View
219
Download
2
Tags:
Embed Size (px)
Citation preview
Electronic Commerce COMP3210
Dr. Paul Walcott08/11/04
The Department of Computer Science Mathematics and Physics, University of the West Indies, Cave Hill Campus, Barbados
Contents Online Security Issues Client computer security Communication Channel Security Server Computer Security
Man-in-The-Middle Exploit Imagine sending an important containing
valuable information to a colleague A person intercepts this email and changes
its contents The intended recipient receives the email
and acts on the wrong information. This is called the man-in-the-middle
exploit
Definitions We first list a number of important definitions
[Sch2004]: Computer security is the protection of assets from
unauthorized access, use, alteration or destruction Physical security includes tangible protection
devices, such as alarms, guards, fireproof doors, and safes
Protection of assets using nonphysical means is called logical security
Definitions (I) A security threat is any act or object that poses a
danger to computer assets Countermeasure is the general name for a
procedure, either physical or logical, that recognises, reduces, or eliminates a threat
An eavesdropper is a person or device that can listen in on and copy Internet transmissions
Crackers/hackers are people who write software to gain unauthorised access to computers and networks
Physical Security In the old days (50 years ago), computer
security was more about physical security Security guards Security badges Alarm systems Surveillance systems
All terminals tended to be dumb and computers were not networked
Managing Risk It does not make sense to protect against
threats that are deemed low risk – especially if the cost to protect the asset exceeds the cost of the asset Example: it would be sensible to protect a
network from a hurricane in Barbados, but not protect it from low (below 0 degrees) temperatures
Risk Management Model
Contain and control
I
III
Ignore
Prevent
II
IV
Insurance or backup plan
High probability
Low probability
Low impact (cost)
High impact (cost)
Risk Management Model (I) This model shows four actions an
organisation can take depending on the cost and probability of the physical threat
In this model The threat posed by a hurricane in Barbados
would be in quadrant II The threat posed by temperatures dropping
below freezing would be in quadrant IV
Good Security Schemes To implement a good security scheme you
must Identify risks Determine how to protect those assets at risk Calculate the amount to spend to protect
against the identified risks
Computer Security Classifications There three main security classifications:
Secrecy Protecting against unauthorised access
Integrity Protecting against unauthorised modification
Necessity (denial of service/or avaliability) Preventing data delays or denials (removals); e.g. if
important information had to be received at a given time but a hacker delayed it by flooding an e-mail sever with email
Security Policy Every company concerned about protecting
its assets should have a security policy This is a document which describes
Which assets require protection and why The person who is responsible for protecting
it And which behaviours are permissible and
which are not
Security Policy (I) The security policy typically addresses:
Physical security Network security Access authorisation Virus protection And disaster recovery
This document should be updated regularly
Requirements for Secure E-commerce Secrecy
Prevent unauthorised individuals from reading messages and business plans, obtaining credit card numbers or accessing confidential information
Integrity Provide a way of digitally determining whether
information has been altered Availability
Provide delivery assurance for each message so that a loss will not go undetected
Requirements for Secure E-commerce Key Management
All key information must be distributed and managed securely
Nonrepudiation Provide undeniable, end-to-end proof of each
message’s origin and recipient
Authentication Securely identify clients and servers with digital
signature and certificates
Client Computer Security This section outlines
security threats that may occur on client computers
how they work and how to protect against them
Active Content Active content refers to programs that are
embedded transparently in Web pages that cause actions to occur [Sch2004] E.g. displaying moving graphics and
downloading and playing audio In e-commerce it is used to place items in a
shopping cart and compute total invoice amounts
Active Content (I) Active content also
extends HTML functionality Since they are programs that run on client
computers they pose a security risk
Active Content (II) The best known examples are:
Cookies Java applets JavaScript VBScript ActiveX controls
Other examples include graphics, Web browser plug-ins and email attachments
Active Content (III) Since active content is embedded in Web
pages (e.g. scripting languages) they can be transparent to browsers of the Web page
Crackers for example can include a Trojan horse A Trojan horse is a program hidden inside
another program or Web page that masks its true purpose
Active Content (IV) A Trojan horse could
Send private information on the client’s computer back to a server (a secrecy violation)
Could alter or erase information on the client’s computer (an integrity violation)
Alternatively, a zombie attack is a program that takes over another computer to launch an attack on other computers
Cookies and Web Pages Allowing active content to be added to
Web Pages used for e-commerce can be dangerous since Cookies (files) frequently store credit card
numbers, usernames and passwords Information stored in cookies can be read by
the Server computer that stored then there See http://www.cookiecentral.com/
Cookies Cookies were designed to solve the
problem of the stateless nature of the HTTP protocol To save information between one session and
another
Cookies There are two types of time duration
cookies Session cookies
These exist until the Web client ends the session (or connection)
Persistent cookies These remain on the client’s computer indefinitely
E-commerce uses both types of these cookies
Cookies (I) Cookies can also be categorised by source:
First-party cookies are cookies put on the client computer by the Web server
Third-party cookies are cookies put on the client computer by some other Web site
The third-party Web site usually provides some content on the Web site being viewed
Cookies (II) These third party Web site can then track
visitors from one site to the next (because they have ads and cookies set up on many of these sites)
Cookies (III) To protect yourself against cookies (or
cookie monsters) is to Disable cookies altogether, however this will
stop some sites from functioning correctly Users would have to re-enter information every
time they visit the Web site Disable third-party cookies Or use a third-party cookie blocker program
that stores cookies selectively
Java Applets Applets are downloaded with Web pages and run
on client computers Once downloaded Java code can run on the
clients computer which introduces a security hole To counteract this Java has a security model
called the Java sandbox which prevents applets from performing certain functions
Also applets are classified as “untrusted” if they have not been established as being secure
Java Applets (I) When running in the sandbox Java applets
can not perform file input, output or delete operations
This scheme provides secrecy and integrity
JavaScript JavaScript is a scripting language developed by
Netscape When a Web page is downloaded and contains
embedded JavaScript code, it runs on the user’s (client) computer
This code can be used to attack the client’s computer destroy a user’s hard disk Disclose email stored in mailboxes Capture information stored in Web forms (e.g. credit card
information)
JavaScript (I) Try the following JavaScript code: <html> <body> <script type="text/javascript"> askmeagain(); function askmeagain() { alert("Ouch!"); askmeagain(); } </script> </body> </html>
ActiveX Controls An ActiveX control is an object that contains
programs Only runs on Windows operating system When downloaded the control is run on the
client’s computer like any other program They have full access to system resources
Can reformat hard disk Rename or delete files Shut down the computer
ActiveX Controls (I) Execution of ActiveX controls can not be
halted once started Web browsers can be configured to warn
users when ActiveX controls are about to be downloaded
Graphics and Plug-ins Graphics, browser plug-ins and email
attachments can include executable content Some graphic file formats contain special
instructions on how to render the graphic The embedded code can be used to attack
your computer Plug-ins enhance your browser’s
capabilities but can also pose a threat
Viruses, Worms and Antivirus Software A virus is software that attaches itself to another
program A macro virus is a type of virus that is coded as a
macro A worm is a type of virus that replicates itself on the
computer it affects Email attachments may include word processing files,
spreadsheets, databases, images which may contain viruses Viruses within Word and Excel macros (Visual Basic for
Applications) can damage your computer
Viruses, Worms and Antivirus Software Viruses tend to prey on operating system
(or Web server) vulnerabilities To counteract viruses
Ensure you have installed the latest security patches
Ensure that you are running the latest Antivirus software with the latest virus updates
Digital Certificates A digital certificate is an attachment to a
message which verifies the sender of the message It also provides a means of sending encrypted
messages
Digital Certificates (I) A digital certificate contains an encrypted
message that identifies the author Indicates whether the certificate is valid or
not This provides a way to sign a message
In many countries including Barbados this is accepted as a signature
Digital Certificates (II) Digital certificates are issued by a
certification authority (CA) To individuals or organisations Appropriate proof of identity must be
provided
Digital Certificates (III) A digital certificate contains six main elements
[Sch2004]: The certificate’s owner’s identifying information,
such as name, organisation and address The certificate owner’s public key Dates between which the certificate is valid Serial number of the certificate Name of the certificate issuer Digital signature of the certificate issuer
Digital Certificates (IV) One of the oldest and best know CA is
VeriSign
Communication Channel Security These threats come from various sources
including: Sniffer Programs Backdoors CyberVandalism Masquerading or Spoofing Denial-of-Service
Sniffer Programs These programs provide a means of
recording packets passing through a computer or router It is similar to telephone line tapping
Sniffer programs can Read email messages Read user logins and passwords Read credit card numbers
Backdoors Some e-commerce programs contain backdoors These backdoors are left intentionally or
unintentionally by software developers Backdoors provide a way for an unauthorised
user to gain access to protected information including: Credit card information Proprietary company information (which could be
sold for millions to competitors)
CyberVandalism This is the electronic defacing of Web site
pages Replace regular content
It’s parallel is the spraying of graffiti on public property
Masquerading or Spoofing This is when a person impersonates someone else
E.g. pretending that a Web site belongs to someone else, when it does not
On a domain name server a perpetrator might use a security hole in order to change the IP address of a given Web page
Any order entered on this new page could then be modified (e.g. change the shipping address of the goods) and the modified order sent to the original Web site.
Denial-of-Service Threat This threat disrupts normal computer
processing For example a zombie computer was used
to flood a Web site with packets This prevented legitimate users from using
the Web site This also may lead to a loss in business
Communication Channel Security (I) Solutions are provided in the form of
(discussed in the next section): Symmetric Encryption Asymmetric Encryption Digital Signatures Message Hashing Digital Certificates Secure Socket Layer
Server Computer Security Server vulnerabilities come from
Web servers and their software Backend programs such as
Databases programs
Web Server Threats The more complex this software the more
chance it contains errors which might lead to vulnerabilities
A Web server can compromise secrecy if it allows automatic directory listings
Passwords users select could be a threat since a dictionary attack might reveal it
Database Threats These databases store confidential
information Some databases store username/passwords
in unencrypted tables, or do not enforce security at all
Other Threats Threats may arise when programs are
executed by the server E.g. buffer overrun or buffer overflow
Buffers can overflow into critical memory locations causing the Web server to run an attacker’s program
Mail bombs cause mail servers to malfunction by overloading them with email
Physical Security All Web servers and associated machines require
physical protection Backup servers and store at remote locations
The use of fingerprint readers, and biometric security help provide physical security Writing pads that measure the pressure and form of
hand writing Eye scanners Palm scanners (entire palm rather than single finger)
Access Control Only allow permitted users to access
services. This can be controlled through Digital certificates
Ensure the digital signature is valid Check the time stamp on the digital certificate
Usernames and passwords
Firewalls For information on firewalls see: http://
scitec.uwichill.edu.bb/cmp/online/comp3210/presentations/AntonioArthur.ppt
References [Sch2004] Schneider, Gary, P.,
“Electronic Commerce: The second wave”, Thomson Course Technology, Fifth Annual Edition, 2004