CSC 330 E-Commerce
Teacher
Ahmed Mumtaz Mustehsan
GM-IT CIIT Islamabad
Virtual Campus, CIIT
COMSATS Institute of Information Technology
T1-Lecture-9
T1-Lecture-9
E Commerce Security Environment
Chapter-04
Part-I
For Lecture Material/Slides Thanks to: Copyright © 2010 Pearson Education, Inc
Objectives
Understand
the scope of e-commerce crime and
security problems.
Describe the key dimensions of e-commerce security.
Understand the tension between security and other
values.
Identify the key security threats in the e-commerce
environment.
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
1-3
Online Robbery - Introduction
In
comparison to robbing a bank, internet banking can
be robbed remotely and more safely
Stealing a music / video CD from shop is harder than
downloading from illegal websites
If you take internet as a global market place; Many
fake websites exists online to trap users by putting
some attractive contents and extra ordinary deals and
offers, making the remote users to provide their credit
card information etc.
One can not break into physical home easily and
breach the privacy but if the password of social
networking account is hacked then the privacy is
compromised
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
1-4
Cyber Attack - Introduction
Denial of Service Attack (DOS):
When one computer sends or flood the high number of
data packets to a targeted computer resulting in chocking
the resources ( communication path, processor etc.)
Distributed Denial of Service Attack (DDOS)
when many computers attack on single websites, or
online system from many locations in a single time
resulting in overwhelming the system and creating
congestion and many other impairments and making the
system or website unavailable for legitimate users
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
1-5
Cyber Attack - Introduction
Botnet:
Artificially intelligent or robot computers can work
together. A group of such computers (even in millions)
capable of being managed remotely by single person
attack on some online system or website.
Example:
In 2007 1 million computers were used in an organized
attack on govt. of Estonia’s important servers
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
1-6
DDOS
3inc.com/pk_whatisddos.html
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
1-7
CYBER Warfare Reference for study
Russia – Estonia Cyber war
Twitter DDoS
Korean DDoS
Taught at US Military academies
/>bh-fed-03-dodge.pdf
iwar_wise.pdf
/>T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
1-8
Your PC may be part of Botnet
Botnets
are responsible for over 80% of the spam sent
to the computer users
Some computer users download those spam files
because of having less knowledge
Some computers become infected because of
unavailability of antivirus software
Some computers are compromised by means of using
pirated software
10 % of the world’s billion-plus computers on internet
are capable of being captured by stealth malware
programs which are installed by clicking malicious links
and downloading hidden files.
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
1-9
The E-commerce Security Environment
Overall size and losses of cybercrime unclear
Reporting
issues
2008 CSI survey:
49%
year
Of
respondent firms detected security breach in last
those that shared numbers, average loss $288,000
Underground economy marketplace
Stolen
information stored on underground economy
servers
Credit
cards, bank information, personal identity etc etc
are sold at these servers.
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
110
Rates of different stolen objects at
Underground e market
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
111
Types of Attacks Against Computer Systems
(Cybercrime)
Source:
Based on data
from Computer
Security
Institute, 2009.
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
112
What Is Good E-commerce Security?
To achieve highest degree of security
Use
of New technologies
Organizational
Industry
policies and procedures
standards and government laws
Other factors to be looked in:
Time
value of Information
Cost
of security vs. potential loss
Security
T1-Lecture-9
often breaks at weakest link
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
113
The E-commerce Security Environment
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
114
Ideal E Commerce Environment
Capable
of making secure commercial transaction
Achieving highest degree of security
Adopting new technologies
Giving awareness to users about online safety
Defining and understanding industrial standards
Implementing governments laws
Prosecuting the violators of laws
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
115
Dimensions of E-commerce Security
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
116
Typical Transection facilitated by Technologies
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
117
The Tension Between Security and Other
Values
Security
vs. ease of use
◦The more security measures added, the more difficult
a site is to use, and the slower it becomes
Security
vs. desire of individuals to act anonymously
◦Use of technology by criminals to plan crimes or
threaten nation-state
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
118
Security Threats in the E-commerce
Environment
Three key points of vulnerability:
1.
Client
2.
Server
3.
Communications pipeline
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
119
A Typical E-commerce Transaction
SOURCE: Boncella, 2000.
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
120
Vulnerable Points in an E-commerce
Environment
SOURCE: Boncella, 2000.
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
121
Most Common Security Threats
Malicious code
Viruses
◦virus is a computer program that has the ability to
replicate or make copies of itself, and spread to other
files
Worms
◦worm is designed to spread from computer to
computer
Trojan horses
◦Trojan horse appears to be nonthreatening, but then
does something other than expected
Bots, botnets
Software Robots called bots (As Explained)
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
122
Most Common Security Threats in the
E-commerce Environment
Unwanted
programs: Browser parasites
◦Adware
◦Spyware
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
123
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
124
Spyware
Software that sits on your computer
◦ Monitors everything that you do and sends out reports to
Marketing agencies
◦ Usually ties to a POP-UP server
Top Spyware
◦ I-Look Up
◦ CoolWebSearch
◦ N-CASE
◦ GATOR
◦ DoubleClick
If you have ever loaded ICQ on your PC you have Spyware
If you have ever loaded KAZAA on your PC you have Spyware
If you have ever loaded Quicken or TurboTax you have Spyware
T1-Lecture-9
Ahmed Mumtaz Mustehsan
Copyright © 2010 Pearson Education, Inc
125