Ecommerce: Security and Control

Download Report

Transcript Ecommerce: Security and Control

Ecommerce:
Security and Control
James Vickers, Boston College
http://www.jamesvickers.com/
[email protected]
Overview

Why are modern day information systems so
vulnerable to destruction, error, abuse, and
system quality problems?

What types of controls are available for
ecommerce systems?

What special measures must be taken to ensure
the reliability, availability and security of electronic
commerce and digital business processes?

Why are auditing ecommerce systems and
safeguarding data quality so important?
The business predicament

Do we design systems that overcontrolled, and therefore not
functional, or unrestricted and undercontrolled?

How do we applying quality assurance
standards in large ecommerce
systems projects
The business predicament

The major concerns for businesses

Disaster
• The possible destruction of computer hardware,
programs, data files, and other equipment

Security
• Preventing unauthorized access, alteration, theft, or
physical damage to equipment

Errors
• Computer actions that may disrupt or destroy
organization’s record-keeping and operations

Bugs
• Program code defects or errors

Maintenance Nightmare
• Maintenance costs high due to organizational change,
software complexity, and faulty system analysis and
design
The general processing model
Unfortunately, all of these stages
can contain elements of failure,
unless a strategy is implemented,
and software quality assurance
standards are implemented
Figure 1
The cost of poor design
Figure 2
The business predicament

Control

What is needed?
• Methods, policies, and procedures

Why is it needed?
• Ecommerce systems may provide (limited) access to
a business central infrastructure
• Ensures protection of organization’s assets
• Ensures accuracy and reliability of records, and
operational adherence to management standards

When should this occur?
• From the ideas inception, to the completion of the
ecommerce system
Controlling our ecommerce
plan

At a business level:




Market research into user needs, and identified
areas for business expansion
A business and financial plan for forecasting
frequency of use, and suspected revenue
turnover
A strategy on how to implement this plan,
alongside our current business plan (if we are
expanding a “brick and mortar” business that
is).
A review of our internal technical skills – are
our staff competent enough to implement this,
or should we outsource.
Controlling our ecommerce
plan

General controls


Establish framework for controlling design,
security, and use of computer programs
Include software, hardware, computer
operations, data security, implementation, and
administrative controls. These may include:
• Personnel controls: Ensuring that only authorised
personal undertake elements of the project
• Customer controls: Ensuring that protection is
provided from the global customer layer of the
ecommerce system, to the business infrastructure
layer of business operations
Controlling our ecommerce
plan

Protecting our company





On-line transaction processing: Transactions
entered online are immediately processed by
computer, and recorded for audit
Fault-tolerant computer systems: Contain extra
hardware, software, and power supply
components in case of element failure
High-availability computing: Tools and
technologies enabling system to recover from a
crash, or power cut
Disaster recovery plan: Plan of action in case of
ecommerce system failure. Ask yourself the
question, if we trade online and the “shop front” is
gone, how do we trade?
Load balancing: Heavy traffic will need
distribution over a large servers
Controlling our ecommerce
plan

Protecting our company




Mirroring: Duplicating all processes and
transactions of ecommerce on backup server to
prevent any interruption
Clustering: Linking two computers together so
that a second computer can act as a backup to
the primary computer or speed up processing
Firewalls: For prevent unauthorised users from
accessing a private internal network, or
accessing private data. Don’t forget this covered
under the data protection act.
Intrusion Detection Systems or Personnel to
monitor vulnerable points in the network to detect
or deter unauthorized intruders
Controlling our ecommerce
plan






How many of you have assumed that security of
ecommerce systems is an Internet threat only?
I would bet the majority of you…..
Now we need to forget that we have planned for
ecommerce systems, and consider in depth our security
issues
We shall look at security in terms of the whole networked
community, not just ecommerce.
Why? Because security is more often than not overlooked
at a local level, never mind at a global level!
Security is a major concern, not just at a global interface
level, but at an internal business level too…
Security
This raises big questions…..
What is security?
What constitutes security?
What examples can we provide of
security?
Security needs

Who says we need security?:


Data Protection Acts 1984 & 98
Telecommunications (Lawful Business Practice)
(Interception of Communications) Regulations
2000
• Allows employers to monitor or record
communications without consent
• to establish the existence of facts relevant to the
business
• to ascertain compliance with regulations
• to ascertain standards which ought to be achieved
by staff
• to detect unauthorised use
Information Security

Reformed:
 Two major reforms
over last several
decades
• Computer Security
• Network Security


Widespread use of
data processing
Security previously
handled by:
• Physical means:
Filing cabinet and
lock
• Administrative
means: Personnel

Computers
 Introduction meant
that new regulations
had to be imposed
by organisations to
secure data
 Shared systems,
were worse
because of sending
/ retrieving data of
numerous systems
Information Security

Routing Services

Security Office

Server Protection
Why the reforms?

Computer Security:



Evolved with the
need to protect
data
Needed to prevent
hackers
Needed to abide
by data protection
act

Network Security:




Heightened by the
need for distributed
systems
Heightened by the
need for secure
networks and
communications
Need to protect data
during transmission
Ensure data is
authentic
Local Information Security

Various methods available:




DVD-RAM Drive
SAN’s
RAID Arrays
Most efficient (and common) method:
• DAT / DLT

Data security is big business!
• Storage “off-site”
• Storage in safes
• Fireproof!
• Bombproof!
Security Requirements

Classified in three ways:



Confidentiality:
• Authorised parties can read the data
• Disclosure of data to relevant source
Integrity:
• Authorised parties can modify the data
• Changes status of the data by relevant
source
Availability:
• Authorised parties can access the data
What next?
We have planned….
 We have designed….
 We have restricted access….
 We have investigated our needs….


We then sit back and wait while our
systems are attacked….
Network Attacks!

Passive:


“Eavesdropping”
“Release of message contents”:
• Extracting information from mail messages, telephone
conversations etc

“Traffic Analysis”:
• Analysis of message lengths, Tx & Rx, to guess the
types of information being Tx & Rx.
Network Attacks

Active Attacks:

“Masquerade”:
• One node pretends to be another node.
• Tx is fooled into thinking that Rx has received message.

“Replay”:
• Captures data and then retransmits to fool Tx into thinking
the message was unauthorised

“Modification of Message”:
• The Tx message is intercepted, and modified to the
intruders benefit – e.g. Funds Balances etc.
• Message is forwarded to intended Rx

“Denial of Service”
• Inhibits or hinders data communications traffic, but
targeting the management and communications facilities
Network Attacks

Passive:





Sniffers / Probes
Difficult to detect
Do not alter data
Can prevent these
attacks
Prevention, rather
than detection

Active:




Opposite to
passive
Difficult to prevent
(Could be done by
physical
protection)
Detect, and
recover
Detection can also
be a prevention,
as intruder is often
found
Network Attacks
Passive Threats
Release of
message content
Traffic analysis
Active Threats
Masquerade
Replay
Denial of
service
Modification of
message
contents
Global Electronic SecurityEncryption

Automation




Automation of Tx and Rx is done through encryption
This ensures authenticated and unique data
Provides a security layer to the network
Encryption:

We shall look at encryption in two ways:
• Symmetric Encryption
• Public-key Encryption (Asymmetric)

Well known examples
• THWATE
• Comodo
• Both versions of Verisign SSL.
Encryption

Symmetric (Single Key):



Pre-1970’s public key encryption standard
Stallings (2000) says that the idea has been
used by such adversaries as Julius Caesar
and the German U-Boot commanders
Requirements for symmetric encryption:
• Strong algorithm to protect the key
• Even if intruder access message, key should
be protected
• Tx & Rx must obtain the secret key in a
secret fashion
Encryption

Symmetric (Single Key):

Encryption is made up of 5 major areas:
• Plaintext: Original method before encryption
• Encryption algorithm: Transforms plain text
• Secret Key: Provides extra substitutions and
transformations to the Encryption Algorithm
• Ciphertext: The new message that is created
to be sent
• Decryption algorithm: The encryption &
secret key in reverse algorithm
Encryption

Symmetric:
Secret Key
Secret Key
Ciphertext
Plain
Text
Encryption
Algorithm
Adapted from Stallings (2000), Figure 18.2, page 653
Plain
Text
Decryption
Algorithm
Encryption

Symmetric – Breaking the code:

Cryptanalysis:
• Utilise analysis of the ciphertext to attempt to
produce a secret key.
• Sometimes pairs two ciphertexts to attempt to
deduce a common encoding
• If key is found, all future messages using that
key are compromised

Brute-force:
• Attempts to try every combination of secret
keys on the ciphertext to deduce the plain
text.
Encryption

Stallings (2000) quotes the times for breaking a secret key
as follows:
Key Size (bits)
Number of
alternative keys
Time required to
decode at 1
Encryption per uS
Time required to
decode at 1 million
Encryption per uS
32
4.3 x 109
35.8 Minutes
2.15 milliseconds
56
7.2 x 1016
1142 years
10.01 hours
128
3.4 x 1038
5.4 x 1024 years
5.4 x 1018 years
168
3.7 x 1050
5.9 x 1036 years
5.9 x 1030 years
Encryption

Public Key:




Biggest advancement in encryption in years
– because it use Mathematics to calculate
the key.
Public key cryptography uses two keys,
rather than one – hence, sometimes referred
to asymmetric.
Symmetric encryption is still in use, and will
continue to be
This is because of the computational
overhead associated with public key
encryption
Encryption

Asymmetric (Public Key):

Encryption is made up of 5(6) major areas:
• Plaintext: Original method before encryption
• Encryption algorithm: Transforms plain text
• Public and Private Key: Pair of keys that have been
selected for encryption. One is used as encryption, one
as decryption.
• Ciphertext: The two new messages that are created to
be sent, one by the public key, and one by the private
key
• Decryption algorithm: The encryption & secret key in
reverse algorithm
Encryption
In English:

1.
2.
3.
4.
Each user generates a pair of keys for
encryption and decryption.
Each user places the public key in an
accessible file. The companion private key
is kept private.
If A wishes to send a message to B, A
encrypts the message using B’s public key.
When B receives the message, B decrypts
the message using it’s own private key. No
one else can, because no-one else uses
B’s private key
Digital Signatures

Confirming the source:





Used extensively now due to the Internet
When a digital signature is sent to the
receiver, the message is encoded using the
senders private key
At the receiving end, the message should be
able to be decoded using the senders public
key.
If it can be decoded, it can be assumed that
the sender must have made the message
and it’s okay
If it can’t be decoded, it can be assumed that
the sender couldn’t have made the
message, and should be disposed of.
Protecting yourself

Ports
Open ports allow access to a variety
of problems
 Port Scanner
 Nanoprobe
 Finding an open port tells you what
services are available!
 Close down as many as necessary to
make the system secure.

Firewalls

Firewalls:
Firewalls are used to limit or allow
connections through a network
 Firewalls are gateways that provide
this
 They can limit or allow connections
based on:

• IP Address
• Port Number

If you like firewalls are watchdogs for
your computer’s open doors.
Firewall Sample:
Firewall Sample:
Security Challenges
Figure 3
Overview of Electronic
Security Methods





Encryption: Encoding and scrambling of messages to
prevent their access without specific authorization. Most
commonly used when transferring sensitive data
electronically across (e.g.) the Internet
Authentication: Providing secure mechanisms for accessing
specific elements of the ecommerce system. Most common
method is registration with the ecommerce system, and
using usernames and passwords.
Digital signature: Digital code attached to electronically
transmitted message to uniquely identify contents and
sender. Implemented when receiver needs to be assured of
author of message (adopted now in hardware and operating
system drivers)
Digital certificate: Attachment to electronic message to
verify the sender and to provide receiver with means to
encode reply
Secure Electronic Transaction (SET): Standard for securing
credit card transactions over Internet and other networks
References


Figures 1,2, 3 taken from Laudon.K., Laudon.P. 2002.
Essentials of Management Information Systems. New
Jersey: Prentice Hall.
Stallings. W. 2000. Data and Computer Communications.
New Jersey: Prentice Hall