Laws and regulations created by government bodies are also a type of administrative control because they inform the business. Other examples of administrative controls include the corporate security policy, password policy , hiring policies, and disciplinary policies.
Administrative controls form the basis for the selection and implementation of logical and physical controls. Logical and physical controls are manifestations of administrative controls, which are of paramount importance. Logical controls also called technical controls use software and data to monitor and control access to information and computing systems.
Passwords, network and host-based firewalls, network intrusion detection systems, access control lists , and data encryption are examples of logical controls. An important logical control that is frequently overlooked is the principle of least privilege, which requires that an individual, program or system process not be granted any more access privileges than are necessary to perform the task.
Violations of this principle can also occur when an individual collects additional access privileges over time. This happens when employees' job duties change, employees are promoted to a new position, or employees are transferred to another department. The access privileges required by their new duties are frequently added onto their already existing access privileges, which may no longer be necessary or appropriate.
Physical controls monitor and control the environment of the work place and computing facilities. They also monitor and control access to and from such facilities and include doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks, etc. Separating the network and workplace into functional areas are also physical controls.
An important physical control that is frequently overlooked is separation of duties, which ensures that an individual can not complete a critical task by himself. For example, an employee who submits a request for reimbursement should not also be able to authorize payment or print the check.
An applications programmer should not also be the server administrator or the database administrator ; these roles and responsibilities must be separated from one another. Information security must protect information throughout its lifespan, from the initial creation of the information on through to the final disposal of the information.
The information must be protected while in motion and while at rest. During its lifetime, information may pass through many different information processing systems and through many different parts of information processing systems. There are many different ways the information and information systems can be threatened. To fully protect the information during its lifetime, each component of the information processing system must have its own protection mechanisms. The building up, layering on and overlapping of security measures is called "defense in depth. Recall the earlier discussion about administrative controls, logical controls, and physical controls.
The three types of controls can be used to form the basis upon which to build a defense in depth strategy. With this approach, defense in depth can be conceptualized as three distinct layers or planes laid one on top of the other. Additional insight into defense in depth can be gained by thinking of it as forming the layers of an onion, with data at the core of the onion, people the next outer layer of the onion, and network security , host-based security and application security forming the outermost layers of the onion. Both perspectives are equally valid, and each provides valuable insight into the implementation of a good defense in depth strategy.
An important aspect of information security and risk management is recognizing the value of information and defining appropriate procedures and protection requirements for the information. Not all information is equal and so not all information requires the same degree of protection. This requires information to be assigned a security classification. The first step in information classification is to identify a member of senior management as the owner of the particular information to be classified. Next, develop a classification policy. The policy should describe the different classification labels, define the criteria for information to be assigned a particular label, and list the required security controls for each classification.
Some factors that influence which classification information should be assigned include how much value that information has to the organization, how old the information is and whether or not the information has become obsolete. Laws and other regulatory requirements are also important considerations when classifying information. The Information Systems Audit and Control Association ISACA and its Business Model for Information Security also serves as a tool for security professionals to examine security from a systems perspective, creating an environment where security can be managed holistically, allowing actual risks to be addressed.
The type of information security classification labels selected and used will depend on the nature of the organization, with examples being: . All employees in the organization, as well as business partners, must be trained on the classification schema and understand the required security controls and handling procedures for each classification. The classification of a particular information asset that has been assigned should be reviewed periodically to ensure the classification is still appropriate for the information and to ensure the security controls required by the classification are in place and are followed in their right procedures.
Access to protected information must be restricted to people who are authorized to access the information. The computer programs, and in many cases the computers that process the information, must also be authorized. This requires that mechanisms be in place to control the access to protected information. The sophistication of the access control mechanisms should be in parity with the value of the information being protected; the more sensitive or valuable the information the stronger the control mechanisms need to be.
The foundation on which access control mechanisms are built start with identification and authentication. Access control is generally considered in three steps: identification, authentication , and authorization. Identification is an assertion of who someone is or what something is. If a person makes the statement "Hello, my name is John Doe " they are making a claim of who they are. However, their claim may or may not be true. Before John Doe can be granted access to protected information it will be necessary to verify that the person claiming to be John Doe really is John Doe.
Typically the claim is in the form of a username. By entering that username you are claiming "I am the person the username belongs to". Authentication is the act of verifying a claim of identity. When John Doe goes into a bank to make a withdrawal, he tells the bank teller he is John Doe, a claim of identity. The bank teller asks to see a photo ID, so he hands the teller his driver's license. The bank teller checks the license to make sure it has John Doe printed on it and compares the photograph on the license against the person claiming to be John Doe. If the photo and name match the person, then the teller has authenticated that John Doe is who he claimed to be.
Strong authentication requires providing more than one type of authentication information two-factor authentication. The username is the most common form of identification on computer systems today and the password is the most common form of authentication. Usernames and passwords have served their purpose, but they are increasingly inadequate. After a person, program or computer has successfully been identified and authenticated then it must be determined what informational resources they are permitted to access and what actions they will be allowed to perform run, view, create, delete, or change.
This is called authorization. Authorization to access information and other computing services begins with administrative policies and procedures. The policies prescribe what information and computing services can be accessed, by whom, and under what conditions. The access control mechanisms are then configured to enforce these policies. Different computing systems are equipped with different kinds of access control mechanisms.
Some may even offer a choice of different access control mechanisms. The access control mechanism a system offers will be based upon one of three approaches to access control, or it may be derived from a combination of the three approaches. The non-discretionary approach consolidates all access control under a centralized administration.
The access to information and other resources is usually based on the individuals function role in the organization or the tasks the individual must perform. The discretionary approach gives the creator or owner of the information resource the ability to control access to those resources. In the mandatory access control approach, access is granted or denied basing upon the security classification assigned to the information resource. To be effective, policies and other security controls must be enforceable and upheld.
Effective policies ensure that people are held accountable for their actions. The U. Treasury 's guidelines for systems processing sensitive or proprietary information, for example, states that all failed and successful authentication and access attempts must be logged, and all access to information must leave some type of audit trail. Also, the need-to-know principle needs to be in effect when talking about access control. This principle gives access rights to a person to perform their job functions.
This principle is used in the government when dealing with difference clearances. Even though two employees in different departments have a top-secret clearance , they must have a need-to-know in order for information to be exchanged. Within the need-to-know principle, network administrators grant the employee the least amount of privileges to prevent employees from accessing more than what they are supposed to.
Need-to-know helps to enforce the confidentiality-integrity-availability triad. Need-to-know directly impacts the confidential area of the triad. Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption. Information that has been encrypted rendered unusable can be transformed back into its original usable form by an authorized user who possesses the cryptographic key , through the process of decryption.
Cryptography is used in information security to protect information from unauthorized or accidental disclosure while the information is in transit either electronically or physically and while information is in storage. Cryptography provides information security with other useful applications as well, including improved authentication methods, message digests, digital signatures, non-repudiation , and encrypted network communications. Cryptography can introduce security problems when it is not implemented correctly. Cryptographic solutions need to be implemented using industry-accepted solutions that have undergone rigorous peer review by independent experts in cryptography.
The length and strength of the encryption key is also an important consideration. A key that is weak or too short will produce weak encryption. The keys used for encryption and decryption must be protected with the same degree of rigor as any other confidential information. They must be protected from unauthorized disclosure and destruction and they must be available when needed.
Public key infrastructure PKI solutions address many of the problems that surround key management. The terms "reasonable and prudent person," " due care " and "due diligence" have been used in the fields of finance, securities, and law for many years. In recent years these terms have found their way into the fields of computing and information security.
Federal Sentencing Guidelines now make it possible to hold corporate officers liable for failing to exercise due care and due diligence in the management of their information systems. In the business world, stockholders, customers, business partners and governments have the expectation that corporate officers will run the business in accordance with accepted business practices and in compliance with laws and other regulatory requirements.
This is often described as the "reasonable and prudent person" rule. A prudent person takes due care to ensure that everything necessary is done to operate the business by sound business principles and in a legal, ethical manner. A prudent person is also diligent mindful, attentive, ongoing in their due care of the business. In the field of information security, Harris  offers the following definitions of due care and due diligence:. Attention should be made to two important points in these definitions. First, in due care, steps are taken to show; this means that the steps can be verified, measured, or even produce tangible artifacts.
Similar authors to follow
Second, in due diligence, there are continual activities; this means that people are actually doing things to monitor and maintain the protection mechanisms, and these activities are ongoing. Organizations have a responsibility with practicing duty of care when applying information security. It considers all parties that could be affected by those risks.
DoCRA helps evaluate safeguards if they are appropriate in protecting others from harm while presenting a reasonable burden. With increased data breach litigation, companies must balance security controls, compliance, and its mission. These include: . An incident response plan that addresses how discovered breaches in security is also vital.
It should include:. Change management is a formal process for directing and controlling alterations to the information processing environment. This includes alterations to desktop computers, the network, servers and software. The objectives of change management are to reduce the risks posed by changes to the information processing environment and improve the stability and reliability of the processing environment as changes are made.
It is not the objective of change management to prevent or hinder necessary changes from being implemented. Any change to the information processing environment introduces an element of risk. Even apparently simple changes can have unexpected effects. One of management's many responsibilities is the management of risk. Change management is a tool for managing the risks introduced by changes to the information processing environment.
Part of the change management process ensures that changes are not implemented at inopportune times when they may disrupt critical business processes or interfere with other changes being implemented. Not every change needs to be managed. Some kinds of changes are a part of the everyday routine of information processing and adhere to a predefined procedure, which reduces the overall level of risk to the processing environment.
Creating a new user account or deploying a new desktop computer are examples of changes that do not generally require change management. However, relocating user file shares, or upgrading the Email server pose a much higher level of risk to the processing environment and are not a normal everyday activity. The critical first steps in change management are a defining change and communicating that definition and b defining the scope of the change system.
Change management is usually overseen by a change review board composed of representatives from key business areas, security, networking, systems administrators, database administration, application developers, desktop support and the help desk. The tasks of the change review board can be facilitated with the use of automated work flow application. The responsibility of the change review board is to ensure the organization's documented change management procedures are followed. The change management process is as follows .
Change management procedures that are simple to follow and easy to use can greatly reduce the overall risks created when changes are made to the information processing environment. Good change management procedures improve the overall quality and success of changes as they are implemented. This is accomplished through planning, peer review, documentation and communication. Business continuity management BCM concerns arrangements aiming to protect an organization's critical business functions from interruption due to incidents, or at least minimize the effects.
BCM is essential to any organization to keep technology and business in line with current threats to the continuation of business as usual. The BCM should be included in an organizations risk analysis plan to ensure that all of the necessary business functions have what they need to keep going in the event of any type of threat to any business function. Whereas BCM takes a broad approach to minimizing disaster-related risks by reducing both the probability and the severity of incidents, a disaster recovery plan DRP focuses specifically on resuming business operations as quickly as possible after a disaster.
A disaster recovery plan, invoked soon after a disaster occurs, lays out the steps necessary to recover critical information and communications technology ICT infrastructure. Disaster recovery planning includes establishing a planning group, performing risk assessment, establishing priorities, developing recovery strategies, preparing inventories and documentation of the plan, developing verification criteria and procedure, and lastly implementing the plan.
Below is a partial listing of governmental laws and regulations in various parts of the world that have, had, or will have, a significant effect on data processing and information security. Important industry sector regulations have also been included when they have a significant impact on information security. Describing more than simply how security aware employees are, information security culture is the ideas, customs, and social behaviors of an organization that impact information security in both positive and negative ways.
The way employees think and feel about security and the actions they take can have a big impact on information security in organizations. Andersson and Reimers found that employees often do not see themselves as part of the organization Information Security "effort" and often take actions that ignore organizational information security best interests. In Information Security Culture from Analysis to Change , authors commented, "It's a never ending process, a cycle of evaluation and change or maintenance.
The International Organization for Standardization ISO is a consortium of national standards institutes from countries, coordinated through a secretariat in Geneva, Switzerland. ISO is the world's largest developer of standards. Department of Commerce. The NIST Computer Security Division develops standards, metrics, tests and validation programs as well as publishes standards and guidelines to increase secure IT planning, implementation, management and operation.
NIST is also the custodian of the U. The Internet Society is a professional membership society with more than organizations and over 20, individual members in over countries. It provides leadership in addressing issues that confront the future of the internet, and it is the organizational home for the groups responsible for internet infrastructure standards, including the Internet Engineering Task Force IETF and the Internet Architecture Board IAB.
The Information Security Forum ISF is a global nonprofit organization of several hundred leading organizations in financial services, manufacturing, telecommunications, consumer goods, government, and other areas. It undertakes research into information security practices and offers advice in its biannual Standard of Good Practice and more detailed advisories for members.
The Institute of Information Security Professionals IISP is an independent, non-profit body governed by its members, with the principal objective of advancing the professionalism of information security practitioners and thereby the professionalism of the industry as a whole. This framework describes the range of competencies expected of information security and information assurance professionals in the effective performance of their roles. It was developed through collaboration between both private and public sector organizations and world-renowned academics and security leaders.
The Catalogs are a collection of documents useful for detecting and combating security-relevant weak points in the IT environment IT cluster. The collection encompasses as of September over 4, pages with the introduction and catalogs. From Wikipedia, the free encyclopedia. Main article: Risk management. Main article: security controls. Main article: Defense in depth computing.
Main article: Cryptography. See also: Information Security Governance. This section needs expansion. You can help by adding to it. January This section may have been copied and pasted from another location, possibly in violation of Wikipedia's copyright policy.
Please be sure that the supposed source of the copyright violation is not itself a Wikipedia mirror. April Main article: Cyber Security Standards. Backup Data breach Data-centric security Enterprise information security architecture Identity-based security Information infrastructure Information security audit Information security indicators Information security management Information security standards Information technology security audit IT risk ITIL security management Kill chain List of Computer Security Certifications Mobile security Network Security Services Privacy engineering Privacy software Privacy-enhancing technologies Security bug Security convergence Security information management Security level management Security of Information Act Security service telecommunication Single sign-on Verification and validation.
Retrieved Journal of Information System Security. Retrieved 25 January IT Governance. Retrieved 16 March Lives of the Caesars Oxford World's Classics. New York: Oxford University Press. The Code Book. The Evolution of British Sigint: — Her Majesty's Stationery Office. Payer anonymity, however, must be preserved throughout the entire transaction, which may consist of several sessions. It 82 Security Fundamentals for E-Commerce is usually required that a payer be anonymous in each session except in some sessions with his bank.
A protocol consists of a set of messages exchanged between two principals. In an electronic payment transaction, the principals are the customer, the merchant, the payment gateway, and the banks. Disputes can arise if the customer claims that he never issued a payment instruction or the merchant claims that he never received payment from the customer. The service of nonrepudiation of payment transaction messages helps resolve such disputes. To ensure freshness of payment transaction messages means to protect against reuse of, for example, payment instruction messages.
This is an example of a replay attack. For example, a perfectly anonymous digital coin is just a bit string that can be copied as many times as desired. Even if a bank detects that someone has tried to spend the same coin more than once, it is impossible to discover his identity because the coin is anonymous.
In such cases, the service of protection against double spending can help. This service can be based on conditional anonymity , the condition being that if a customer is honest and spends a coin only once, his identity cannot be discerned. However, if he does try to double-spend, he can be identified and eventually made responsible. As mentioned before, digital coins are bit strings. Consequently, off-line payment systems must have some protection against forged coins.
If payers are anonymous, there is no way for a payee to differentiate between a legal owner and a thief using stolen coins. There are, however, some mechanisms to prevent stealing of coins, and they are used to implement the corresponding payment security service. The three digital money security services described above are to some extent conflicting, but there are ways to implement them so that there is a trade-off between risk and protection. For example, they can be set up to be triggered only if something illegal happens e.
With paper checks, such authorization is confirmed by a hand-written signature. It must be available all the time, seven days a week, 24 hours a day. It must also have some protection against denial-of-service attacks, or at least be able to detect them early and start recovery procedures. To ensure reliability, payment transactions must be atomic. This means they occur either entirely i. Furthermore, the underlying networking services as well as all software and hardware components must be sufficiently reliable. Static redundancy uses aversions of a component i.
With dynamic redundancy, detection of an error in one component will cause switching to a redundant component. These techniques are common to many software and hardware systems . In a payment transaction we generally differentiate between the order information goods or services to be paid for and the payment instruction e. From a security perspective, these two pieces of information deserve special treatment.
This chapter describes some mechanisms that can be used to implement the payment transaction security services defined in Chapter 5. However, this requires that at 85 86 Security Fundamentals for E-Commerce least one of the hosts on the network path be honest, if the traffic source is to remain truly anonymous.
The basic idea is illustrated in Figure 6. Messages are encrypted with the public key of the mix, E M. If the mix is honest, Y has no idea where the message originated or who sent it. The main drawback of the scheme is that the mix has to be completely trustworthy. Figure 6. Payment Transaction Security 87 If A wishes Y to send a reply, he can include an anonymous return address in the message to Y: Mix, E m A In this way the reply message is actually sent to the mix, but only the mix knows whom to send it on to i.
An additional property of the mix scheme is protection against traffic analysis. All messages, both dummy and genuine, must be random and of fixed length, and sent at a constant rate. Additionally, they must be broken into fixed block sizes and sent encrypted so that an eavesdropper cannot read them. The problem of having a mix trusted by all participants can be solved by using a matrix or network of mixes instead of just one, as shown in Figure 6. The bigger the matrix, the higher the probability that there will be at least one honest mix on a randomly chosen path.
The principal A can provide an anonymous return address in the same way as in the example with one mix. Specifically, A picks a random return path through the mix network e. There is an experimental implementation of anonymous e-mail with return addresses called BABEL by Giilcu and Tsudik , and onion network described in Part 4. If one wants be sure that two different payment transactions by the same payer cannot be linked, then payment transaction untraceability must also be provided.
Although they did not use cryptography at the beginning, they later realized that in some cases it was necessary. The VirtualPIN may be sent safely by e-mail. Even if it is stolen, an unauthorized customer cannot use it because all transactions are 1. If the VPIN is valid 3 , the merchant supplies the ordered services to the customer 4 and sends the transaction information to the FV provider 5. In the next step 6 , the FV provider asks the customer whether he is willing to pay for the services e. Supply services Merchant Figure 6.
Even if a fraudulent customer does not pay for the services delivered, the merchant will not suffer a significant loss , and the VPIN will be blacklisted immediately. Here, two mechanisms that allow partial payment transaction untraceability are described. In each payment transaction the customer chooses a different random number so that the merchant receives different pseudonyms.
Thus it is impossible for the merchant to link two payment transactions with the same BAN 6. Since the nonce is different for each payment transaction, the merchant cannot link two transactions even if the same PAN is used. A payment instruction can contain a credit card number or an account number. The primary purpose of protecting its confidentiality is to prevent misuse by unauthorized principals, including dishonest merchants see also Section 4. In many cases, however, the information contained in a payment instruction uniquely identifies the payer. Order information can specify the type and amount of goods or services ordered and the price to be paid, or just contain the order number.
In such cases the order information must be made unreadable for the gateway. Otherwise, in a case of dispute, the customer could not prove that the payment instruction he sent to the merchant really related to a particular order. The 1KP see also Section 6. It also provides customer anonymity with respect to merchants. In other words, h k R c ,. Since R c is different for each transaction, he cannot link two payments made by the same customer.
The only attack he can try is to compute the hashsums of all possible combinations of a random number and an account number dictionary attack , but this would hardly be feasible because, for a sufficiently long random number, there are too many combinations. The acquirer obtains R c , so he can compute ID C and verify that it is correct. The pseudonym should be used only once, that is, for only one payment transaction.
- Security, Rights, and Liabilities in E-commerce - Jeffrey H. Matsuura - Google книги.
- Internet and Intranet Security.
- Internet and Intranet Security : Rolf Oppliger : .
Confidentiality of order information with respect to the acquirer is achieved in a similar way. Using the same hash function as before, the merchant prepares the description of the order information DLSC for the acquirer in the following way: h k SAL T c , DESC The acquirer can see that the hashsum is different for each payment transaction, but he does not have enough information to compute DESC. It is, however, possible to eavesdrop on the communication line between the 2. Since the acquirer is probably trusted at least to some extent, this type of attack is not considered to be very likely.
To communicate the payment instruction to the acquirer in such a way that the merchant cannot read it, z'KP uses public key encryption. The encrypted message is sent to the merchant to be forwarded to the acquirer. In this way, only the acquirer can decrypt the message. This combination of values is unique for each payment transaction. Its development was initiated by Visa and MasterCard in It cannot be used outside the United States, but there are other crypto libraries available that will work in the place of the default crypto library BSAFE.
Let M be a merchant and Pa payment gateway. We want the merchant M not to be able to read the payment instruction PI, and the gateway P not to be able to read the order information To achieve that, the customer computes the dual signature DS of the payment request. If P agrees, that is, if the payment instruction is correct and the authorization response is positive, it can sign PI. If M agrees, he can sign The value of the digestAlgorithm field is in this case SHA The contentlnfo field contains the content to be digested i.
Finally, the digest or hashsum is contained in the digest field. The final i. It is encrypted by a symmetric encryption algorithm with a randomly generated secret key K. Note that this mechanism also provides a kind of payment transaction untraceability. The payment gateway can link the payments made by the same customer, but it cannot see what was ordered. The merchant can only link the payments with order information, but cannot know which customer is behind them, provided a nonce is used as described in Section 6.
This section will deal with nonrepudiation of origin, which prevents denial of authorship of a document, and to some extent nonrepudiation of receipt, which prevents denial that a message was received if a signed acknowledgment has already been sent. Nonrepudiation of submission and delivery are very complex and still insufficiently resolved issues because they involve interaction with potentially unreliable communication networks. However, on the network path to the final receiver there may be more than one node, so the first node may request the same from the second node, and so on.
Currently there is no infrastructure to provide such a service. Nonrepudiation of delivery is similar: the first node 96 Security Fundamentals for E-Commerce requests a signed delivery acknowledgment from the second node, and so on. Finally, the last node on the network path requests an acknowledgment from the actual receiver. The acquirer represents a payment gateway and an acquirer bank. For example, for a credit card the data contains the issuer bank, number, and expiry date validity period. The payee wants to verify that the credit card can be charged, so he sends an Authorization Request message to the acquirer.
If the result is positive, the payer sends a Payment Receipt to the payer and delivers the purchased goods or services. Now the nonrepudiation and authorization issues based on the model in Figure 6. All three parties have a public key pair. Each public key is certified by a directly or indirectly trusted certification authority. Payee's Payment Auth. Acquirer's Payee Auth. Acquirer's Payment Auth. The payee needs undeniable proof that the payer agrees to pay a certain amount of money. This message ensures nonrepudiation of payment authorization by the payer. The acquirer and the issuer bank need undeniable proof that the payee asked for the amount of sale for this transaction to be paid into his account.
The payer may also require that proof. This ensures nonrepudiation of payment authorization by the acquirer. If the public key certificate can be obtained from a public directory, this message is not necessary. In this way the payee cannot later deny that the payer has paid for the ordered items. The receipt should be digitally signed by the payee. To illustrate how they can be used in a payment transaction, here is a model based on 1KP  Figure 6.
In the rightmost column of the figure, the names of the transaction messages are given. All three values together are referred to as TR M. All transaction messages depend on SAL T c andi? Besides ensuring freshness, they have certain other roles as explained in Section 6. The customer initiates the payment transaction by sending the Initiate message. He uses a one-time pseudonym ID C see Section 6. The merchant responds with the Invoice message. ID M is his identifier. Resp is the authorization response from the acquirer and can be positive yes if the credit card can be charged, or negative no.
The whole Auth- Response message is signed by the acquirer D a. The merchant forwards the Auth-Response message to the customer. It can usually be retrieved online from a public directory. References  Chaum, D. Geer, and M. Ranum, Web Security Sourcebook. More than any other payment instrument, it demands development of a variety of new security techniques for both macro- and micropayments.
This chapter gives an overview of selected mechanisms for securing digital money transactions. For this reason, payment transactions cannot be linked to a certain customer. Digital coins also have serial numbers and are sometimes represented by unique numbers satisfying specific conditions. Since these numbers exist in only digital form i. To prevent this, special mechanisms are needed. Chaum  proposed a cryptographic mechanism that can be used to blind obscure the connection between the coins issued and the identity of the customer who originally obtained them.
The mechanism, which provides both payer anonymity and payment transaction untraceability, is based on the RSA signature and is called a blind signature. It is patented and used in the Internet payment software by eCash. There is an additional parameter, k, called the blinding factor and chosen by the message e. The signer usually wants to check if the message M e. For this purpose the provider prepares n messages and blinds each one with a different blinding factor.
The signer checks the n — 1 messages; if they are correct, he signs the remaining message. Note that electronic coins blinded in this way can only be used in an online payment system; in order to prevent double spending, it must be checked in a central database whether the coin has already been spent. In NetCash the customer is free to choose a currency server he trusts.
However, there must be at least one trusted and honest server to exchange coins for the customer, otherwise the anonymity mechanism does not work. The mechanism based on blind signatures does not need a trusted third party. This can be done by anybody since they are simply electronically stored numbers. If a payer obtains a valid coin in a legal way, he may try to spend it more than once, which is not legal. Consequently, it is necessary to apply some mechanisms that detect double spending. Such mechanisms are needed for digital money with anonymous serial numbers, such as eCash, which uses blind signatures see Section 6.
The idea is to divide up a message M into pieces so that all the pieces must be put together to reconstruct M in a general secret sharing scheme only a subset of pieces may be sufficient to reconstruct M. The merchant can verify whether the decryption result is valid if a public key algorithm is used. If the customer tries to spend the same coin again, it is very likely that, for ATarge enough e. This technique is called cut-and-choose.
This poses a serious scalability problem. The model is only suitable for online payment systems, since the database must be queried each time a payer wants to spend a coin. As soon as a coin has been spent, it can be deleted. This provides better scalability than in the blind signature system mentioned above. The system of exchanging coins can only be used in an online payment system, since the database must be queried before a coin is spent.
The issuer is a banking organization issuing electronic money. The wallet consists of a purse, which is trusted by the payer, and a guardian, which is trusted by the issuer. The guardian is a microprocessor chip that can either be fixed in the wallet or mounted on a smart card. To achieve this, the guardian must be a tamper-proof or tamper-resistant device.
The purse takes the form of a small portable computer with its own power supply, keyboard, and display. The guardian can communicate with the outside world only through the purse, so the purse can check all input and output messages. Wallet Figure 7. The message can represent, for example, a coin. Given m and z, by using the following protocol the prover guardian can prove to the verifier purse that it knows x 1. Note that its value is different even for two identical messages, since it is computed by using two random values, r and c. If the guardian were free to choose s, it could use it to encode some information in the value and send a subliminal i.
The purse prevents this by participating in determining a and b. This can be done Security Fundamentals for E-Commerce in the following way. This type of signature is sometimes referred as the randomized signature. One such mechanism was proposed in . The purse must blind both the message and the challenge from the basic signature described earlier. Similarly, after Step 3 the verifier can unblind the response r. On the other hand, if the purse generates electronic coins and wants to obtain a blind signature on the coins from the issuer, the issuer wants to be sure that the guardian has agreed to the coins.
To demonstrate its agreement, the guardian signs the blinded challenge c 0 by using the randomized—but not blind—signature protocol. The issuer signs a blinded message m 0 only if the challenge is signed by the guardian. The protocol is a blind signature protocol as described earlier.
Additionally, the signer i. In this way the issuer cannot send a subliminal message to the guardian. The guardian can see all protocol parameters that the purse can, except It cannot, however, send any of them to the issuer except c 0 , since the purse controls the communication with the outside world. Should the issuer ever get the guardian back and analyze the information from the signature protocols, it could see the unblinded messages and their signatures.
In  an improvement of the protocols described so far is proposed, so that even if the issuer manages to collect the information from the guardian, it is impossible to trace the behavior of the payer. If the tamper resistance of the guardian is broken by the user, it is not possible to detect double spending just by using the protocols described above. One should additionally use a cut-and-choose mechanism, as described in Section 7. A more efficient mechanism based on restrictive blind signatures is described in .
First, the notes must have special, expensive or difficult-to-reproduce physical features e. Second, the serial numbers must at least look genuine. Serial numbers can be checked before spending only in online systems, but this is neither scalable nor practical. The only other option is to issue coins with serial numbers that have special mathematical properties. Its property is that generating many coins is much cheaper per coin than generating a few coins. The validity of the coin can be verified by checking that all x-values are distinct, and that all yield the same hashsum.
Approximately x-values must be examined i. If those examinations are repeated c times, c k k-way collisions can be expected. In other words, it is rather expensive to find the first collision, but it becomes increasingly cheaper to find further collisions. This result is based on the birthday paradox. For additional security, the coins should be valid only for a limited time period e. The broker can also define an additional validity criterion at the beginning of each validity Digital Money Security period, for example, a requirement that the higher-order bits of all valid coin hashums be equal to some predetermined value.
However, coins usually have a rather low nominal value e. Consequently, in many cases it would be rather inefficient and expensive to use an encryption mechanism. This section describes several other mechanisms that can serve the same purpose. However, it is understandable that customers sometimes prefer staying anonymous at the risk of losing some coins.
In such cases the probability of stealing can be reduced by making the coin merchant-specific. The corresponding protocol is illustrated in Figure 7. See also Section 7. K A ni is a symmetric session key that should be used by the currency server to encrypt the coin triplet sent in the reply Table 7. B may spend the coin C B before time t B.
At the time the service is to be provided, B verifies that A knows K ses. B must convert the coin while it is valid i. If B has not spent the coin, A can obtain a refund during the time in which C A is valid. A may spend coin C A after time t B and before time t A. Finally, C x is used if A does not spend the coin with B. It can be used by anyone since it has no key embedded in it.
It uses no encryption at all. The first approach is to make a coin group-specific. A group consists of a number of users. It should not be too large, because in that case it would be possible to steal coins from one group member and sell them to another group member. The reason is that the merchant can easily detect that the coin has already been spent for his Security Fundamentals for E-Commerce goods or services.
One approach, described in , is to make a coin customer-specific, and then have the customer make the coin merchant- specific. Digital coins, called paywords, are customer-specific. The design goal was to minimize communication with the broker. In the PayWord scheme, the coins are produced by customers, not by the broker.
When the customer wants to buy something from a merchant for the first time, he sends the root as a signed commitment to the merchant. The customer is not anonymous. A payment consists of a payword and its index, that is w n i. At first payment the customer sends w 1 ,l to the merchant. The customer must contact the broker online each time he wants to interact with a new merchant. The protocols are designed for purchases of 50 cents and less, that is, mostly for buying electronic information such as online newspapers, magazines, or stock prices.
In the Millicent model, the broker is the most trustworthy party, since it usually represents a reputable financial institution such as a bank. Customers have the possibility to complain if merchants are trying to cheat. Customers need be trusted only if they complain about service problems.
In the Millicent scheme a digital coin is called scrip. A scrip has a low value and can be spent by its owner CustomerlD at a specific merchant only, so it is both customer- and merchant-specific. A scrip consists of a scrip body and a certificate. It actually represents the scrip authentication information in the form of the MAC. A scrip has a serial number ID to prevent double spending. However, if the scrip is sent in the clear, it can be stolen, although it is customer- specific.
This protocol has the best security-performance trade-off of all Milli- cent protocols. Chaum ed. First ACM Conf. Fiat, and M. Goldwasser ed. Brickell ed. Helleseth ed. Digital Money Security  Brands, S. Stinson ed. If they are used in electronic payment transactions, it may be necessary to apply one or more of the payment transaction security mechanisms described in Chapter 6. There is, however, one mechanism that is typical of checks in general and needs an electronic equivalent: transfer of payment authorization. This section explains a mechanism for electronic signatures on checks based on restricted proxies, which are used to implement NetCheque.
It supports the credit-debit model of payment. In the credit model the charges are posted to an account and the customer pays the required amount to the payment service later. In the debit model the account is debited when a check a debit transaction is processed. The mechanism described in this section applies to the debit model. In the check example, the restrictions are the payee designated customer , the amount of money to be paid, and the issue date.
NetCheque proxies are based on Kerberos tickets . First, a brief explanation of Kerberos will help us understand the NetCheque proxies. When a client wishes to use a service S such as a printer in a distributed system, he must obtain a service ticket from the ticket granting service TGS. But before requesting any ticket, the client must authenticate himself to the authentication service AS. Now the client can request a service ticket.
The restriction is the time interval t v t 2 within which a ticket is valid. The grantee is the principal designated to act on behalf of the grantor e. An example accounting hierarchy is shown in Figure 8. This server starts the verification of the cascaded proxies with the ticket in Proxy 1, since it shares the secret key K customer with the customer. With this key, AS 2 can obtain K x and use it to decrypt the ticket in Proxy 2.
References  Neuman, B. Each payment system defines its own messages and has its own security requirements. Yet one of the major concerns in the Internet is interoperability. One way to achieve this is to define a higher level of abstraction, that is, a common electronic payment framework specifying a set of protocols that can be used with any payment system. This is the philosophy of a payment framework proposal, IOTP, described in this chapter. As of the time of this writing April it is still under development  is an Internet Draft, i.
An IOTP participant can perform one or several trading roles-. The protocol describes the content, format and sequences of e-commerce messages that pass among the participants. IOTP is payment system-independent. That means that any electronic payment system e. Each payment system defines certain specific message flows. A predefined set of IOTP messages defines a trading exchange e. IOTP transactions are built of one or more trading exchanges. Figure 9. It consists of several blocks.
Each message has a transaction reference block Trans Ref Figure 9. A transaction e. It includes one or more messages from a predefined set, and all messages belonging to the same transaction have the same Trans Id. Additionally, each message has its own identifier Msg Id that is unique within the transaction. Optionally, it can contain a signature block also a trading block. Finally, a trading block consists of a set of predefined trading components e.
Nevertheless, there are some security issues that are covered by IOTP to provide optional additional protection. If it is necessary to consider payment security from an IOTP perspective, this should be included in the payment protocol supplement that describes how IOTP supports that payment protocol.
Authentication can be performed at any point in the protocol. It simply suspends the current IOTP transaction. For example, a Consumer may want to authenticate the Payment Flandler after receiving an Offer Response from the Merchant and before sending the Payment Request to that Payment Flandler see also the next section. Data integrity and nonrepudiation of origin can be achieved by means of digital signatures . Use of a secure channel within IOTP is optional. That part is outside the scope of IOTP. The Consumer selects a Payment Brand e.
Their modification can only cause denial of service if the underlying payment protocol is secure against message modification, duplication, and swapping attacks. The Consumer can now check the information from the Merchant and decide whether he wishes to continue with the trade. This signature serves as proof to the Payment Handler that the Merchant agrees with the payment. This type of message serves to carry the underlying payment-protocol- specific data e.
The Payment Response block contains a Payment Receipt component, which includes a reference to the Payment component from the previous message. Optionally, it may contain an underlying payment-system-specific payment receipt. Note that some payment systems already provide such proof e. Part 3 Communication Security Part 1 of this book dealt with techniques for securing electronic information in general. The analysis will be based on descriptions of protocols and their security features, with a special emphasis on the protocols used in the Internet.
The network model used here can be seen as a set of communication protocols that fulfill different communication tasks. There are basically two approaches to networking. The first approach, used in the OSI model, is based on strict layering, which means that a layer can be directly accessed by its adjacent layers only. The second one, as used in the Internet, is based on hierarchy, in which case only the relative order of layers in the protocol stack is determined.
The information exchanged over a network can be of any type, for example, voice, documents, photos, or video. In the probably not too distant future there will be a common infrastructure i. Currently this is Security Fundamentals for E-Commerce not the case, so we have, for example, a public switched telephone network, a mobile telephone network, and the Internet.
For example, one can send an e-mail from the Internet to a mobile phone e. Each layer provides a subset of communication services in such a way that it uses the services from the next lower layer and provides services to the next higher layer. Each layer receives a protocol data unit PDU, i. The data link layer additionally appends a trailer LT. This technique is called encapsulation. The physical connection communication line exists between the physical layers only; the connection between the higher layers is strictly logical. If two systems are communicating, there is a protocol stack consisting of the seven communication layers at each of them.
Any two horizontally adjacent layers, one from each protocol stack, exchange control information through the use of headers. When a system receives data, the processing is in reverse order, that is, from the bottom up. When a layer receives a PDU from the next lower layer, it reads and interprets its header information. When application data e. It appends the application-specific information to the PDU in the form of an application header AH, e. The presentation layer translates between the local data representation and the representation used for information exchange.
Security fundamentals for e commerce()
It can, for example, use ASN. The presentation layer can include some additional functionality, such as data compression or even data encryption. The layer-specific data is appended as the presentation header PH. A session is a related set of communication transactions between two or more network devices . The session layer is necessary for applications that need a mechanism for establishing, managing, and terminating a session i.
In addition, an application may require checkpoints in the data transfer stream to allow backup and recovery. The role of the OSI transport layer is to provide a reliable data exchange mechanism between processes running on different end systems. It ensures that data units are delivered error-free, in sequence, and without losses or duplicates.
In other words, even if the systems are not directly Security Fundamentals for E-Commerce physically connected, the network layer will make the end-to-end connection transparent to the transport layer. This layer is also concerned with finding a physical communication path between the end systems. This is possible only if a physical link exists between the connecting systems. The data link layer performs error detection and control. This layer includes the physical interface between communication devices and the low-level protocols for exchanging raw bit streams between them.
A protocol suite is a set of cooperating communication protocols. An interested reader can find many references with in-depth explanations about how the Internetworks . The Internet architecture is older than the OSI architecture. Department of Defense . Others regard November 21, as the actual birthday, because on that day the first electronic mail was successfully transferred within a small network consisting of only three nodes, also at UCLA.
The Internet protocol stack is shown in Figure The functionality of the network access layer roughly corresponds to that of the OSI data link and physical layer. This network access layer makes communication possible between a host and the transmission medium. It is also responsible for routing data between hosts attached to the same local area network LAN.
The network access layer operates with medium-level host addresses, such as Ethernet addresses e. The protocol messages exchanged at this layer are referred to as frames. These two protocols are shown in square brackets in Figure The next higher layer, the Internet layer, is the core part of the Internet, as its name suggests.
The routing is based on the Tbyte IP addresses e. There are four classes of IP addresses, depending on which part is used to address a network and which part is used to address the hosts in the network addressed by the first part. IP messages are called IP packets. Mapping between the IP addresses and the network access addresses e. The TCP  is a reliable connection-oriented protocol.
Also, the processes need not take care whether a piece of data was lost or corrupted during transmission, or whether pieces arrived in a different order from the sending order e. The User Datagram Protocol UDP is also a transport layer protocol, but not a reliable one, which means that the process must watch for lost data on its own. The rightmost part of Figure More about the structure of the protocol messages will be said in the sections discussing the security of the corresponding protocols.
In the OSI model, a layer is basically allowed to use services of the next lower layer only and to offer services to the next higher level only. In general, there are two main networking technologies: switching and broadcasting , A communication network consists of a number of nodes connected by communication links.
If two nodes are located in geographically distant areas, there is usually no direct connection link between them. An intermediate node must therefore switch data from one link to another. Often there are several possible paths between two distant nodes, each path involving a different set of intermediate nodes and links. Normally the path does not occupy the whole capacity of a link, but only one out of several physical channels on each link on the path.
Data is sent as a continuous bit stream. After transmission, the circuit is closed i. Packet switching differs from circuit switching in that the data to be transmitted is organized into packets. Circuit switching is efficient for traffic types that use the circuit most of the time, such as voice. If data is sent over a circuit, however, the circuit will be idle most of the time. Packet switching technologies, such as X. Similarly to physical circuits, virtual circuits are established at the start of transmission and released at the end at the network layer. They provide connection- oriented communication.
Compared to circuit switching, the physical Security Fundamentals for E-Commerce channels on a path can be used more efficiently because virtual circuits are only logical connections. The packets are queued at each node to wait for transmission. All packets are sent over the same path i. In the datagram approach, there is no circuit establishment; each packet is treated independently connectionless communication.
In this case it can happen that each packet is routed over a different path to the destination node. In packet switching the packets include certain control information to compensate for errors due to unreliable transmission media. Furthermore, many transmission errors can be detected and corrected at the higher communication layers. These facts led to the development of frame relay. In frame relay, the logical connections are switched and multiplexed at the data link layer.
Connection control uses a separate logical connection from data to be transmitted. Frame relay is about 30 times faster than packet switching. Cell relay is a further development resulting from improved digital transmission and switching technology. In contrast to packets and frames, cells are of fixed length e. In a broadcast communication network, each network station i. Many LANs are packet-broadcasting networks e. In the simplest case, a packet transmitted by a station is broadcast over the shared medium to all attached stations.
The stations look up the packet destination address so that the receiving station can recognize the packets destined for it. If two or more data sources share a common transmission medium, the most efficient way to use the medium is to multiplex data over it. There are several multiplexing techniques, for example, time division multiplexing TDM and frequency division multiplexing FDM. In TDM, each data source is assigned a time slot within which it can transmit. The time slots are Communication Network usually short, so that, for example, station 1 transmits in time slot 1, station 2 in slot 2, station 3 in slot 3, then again station 1 in slot 4, etc.
Statistical TDM multiplexing dynamically allocates time slots on the basis of demand or some other criterion. In other words, each station is assigned a part of the total bandwidth. Quality of service QoS is usually expressed as a set of parameters that define the quality of transmission required by a user. It can include, for example, acceptable error and loss levels, or desired average and minimum throughput.
More specifically, the same security parameters apply to all PDUs transmitted within a connection. Figure By comparing this figure with Figure It is also possible for a lower-layer security mechanism to protect messages of a higher-level protocol. Some services may be provided at more than one layer if the effect on security is different. OSI layers Internet "layers" information , and then encrypted again.
This requires that each pair of devices share an encryption key, which makes key management extremely complex. If more than two devices share a key, the key is more likely to be compromised. Also, because the message is decrypted at each device, it is exposed to attacks at each intermediate node, which is a severe disadvantage.
The main advantage of placing security at the Internet layer is that it is transparent to users and applications . In this way legacy applications need not be extended with security functionality. In addition, the security software is installed and maintained by experienced system administrators, which makes it less likely to contain malicious code, such as Trojan horses.
Internet-layer security requires changes to the underlying operating system, however e. Upgrading can be both expensive and time consuming. In addition, the same security parameters are used for many connections i. In other words, users or applications must trust the host to establish a secure connection on their behalf. The security of host- based keys depends greatly on the security of the operating system.
If offers better end-to-end security since the setup and cryptographic computations take place outside the operating system. In this way the data is not exposed to additional attacks exploiting the weaknesses of the operating system. Key management is also performed at the application level, so it can provide better end-to-end security. Moreover, the security functionality can be developed to fulfill the application requirements exactly. It can be made finer-grained than at lower levels, which also means that unnecessary overhead e.
Another disadvantage is that secure applications are often installed by inexperienced users, which makes the danger of malicious code quite high. It can be seen as a secure interface to the transport layer as a part of the transport layer , much like the Berkeley sockets are an interface to TCP. On the one hand, each application must use the corresponding function calls, so it is security aware.
In VPNs see Section The applications running on the internal hosts are not security aware. Frequently, the originating host i. In large user groups e. Additionally, individual authentication implies individual cryptographic keys, which can complicate key management further.
Since end-to- end security does not protect against insider attacks, it may not have the desired effect, but it will certainly have a higher cost. With a complex security system the implementation may be only moderately expensive, but the maintenance cost including software upgrades may be surprisingly high. If not, the cost of necessary modifications should be taken into consideration, which may imply some additional training of a large number of employees. For example, they should know that dial-up connections to the Internet are strictly forbidden within an intranet protected by a security gateway.
If not, even a security system that is cheap to install and maintain may cause significant costs because of interoperability problems with business partners. Additionally, it may be necessary to install a completely new system after some time because the nonstandard system is no longer supported and upgraded. They usually only cause a denial-of-service. It is usually a secret i. The modified version looks the same as the unmodified program, but has a new functionality of which the user is not aware e.
It usually performs some malicious activity as well, but the infected program must be activated first. The best protection is to regularly run some antivirus program that scans for known viruses. Once it starts executing on a host, it can behave like any other malicious program listed above. The worm was designed to exploit some fundamental vulnerabilities which are briefly described here . One vulnerability was related to the family of the C programming language routines e.
That made it possible to overflow the input buffer of the finger a utility for obtaining information about users server daemon and overwrite parts of its stack. A stack keeps track of which routine calls which other routine so that the execution can return to the appropriate program location return address when an invoked routine is finished.
The instructions at that stack location were written by the worm. The solution to the problem was to replace all calls to dangerous routines with calls that did buffer bounds checking. Another vulnerability exploited by the Internet worm was the debug option of sendmail. Sendmail is a program for routing and delivering e-mail in the Internet.
The debug option is normally used in testing to verify that an e-mail has arrived at a host. One of the frequently exploited vulnerabilities on UNIX systems, also used by the Internet worm, is the password file. Salt is a bit number e. If an attacker obtains the password file, he can try a dictionary attack to guess a password. Unfortunately, surprisingly many people choose passwords that can easily be guessed. Another well-known vulnerability, but not exploited by the Internet worm, is that many system programs and their configuration files are owned by a common userlD.
This makes it possible to abuse all services as soon as the corresponding privileges are gained. They use the built-in Word basic macro language and are attached to Word template files . More about executable content will be said in Part 4. In Part 2 the focus was on a set of applications—electronic payment applications—which had specific requirements and therefore needed specially tailored security services.
This following sections concentrate on communication security in general. For the purpose of this analysis we will refer to a PDU as a packet. In some cases an additional control channel is available, such as in ATM, for connection establishment and release. It is difficult to identify all possible threats to different communication protocols because many are due to design or implementation vulnerabilities.
One security approach can be that each layer should be responsible for securing its data, which is then transmitted as a payload at all lower-layer protocols. In some cases this is the only possible solution, especially when the upper layer has some very special security requirements e. Fiowever, as discussed in Section This has the additional advantage that both the control information and the payload are protected.
An example of protecting the upper-layer protocol packets at the next lower layer is IPsec protecting any higher level protocol messages, such as TCP segments and UDP datagrams Section It can be applied if the upper-layer protocol information, such as origin and destination address, must be hidden.
Examples of tunneling are described in Section This lower layer is actually a session layer, although the term is never used in the Internet model. A secure session protocol handles application data as a bit stream. It adds protection and forwards the protected data to the transport layer for transmission. An example of a secure channel is TLS see Section This type of threat can lead to various attacks, depending on the meaning of the modified header or trailer field.
For example, if a packet is intercepted and modified in such a way that the connection reset flag is set e. In general, unauthorized modifying of control information can be prevented by an integrity mechanism such as MAC. The problem with this approach is that some control header or trailer fields can change in transit. An example solution is IPsec AH, which protects integrity of all fields in a packet except the mutable fields see Section If the packets generally Security Fundamentals for E-Commerce may carry variable-length payloads, it is also recommendable to hide the actual payload length.
Normally, when a client sends a connection request to a server, the server responds and allocates some resources to the connection, and then waits for the acknowledgment packet to come until it times out. Examples of protection mechanisms are ATM authentication in the control plane Section In many cases a packet is authenticated on the basis of its origin address e.
This is known as a masquerading attack. The TCP attack described in Section Protection in this case is rather simple: never use addresses for authentication, but rather some form of cryptographic authentication e. Infiltration is the ultimate goal of many different types of attacks. In the example with the TCP attack described in Section This is also an example of infiltration because the attacker normally has no privileges to do so.
He could further try to misuse some of the operating system vulnerabilities to gain privileged-user permissions. To detect such attacks as early as possible, host and network intrusion detection techniques can be used see Sections Some services are offered to a broad public and by a large number of servers, so it would be impossible to manage trust relationships and cryptographic keys. It can be solved by firewall mechanisms, as described in Section In some cases the security parameters necessary for interoperability required security services, security algorithms, key length, etc. In many cases, however, they are not known, which effectively means that the communication parties must first negotiate the security parameters.
Related Security, Rights, & Liabilities in E-Commerce (Artech House Computer Security Series)
Copyright 2019 - All Right Reserved