Presentation of: Internet Privacy
Issues, Modified SSL to the rescue
By
Olalekan Habeeb Kadri
Outline
– Introduction and Internet importance
– Problems with Internet
– Some Examples
– Modified SSL to the Rescue
– Challenges
– Conclusion
– References
– Questions
1. Intro & Internet Importance




Convenient
Fast
Cross-boarder trade easy
Increased sales
But …
2. Problems
Cyber-crimes and Privacy violation is a
menace
3. Examples
– Identity theft and Spam messages
– Viruses and Trojan attacks (Nordea Bank
Sweden)
– Caching Servers
– Windows Challenge
Identity Theft
Identity theft is Britain's fastest-growing
white collar crime, increasing at nearly
500% a year. Criminals search public
databases for information about dates of
birth, social security number and address
and then apply for credit cards, bank
accounts or mobile phones under false
identities, run up debts and move on to
another identity [7].
Viruses and Trojan
The effect of a key-logging Trojan attack on
Nordea Bank in Sweden reporting a loss of $1.1
million to Russian organised criminals over a
three-month period. This was reported to have
been done in relatively small amount within the
three month period, with debits spread across
the accounts of around 250 business and
consumer customers. The implementation was
via a custom Trojan that was sent to
unsuspecting customers as anti-spam
application [11].
Caching Server
The latest terror that is unleashed on the internet
against privacy is the vulnerability of internet
users to privacy loss due to attacks that may
hidden on caching servers of trusted companies
like Google [8].
Windows Challenge
– It is expected that more than 1 billion
computers will run Windows soon [5].
– There are however security lapses associated
with Windows operating system thereby
creating a good avenue for hackers to delve into
internet user’s privacy [3].
4. The Proposed modified SSL
– Individuals and companies with their
private and public keys
– Private and public keys are unique
– All transactions history based on Public
keys.
– Personal information centrally stored by
Govt./CA
– SSL used for secured communication
4. The Proposed modified SSL
Products for
delivery and
feedback
CA/Govt.
Registration and
Delivery
Transaction initiation
and reply
Supermarket
Individual
Monetary claims
and returns
Transaction
confirmation and
authorisation
Financial Institution
5. Challenges
– Synchronisation of new model
– Thin clients
– Other proactive measures
6. Conclusion
 The model is expected to at least
solve/reduce vulnerability as a result of
storage of personal information in Public
and Private companies’ Databases.
7. References











[1] Bech S. (2007) Punch your weight available at
http://www.bcs.org/server.php?show=ConWebDoc.10577 (accessed on 25/09/2007)
[2] Chesher M, Kaura R & Linton P (2003) Electronic Business & Commerce, London: Springer-Verlag
[3] Cheswick W. R. (2005) ‘My Dad’s Computer’ in IEEE Spectrum August 2005
[4] Earp J. B., Anton A. I., Aiman-Smith L. and Stufflebeam W. H. (2005) ‘Examining Internet Privacy
Policies Within the Context of User Privacy Values’ in IEEE Transactions on Engineering
Management Vol. 52 No. 2 pp 227-237
[5] Forbes.com (2006) The Forbes 400 available at http://finance.yahoo.com/personalfinance/article/103513/The-Forbes-400 (accessed on 27/09/2007)
[6] Foreign and commonwealth Office (2007) Drugs & Crime available at
http://www.fco.gov.uk/servlet/Front?pagename=OpenMarket/Xcelerate/ShowPage&c=Page&cid=1044
901627149 (accessed on 26/09/2007)
[7] Penycate J. (2001) Identity Theft: Stealing your name available at
http://news.bbc.co.uk/1/hi/business/1395109.stm (accessed on 24/09/2007)
[8] Rabinovitch E. (2007) ‘Protect your Users against the latest Web-based threat: Malicious Code on
Catching Servers’ in IEEE Communication Magazine March 2007
[9] Shabadash V. (2004) What is Hacking? available at http://www.crimeresearch.org/news/05.05.2004/241/ (accessed on 22/09/2007)
[10] Scroggs C. (2007) Gone Phisin’? available at
http://www.bcs.org/server.php?show=ConWebDoc.10316 (accessed on 26/09/2007)
[11] Woollacott P. (2007) Cybercrime comes of age available at
http://www.bcs.org/server.php?show=ConWebDoc.10571 (accessed on 26/09/2007)
Questions?