Transcript ECT 582 Secure Electronic Commerce

ECT 582
Secure Electronic
Commerce
Professor Robin Burke
Outline
Introductions
 Course and Syllabus
 Security
 E-Commerce

Introductions

Student information sheet
Administrativa

Contacting me
CS&T 453
 x 25910
 [email protected]


Course web site

http://josquin.cs.depaul.edu/~rburke/c
ourses/w04/ect360/
About Me
2nd year at CTI
 PhD in AI, 1993
 Research

AI applications in E-Commerce
 "smart catalogs"

Taught web development since 1996
 Founded an e-commerce company

Course

Public key infrastructure

how to enable large-scale secure
messaging?
Secure transactions
 Securing hosts and applications
 Privacy

Grading
Six assignments – 35%
 Midterm – 25%
 Final – 30%
 Participation – 10%

Grading




Three Components
Knowledge
 Does the work display correct technical
knowledge?
Reasoning
 Does the work indicate good problemsolving skills?
Communication
 Is the answer well-written English?
Grading, cont'd

A = Excellent work




B = Very good work




Complete knowledge of the subject matter
No major errors of reasoning in problem solutions
Competent written answers
C = Average work




Thorough knowledge of the subject matter
Well-considered and creative solutions
Well-written answers
Some gaps in knowledge of subject matter
Some errors or omissions in problem solving
Written answers may contain grammatical and other errors
D = Below average work



Substantial gaps in knowledge of subject matter.
Problem solving incomplete or incorrect
Poor English in written answers
Discussion Forum




Important for this course
 More DL than local students
 Automatically mailed to all students
Uses
 Questions about assignments
 Announcements
 Discussion about security issues
DL students
 required to post at least weekly
All students
 component of "Participation Grade"
Security
1.
2.
3.
4.
freedom from danger, risk, etc.: safety
freedom from care, apprehension or doubt;
well-founded confidence
something that secures or makes safe;
protection; defense
precautions taken to guard against theft,
sabotage, the stealing of military secrets,
etc
–
Webster’s Encyclopedic Unabridged
Dictionary of the English Language
E-Commerce

the process of electronically buying
and selling goods, services and
information, and the maintenance of
all the relationships, both personal
and organizational, required for an
electronic marketplace to function.
What are we securing?
Post-9/11 realities

Aspects of business operations may
impact public safety
Inherent Hazard

E-commerce opens a hole for interacting
with an organization


Good design



Any Internet user can attack that opening
Minimizes the risk associated with enabling
e-commerce
While still preserving its benefits
Bad design


Fails to reduce the risks of e-commerce, or
Eliminates the benefits of e-commerce
Basic concepts
Assets
 Attackers
 Attacks
 Protocol
 Risk

Assets
Financial
 Customer data
 Proprietary info
 Reputation
 Systems

Is e-commerce different?
Need for physical proximity
 Differences in documents

Physical documents


Semi-permanence of ink embedded in
paper fibers
Particular printing process





letterhead
watermark
Biometrics of signature
Time stamp
Obviousness of modifications,
interlineations, and deletions
Computer documents
Computer-based records can be
modified freely and without detection
 Supplemental control mechanisms
must be applied to achieve a level of
trustworthiness comparable to that on
paper
 Less permanent, too

Legal differences

In some cases, possession matters
negotiable document of title
 cash money

Loss of assets

Physical assets


loss = theft or destruction
Information assets

loss = violation of
•
•
•
•
confidentiality
availability
integrity
authenticity
Attackers

Class 0


Class 1


capable outsider
Class 2


casual passerby
knowledgeable insider
Class 3

determined organization
E-Commerce
Proximity is not an issue
 Scale



Many, many Class 1 attackers
Mutability

Easy for insiders to cover their tracks
Attack
Any action that compromises the
security of an e-commerce system
 Simplifying assumption


security = protecting messages
Passive vs active

Passive

Attacker monitors communication
• disclose contents
• but also traffic analysis

Active

Attacker interferes with
communication
• generates messages
• prevents transmission or reception
Normal messaging
Alice
Bob
Eve
Basic attack types
Interception
 Interruption
 Modification
 Fabrication

Interception
Attack on confidentiality
Alice
Bob
Eve
Example: Password sniffer
Program to capture user id / password
info
 Case in Tokyo

sniffer installed at Internet cafe
 16 million Yen stolen

Interruption

Attack on availability
Alice
Bob
Eve
Example: SYN flooding

send open request for TCP
connection

but don’t respond to handshake
do this over and over again
 eventually server can't accept new
connections

Modification
Attack on integrity
Alice
Bob
Eve
Example: Shareware trojan
Alice posts a shareware application
 Eve modifies it to contain her virus
 Bob downloads the modified version

Fabrication
Attack on authenticity
Alice
Bob
Eve
Example: Session hijacking

Taking over active sessions
after Alice leaves
 before application times out


Bypass the authentication process

have Alice's privileges
Protocol

A set of formal rules describing how to
transmit data, especially across a
network....High level protocols deal
with the data formatting, including the
syntax of messages, the terminal to
computer dialogue, character sets,
sequencing of messages etc.
– FOLDOC
To describe a protocol

The roles


The steps


how the interaction unfolds
The messages


who participates
syntax and meaning of messages sent and
received
The process

processing by each player
Example: Homework
protocol

Instructor hands out assignment


Student performs assignment


submits by due date
Instructor grades assignment


includes requirements and due date
grade is incorporated into course
database
Graded work is returned to student
Protocol security


Generally we talk about the protecting the
protocol messages
Different protocols have different security
characteristics



Homework protocol is not secure against
fabrication
Test taking protocol is more secure
Attacks can target different protocol steps

"grader" example
Risk

Risk is

value of loss * probability of loss
Both can be hard to quantify
 Risk management

process of analyzing and mitigating
risk
 one technique is historical

• what losses have others suffered?
What are the primary risks?
Disclosure of proprietary information
2.
Denial of service
3.
Virus attacks
4.
Insider net abuse
5.
Financial fraud
6.
Sabotage
CSI/FBI 2003 Computer Crime and
Security Survey
Total value of losses: $200 million
1.
Secondary risks
Damage to relations with customer or
business partners
 Legal, public relations, or business
resumption cost
 Public relations damage
 Uptake failure due to lack of
confidence

Secure E-Commerce
Not E-Commerce Risk Management
 Very big topic

strategy
 architecture
 technology

Security strategy

Threats



Vulnerabilities


where is the organization exposed?
Defenses


what is valuable?
who might want it?
what can be done to manage the risks?
Legal

what liabilities and legal requirements exist?
Security architecture

People


Systems



how are they hired, trained, monitored,
audited?
what systems exist?
how are systems connected to each and to
the larger Internet?
Procedures


how are systems used?
who gets access to what under what
circumstances?
Security technology
Main focus of this course
 Specific technologies for achieving
security-related goals
 But


meaningless in the absence of a
strategy and an architecture
Secure E-Commerce
Technologies for securing the
protocols of electronic commerce
 One component of risk management

not the only component
 sometimes not even the most
important
 but a basic safeguard

What can technology
provide?
Confidentiality
 Authentication
 Integrity
 Non-repudiation
 Access control
 Availability

Confidentiality
Protects against interception
 Ensures that a message is only
readable by intended recipient
 Technology


Encryption
Authentication
Protects against fabrication
 Ensures that the origin of a message
or electronic document is correctly
identified, with assurance that the
identity is not false
 Technology

User Id/Password
 Digital certificates

Integrity
Protects against modification
 Ensures that only authorized parties
are able to modify an electronic
document or
 Allow modification to be detected
 Technology


Digital signatures
Non-repudiation
Protects against an e-commerce
participant acting in bad faith
 Require that neither the sender nor
the receiver of a message be able to
deny the transmission
 Technology


(Complicated)
Access control
Protects against unauthorized access
 Allows the establishment of finegrained control over access to files
and applications for different users
and groups
 Technology


(Various, usually tied to
authentication)
Availability
Protects against interruption
 Requires that computer system asset
be available to authorized parties
when needed
 Technology


(Many)
The big picture
Security is a multi-faceted feature of
information systems
 An organization needs

A security strategy tailored for its
particular needs
 A security architecture that addresses
that strategy
 Security technology to realize the
architecture

Assignment #1
Subscribe to CERT Advisory mailing
list
 Post on the "Test" forum
 RISKS Reaction paper
 Due before class starts


No late assignments!
Next week
Cryptography
 Reading

Ford & Baum, Ch. 1 & 4
 Risks Digest


Should be prepared for discussion