Electronic Commerce
advertisement
Electronic Commerce
COMP3210
Dr. Paul Walcott
08/11/04
The Department of Computer Science Mathematics and Physics, University of the West Indies, Cave Hill Campus, Barbados
Contents
Online Security Issues
Client computer security
Communication Channel Security
Server Computer Security
Man-in-The-Middle Exploit
Imagine sending an important containing
valuable information to a colleague
A person intercepts this email and changes
its contents
The intended recipient receives the email
and acts on the wrong information.
This is called the man-in-the-middle
exploit
Definitions
We first list a number of important definitions
[Sch2004]:
Computer security is the protection of assets from
unauthorized access, use, alteration or destruction
Physical security includes tangible protection
devices, such as alarms, guards, fireproof doors, and
safes
Protection of assets using nonphysical means is
called logical security
Definitions (I)
A security threat is any act or object that poses a
danger to computer assets
Countermeasure is the general name for a
procedure, either physical or logical, that recognises,
reduces, or eliminates a threat
An eavesdropper is a person or device that can listen
in on and copy Internet transmissions
Crackers/hackers are people who write software to
gain unauthorised access to computers and networks
Physical Security
In the old days (50 years ago), computer
security was more about physical security
Security guards
Security badges
Alarm systems
Surveillance systems
All terminals tended to be dumb and
computers were not networked
Managing Risk
It does not make sense to protect against
threats that are deemed low risk –
especially if the cost to protect the asset
exceeds the cost of the asset
Example: it would be sensible to protect a
network from a hurricane in Barbados, but
not protect it from low (below 0 degrees)
temperatures
Risk Management Model
High probability
Contain and
control
I
Low
impact
(cost)
III
Ignore
Prevent
II
IV
Insurance or
backup plan
Low probability
High
impact
(cost)
Risk Management Model (I)
This model shows four actions an
organisation can take depending on the cost
and probability of the physical threat
In this model
The threat posed by a hurricane in Barbados
would be in quadrant II
The threat posed by temperatures dropping
below freezing would be in quadrant IV
Good Security Schemes
To implement a good security scheme you
must
Identify risks
Determine how to protect those assets at risk
Calculate the amount to spend to protect
against the identified risks
Computer Security Classifications
There three main security classifications:
Secrecy
Integrity
Protecting against unauthorised access
Protecting against unauthorised modification
Necessity (denial of service/or avaliability)
Preventing data delays or denials (removals); e.g. if
important information had to be received at a given time but
a hacker delayed it by flooding an e-mail sever with email
Security Policy
Every company concerned about protecting
its assets should have a security policy
This is a document which describes
Which assets require protection and why
The person who is responsible for protecting
it
And which behaviours are permissible and
which are not
Security Policy (I)
The security policy typically addresses:
Physical security
Network security
Access authorisation
Virus protection
And disaster recovery
This document should be updated regularly
Requirements for Secure Ecommerce
Secrecy
Integrity
Prevent unauthorised individuals from reading
messages and business plans, obtaining credit card
numbers or accessing confidential information
Provide a way of digitally determining whether
information has been altered
Availability
Provide delivery assurance for each message so that a
loss will not go undetected
Requirements for Secure Ecommerce
Key Management
Nonrepudiation
All key information must be distributed and managed
securely
Provide undeniable, end-to-end proof of each
message’s origin and recipient
Authentication
Securely identify clients and servers with digital
signature and certificates
Client Computer Security
This section outlines
security threats that may occur on client
computers
how they work
and how to protect against them
Active Content
Active content refers to programs that are
embedded transparently in Web pages that
cause actions to occur [Sch2004]
E.g. displaying moving graphics and
downloading and playing audio
In e-commerce it is used to place items in a
shopping cart and compute total invoice
amounts
Active Content (I)
Active content also
extends HTML functionality
Since they are programs that run on client
computers they pose a security risk
Active Content (II)
The best known examples are:
Cookies
Java applets
JavaScript
VBScript
ActiveX controls
Other examples include graphics, Web
browser plug-ins and email attachments
Active Content (III)
Since active content is embedded in Web
pages (e.g. scripting languages) they can be
transparent to browsers of the Web page
Crackers for example can include a Trojan
horse
A Trojan horse is a program hidden inside
another program or Web page that masks its
true purpose
Active Content (IV)
A Trojan horse could
Send private information on the client’s
computer back to a server (a secrecy
violation)
Could alter or erase information on the
client’s computer (an integrity violation)
Alternatively, a zombie attack is a program
that takes over another computer to launch
an attack on other computers
Cookies and Web Pages
Allowing active content to be added to Web
Pages used for e-commerce can be
dangerous since
Cookies (files) frequently store credit card
numbers, usernames and passwords
Information stored in cookies can be read by
the Server computer that stored then there
See http://www.cookiecentral.com/
Cookies
Cookies were designed to solve the
problem of the stateless nature of the HTTP
protocol
To save information between one session and
another
Cookies
There are two types of time duration
cookies
Session cookies
Persistent cookies
These exist until the Web client ends the session
(or connection)
These remain on the client’s computer indefinitely
E-commerce uses both types of these
cookies
Cookies (I)
Cookies can also be categorised by source:
First-party cookies are cookies put on the
client computer by the Web server
Third-party cookies are cookies put on the
client computer by some other Web site
The third-party Web site usually provides
some content on the Web site being viewed
Cookies (II)
These third party Web site can then track
visitors from one site to the next (because
they have ads and cookies set up on many
of these sites)
Cookies (III)
To protect yourself against cookies (or
cookie monsters) is to
Disable cookies altogether, however this will
stop some sites from functioning correctly
Users would have to re-enter information every
time they visit the Web site
Disable third-party cookies
Or use a third-party cookie blocker program
that stores cookies selectively
Java Applets
Applets are downloaded with Web pages and run
on client computers
Once downloaded Java code can run on the
clients computer which introduces a security hole
To counteract this Java has a security model
called the Java sandbox which prevents applets
from performing certain functions
Also applets are classified as “untrusted” if they
have not been established as being secure
Java Applets (I)
When running in the sandbox Java applets
can not perform file input, output or delete
operations
This scheme provides secrecy and integrity
JavaScript
JavaScript is a scripting language developed by
Netscape
When a Web page is downloaded and contains
embedded JavaScript code, it runs on the user’s
(client) computer
This code can be used to attack the client’s
computer
destroy a user’s hard disk
Disclose email stored in mailboxes
Capture information stored in Web forms (e.g. credit
card information)
JavaScript (I)
Try the following JavaScript code:
<html>
<body>
<script type="text/javascript">
askmeagain();
function askmeagain()
{
alert("Ouch!");
askmeagain();
}
</script>
</body>
</html>
ActiveX Controls
An ActiveX control is an object that contains
programs
Only runs on Windows operating system
When downloaded the control is run on the
client’s computer like any other program
They have full access to system resources
Can reformat hard disk
Rename or delete files
Shut down the computer
ActiveX Controls (I)
Execution of ActiveX controls can not be
halted once started
Web browsers can be configured to warn
users when ActiveX controls are about to
be downloaded
Graphics and Plug-ins
Graphics, browser plug-ins and email
attachments can include executable content
Some graphic file formats contain special
instructions on how to render the graphic
The embedded code can be used to attack
your computer
Plug-ins enhance your browser’s
capabilities but can also pose a threat
Viruses, Worms and Antivirus
Software
A virus is software that attaches itself to another
program
A macro virus is a type of virus that is coded as a
macro
A worm is a type of virus that replicates itself on
the computer it affects
Email attachments may include word processing
files, spreadsheets, databases, images which may
contain viruses
Viruses within Word and Excel macros (Visual Basic
for Applications) can damage your computer
Viruses, Worms and Antivirus
Software
Viruses tend to prey on operating system
(or Web server) vulnerabilities
To counteract viruses
Ensure you have installed the latest security
patches
Ensure that you are running the latest
Antivirus software with the latest virus
updates
Digital Certificates
A digital certificate is an attachment to a
message which verifies the sender of the
message
It also provides a means of sending encrypted
messages
Digital Certificates (I)
A digital certificate contains an encrypted
message that
identifies the author
Indicates whether the certificate is valid or
not
This provides a way to sign a message
In many countries including Barbados this is
accepted as a signature
Digital Certificates (II)
Digital certificates are issued by a
certification authority (CA)
To individuals or organisations
Appropriate proof of identity must be
provided
Digital Certificates (III)
A digital certificate contains six main elements
[Sch2004]:
The certificate’s owner’s identifying information,
such as name, organisation and address
The certificate owner’s public key
Dates between which the certificate is valid
Serial number of the certificate
Name of the certificate issuer
Digital signature of the certificate issuer
Digital Certificates (IV)
One of the oldest and best know CA is
VeriSign
Communication Channel
Security
These threats come from various sources
including:
Sniffer Programs
Backdoors
CyberVandalism
Masquerading or Spoofing
Denial-of-Service
Sniffer Programs
These programs provide a means of
recording packets passing through a
computer or router
It is similar to telephone line tapping
Sniffer programs can
Read email messages
Read user logins and passwords
Read credit card numbers
Backdoors
Some e-commerce programs contain backdoors
These backdoors are left intentionally or
unintentionally by software developers
Backdoors provide a way for an unauthorised
user to gain access to protected information
including:
Credit card information
Proprietary company information (which could be
sold for millions to competitors)
CyberVandalism
This is the electronic defacing of Web site
pages
Replace regular content
It’s parallel is the spraying of graffiti on
public property
Masquerading or Spoofing
This is when a person impersonates someone else
E.g. pretending that a Web site belongs to someone
else, when it does not
On a domain name server a perpetrator might use
a security hole in order to change the IP address
of a given Web page
Any order entered on this new page could then be
modified (e.g. change the shipping address of the
goods) and the modified order sent to the original
Web site.
Denial-of-Service Threat
This threat disrupts normal computer
processing
For example a zombie computer was used
to flood a Web site with packets
This prevented legitimate users from using
the Web site
This also may lead to a loss in business
Communication Channel
Security (I)
Solutions are provided in the form of
(discussed in the next section):
Symmetric Encryption
Asymmetric Encryption
Digital Signatures
Message Hashing
Digital Certificates
Secure Socket Layer
Server Computer Security
Server vulnerabilities come from
Web servers and their software
Backend programs such as
Databases programs
Web Server Threats
The more complex this software the more
chance it contains errors which might lead
to vulnerabilities
A Web server can compromise secrecy if it
allows automatic directory listings
Passwords users select could be a threat
since a dictionary attack might reveal it
Database Threats
These databases store confidential
information
Some databases store username/passwords
in unencrypted tables, or do not enforce
security at all
Other Threats
Threats may arise when programs are
executed by the server
E.g. buffer overrun or buffer overflow
Buffers can overflow into critical memory
locations causing the Web server to run an
attacker’s program
Mail bombs cause mail servers to
malfunction by overloading them with email
Physical Security
All Web servers and associated machines require
physical protection
Backup servers and store at remote locations
The use of fingerprint readers, and biometric
security help provide physical security
Writing pads that measure the pressure and form of
hand writing
Eye scanners
Palm scanners (entire palm rather than single finger)
Access Control
Only allow permitted users to access
services. This can be controlled through
Digital certificates
Ensure the digital signature is valid
Check the time stamp on the digital certificate
Usernames and passwords
Firewalls
For information on firewalls see:
http://scitec.uwichill.edu.bb/cmp/online/co
mp3210/presentations/AntonioArthur.ppt
References
[Sch2004] Schneider, Gary, P., “Electronic
Commerce: The second wave”, Thomson
Course Technology, Fifth Annual Edition,
2004
