTRODUCTION Secure Sockets Layer It has another name now, TSL Transport Layer Security Cryptographic protocols that provide
securities for communications over the network
Cite from "Inside SSL: the secure sockets layer protocol“ by Chou, W
FEATURES OF SSL Application protocol independent Does not specify the detailed mechanism
RESPONSIBILITIES OF SSL Authenticate Server Authenticate Client(Optional) Encrypt the message sent between the client
and the server. Detect tampering data
TWO SUB PROTOCOLS SSL record protocol
Defines the format used to transmit data SSL handshake protocol
Establish an SSL connection. Negotiate the encryption mechanism
RECORD PROTOCOL AND HANDSHAKE PROTOCOL
SSL RECORD PROTOCOL When transmitting message, it fragments ,
compresses and encrypts the data, and transmit it.
When receiving message, it decrypts, verifies, decompress, and reassembles the data, then delivered to the higher level
SSL HANDSHAKE PROTOCOL Change cipher spec protocol
notify the recipient there is transition in ciphering strategies
Alert protocol warning and fatal
Handshake protocol How messages are exchanged to establish a SSL
connection
SSL AND ENCRYPTION
Chou, W. "Inside SSL: the secure sockets layer protocol"
COMPARISON OF TWO ALGORITHMS
asymmetric encryption
public key needn’t to be encrypted
based on mathematical problems that are easier to generate rather than to solve
symmetric encryption
private key needs to be kept secret
Public Key Private Key
HISTORY OF SSL TLS 1.1 was released in April. 2006TLS 1.2 was released in August 2008
KEEP SECRET
VERIFY INFORMATION
CHECK IDENTITY
OTHER APPROACHES TO NETWORK SECURITIESApplication-Specific Security
Security within Core Protocols
Parallel Security Protocol
SSL LIMITATION Doesn’t protect the IP or TCP headers Manipulating users, SSL cannot guarantee that
the person using the certificate is the person to whom the certificate was issued.
Cannot support UDP protocol Depend on whether encryption algorithms
themselves have weaknesses Cannot provide an important service called
nonrepudiation. (Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. This is part of the digital signature. )
Thank you for your time
