Chapter 5: The E-commerce Security Environment

Security in EC payments
In the electronic payment field, “security” is the criterion which is concerned by many actors.
Besides, other requirements need to be taken into account.
The fundamental requirements for a successful, secure transaction are: privacy, integrity,
authentication, authorization and non-repudiation. The privacy issue is: How do you ensure that
the information you transmit over the Internet has not been captured or passed to a third party without
your knowledge? The integrity issue is: How do you ensure that the information you send or receive
has not been compromised or altered? The authentication issue is: How do the sender and receiver
of a message verify their identities to each other? The authorization issue is: How do you manage
access to protected resources on the basis of user credentials? The non-repudiation issue is: How
do you legally prove that a message was sent or received? Network security must also address the
issue of availability. How do we ensure that the network, and the computer systems to which it
connects, will operate continuously?

Two main issues need to be considered under the topic of payment security: what is required in
order to make EC payments safe, and the methods that can be used to do it.

i. Security requirements- Security requirements for conducting EC are:

 Authentication (also referred to as Identification or Validity):
The buyer, the seller, and the paying institutions must be assured of the identity of the parties with
whom they are dealing. The purpose is to verify the parties in the transaction: a buyer and a
merchant. In the network environment where lacking face to face meeting, buyer can’t observe the
merchant’s behavior and vice versa. Therefore, there is a risk of misrepresentation, so the
identification can prevent this problem, making unauthorized transfers and increase trust between
parties
 Privacy (also referred to as Confidentiality):
Only necessary transaction information is revealed to the parties, other data remains unknown. The
purpose is to protect the anonymity of the buyer and prevent unauthorized personnel from
accessing information from the transactions. For instance, the merchant should not know a
customer's card number when an intermediary provides him with a payment certification. The
intermediary, in turn, is not supposed to be informed of purchase details.
 Non-repudiation. Merchants need protection against the customer’s unjustified denial of
placing an order. (Such denial is called repudiation.) On the other hand, customers need
protection against merchants’ unjustified denial of payments made. The purpose is to prevent
the buyer or the merchant from denying the commitments they made in a transaction.

1
 Authorization type: This is the ability of a system to perform payments with or without
connecting to a central authority. Authorization type can be offline or online. Offline
authorization type means that users of the system can exchange money not being connected to
a network, without a third party as a mediator.
 Availability: ability to ensure that an e-commerce site continues to function as intended
 Integrity. It is necessary to ensure that data and information transmitted in EC, such as orders,
reply to queries and payment authorization, are not accidentally or maliciously altered or
destroyed during transmission.
Security Threats in the E-commerce Environment
◼ Most common threats:
▪ Malicious code ▪ Spoofing (pharming)
▪ Phishing ▪ Denial of service attacks
▪ Hacking and cyber vandalism ▪ Sniffing
▪ Credit card fraud/theft ▪ Insider jobs
Malicious Code
◦ Viruses: computer program that has ability to replicate and spread to other files; most also
deliver a “payload” of some sort (may be destructive or benign). Virus often sent as e-mail
attachments or disguised as audio clips, video clips and games that attach to or overwrite
other programs in order to replicate themselves.
◦ Worms: A small program that self-replicates and transfers across a network from machine
to machine (computer to computer). Worms are similar to viruses, but a worm can spread
and infect files on its own over a network; worms do not need to be attached to another
program to spread.
◦ Trojan horse: appears to be benign, but then does something other than expected.
-A program hidden inside another program or Web page that masks its true purpose (usually
destructive).
◦ Bots: can be covertly installed on computer; responds to external commands sent by the
attacker
Phishing
◦ Any deceptive, online attempt by a third party to obtain confidential information for
financial gain
◦ Most popular type: e-mail scam letter
◦ One of fastest growing forms of e-commerce crime
Hacking and Cybervandalism
◦ Hacker: Individual who intends to gain unauthorized access to computer systems
◦ Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably)
◦ Cybervandalism: Intentionally disrupting, defacing or destroying a Web site
Credit Card Fraud
• Fear that credit card information will be stolen deters online purchases

2
 • Hackers target credit card files and other customer information files on merchant servers;
use stolen data to establish credit under false identity
• One solution: New identity verification mechanisms
Spoofing (Pharming)
• Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else.
Threatens integrity of site; authenticity
DoS and dDoS Attacks (Security Attacks)
◦ Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate
and overwhelm network.
◦ Occurs when a network or server is flooded with data packets. The influx of data greatly
increases the traffic on the network, overwhelming the servers and making it impossible
for legitimate users to download information.
◦ Distributed denial of service (dDoS) attack: hackers use numerous computers to attack
target network from numerous launch points.
◦ Occurs when an unauthorized user gains illegitimate control of a network of computers
(usually by installing viruses on them), then all the computers simultaneously attack a
single target. These attacks cause networked computers to crash or disconnect from the
network, making services unavailable for legitimate users.

Sniffing: Type of eavesdropping program that monitors information traveling over a network;
enables hackers to steal proprietary information from anywhere on a network
Insider jobs: Single largest financial threat
ii. Security protection (tools)- Several methods and mechanisms can be used to fulfill the
security requirements.
Technology Solutions:
i. Protecting Internet communications (encryption)
ii. Securing channels of communication (SSL, S-HTTP, VPNs)
iii. Protecting networks (firewalls)
iv. Protecting servers and clients

Protecting Internet Communications: Encryption

Public-Key Cryptography
Encryption: The process of transforming plain text or data into cipher text that cannot be read by
anyone other than the sender and receiver
Cryptography transforms data by using a cipher, or cryptosystem (a mathematical algorithm for
the encryption of messages). Algorithm is a computer science term for a “procedure.” A key means
(a string of digits or letters that acts as a password in the cipher). Unencrypted data is known as plain

3
text, whereas encrypted data is called cipher text. Only the intended recipients should possess the
corresponding key to decrypt the cipher text into plaintext.
• Purpose: Secure stored information and information transmission
• Provides: Message integrity, Non-repudiation, Authentication and Confidentiality
 Symmetric Key Encryption
Formerly, organizations that wished to maintain a secure computing environment used symmetric
cryptography, also known as secret-key cryptography. Secret-key cryptography both the sender
and receiver use the same digital key to encrypt and decrypt message. When employing such
cryptography, the sender encrypts a message using the secret key, then sends the encrypted message
and the symmetric secret key to the intended recipient. However, problems with this method arise
because, before two people can communicate securely, they must find a secure way to exchange
the secret key. The privacy and integrity of the message could be compromised if the key is
intercepted as it is transmitted from sender to recipient over unsecure channels. In addition, since
both parties in the transaction use the same key to encipher and decipher a message, it is impossible
to authenticate which party created the message.

 Public-key cryptography
In 1976, Whitfield Diffie and Martin Hellman, researchers at Stanford University, developed
Public key cryptography to solve the problem of exchanging keys securely. Public key
cryptography solves symmetric key encryption problem of having to exchange secret key. Public-
key cryptography is asymmetric. It uses two inversely related keys: a public key and a private
key. The private key is kept secret by its owner, whereas the public key is freely distributed (widely
disseminated). If the public key is used to encrypt a message, only the corresponding private key
can decrypt it. Both keys are used to encrypt and decrypt message. Once key is used to encrypt
message, same key cannot be used to decrypt message. For example, sender uses recipient’s public
key to encrypt message; recipient uses his/her private key to decrypt it.
 Public Key Encryption Using Digital Signatures and Hash Digests

Digital signatures, the electronic equivalent of written signatures, are used in public-key
cryptography to solve authentication and integrity problems. A digital signature authenticates the
sender’s identity, and, like a written signature, it is difficult to forge. To create a digital signature,
a sender first runs a plaintext message through a hash function, which is a mathematical calculation
that gives the message a hash value. For example, you could take the plaintext message “Buy 100

4
shares of company X,” run it through a hash function and get a hash value of 42. The hash function
could be as simple as adding up all the 1s in a message, although it is usually more complex. The
hash value is also known as a message digest. The chance that two different messages will have
the same message digest is statistically insignificant. Collision occurs when multiple messages
have the same hash value. However, it is computationally infeasible to compute a message from
its hash value or to find two messages with the same hash value for hash algorithms commonly
used today.

Either the public key or the private key can be used to encrypt or decrypt a message. For example,
if a customer uses a merchant’s public key to encrypt a message, only the merchant can decrypt
the message, using the merchant’s private key. Thus, the merchant’s identity can be authenticated,
since only the merchant knows the private key. However, the merchant has no way of validating
the customer’s identity, since the encryption key the customer used is publicly available.

Figure 1: Public Key Cryptography with Digital Signatures

These two methods of public-key encryption can be used together to authenticate both participants
in a communication. Suppose a merchant wants to send a message securely to a customer so that
only the customer can read it, and suppose also that the merchant wants to provide proof to the

5
customer that the merchant (not an unknown third party) actually sent the message. First, the
merchant encrypts the message using the customer’s public key. This step guarantees that only the
customer can read the message. Then the merchant encrypts the result using the merchant’s private
key, which proves the identity of the merchant. The customer decrypts the message in reverse
order. First, the customer uses the merchant’s public key. Since only the merchant could have
encrypted the message with the inversely related private key, this step authenticates the merchant.
Then the customer uses the customer’s private key to decrypt the next level of encryption. This
step ensures that the content of the message was kept private in the transmission, since only the
customer has the key to decrypt the message. Although this system provides extremely secure
transactions, the setup cost and time required discourage widespread use.

 Public Key Infrastructure

One problem with public-key cryptography is that anyone with a set of keys could potentially
assume another party’s identity. For example, imagine that a customer wants to place an order with
an online merchant. How does the customer know that the Web site indeed belongs to that
merchant and not to a third party who is masquerading as the merchant to steal credit-card
information? Public Key Infrastructure (PKI) integrates public-key cryptography with digital
certificates and certificate authorities to authenticate parties in a transaction. Wireless PKI (WPKI)
is a security protocol specifically for wireless transmissions. Like regular PKI, WPKI
authenticates users via digital certificates and encrypts messages using public-key cryptography.
The system also ensures nonrepudiation.

Let’s look at an example: Clarissa (C) wants to assure David (D) that she is the author of a message.
She encrypts the message with D’s public key. In addition, C encrypts a signature with her own
private key. The signature, called a digital signature, is attached to the original message. D uses
C’s public key to decrypt the signature and his private key to read the message. We still face one
problem: How do we assure Clarissa that the public key she uses really belongs to David? And
how can David be sure that the public key he has used to verify Clarissa’s signature really belongs
to Clarissa? Such assurances are provided by electronic certificates.
Digital certificates are digital documents issued by a certification authority (CA). A digital
certificate includes the name of the subject (the company or individual being certified), the
subject’s public key, a serial number, an expiration date, the signature of the trusted certification

6
authority and any other relevant information. ACA is a financial institution or other trusted third
party, such as VeriSign. Because the CA assumes responsibility for authentication, it must check
information carefully before issuing a digital certificate. Once issued, digital certificates are

Securing Channels of Communication (SSL, VPNs)

 S e c u r e Socket s Laye r ( SSL)
Currently, most e-businesses use SSL for secure online transactions, although SSL is not designed
specifically for securing transactions. Rather, SSL secures World Wide Web connections. The
Secure Sockets Layer (SSL) protocol, developed by Netscape Communications, is a non-
proprietary protocol commonly used to secure communication between two computers on the
Internet and the Web.
 Virtual Private Networks (VPNs)
Networks allow organizations to link multiple computers together. Local area networks (LANs)
connect computers that are physically close, generally in the same building. Wide area networks
(WANs) are used to connect computers in multiple locations using private telephone lines or radio
waves. Organizations are now taking advantage of the existing infrastructure of the Internet—the
publicly available wires—to create Virtual Private Net-works (VPNs). VPNs connect multiple
networks, wireless users and other remote users. It allows remote users to securely access internal
networks via the Internet, using Point-to-Point Tunneling Protocol (PPTP).

Protecting Networks: Firewalls and Proxy Servers

◼ Firewall: Hardware or software filters communications packets and prevents some packets
from entering the network based on a security policy. Firewall methods include: Packet
filters and Application gateways.
Packet filters
▪ It uses a set of rules to determine whether outgoing or incoming data packets are allowed to
pass through the firewall.
▪ For example, we can, as a rule, specify IP addresses of sending devices such that packets from
these IP addresses are not allowed to enter the network.
▪ The Firewall would stop them from entering. A packet filter firewall is the simplest type of
firewalls which operates at data link and network layers of the OSI model
Application gateways
◦ It operates at application layer of the OSI Model.

7
◦ It uses strong user authentication to verify identity of a host attempting to connect to the
network using application layer protocols such us FTP.
◦ In contrast to packet filter firewall, it filters the requests rather than packets entering/leaving
the network.
◦ It can block any outgoing HTTP or FTP requests.
◦ It can prevent employees of a company inside a firewall from downloading potentially
dangerous programs from the outside.
◦ In other words, this type of firewall is used to control connections thus employees of a
company can be restricted from connecting to certain web sites
◼ Proxy servers: Software servers that handle all communications originating from or being
sent to the Internet
Protecting Servers and Clients
◼ Operating system security enhancements
– Upgrades
◼ Anti-virus software
– Easiest and least expensive way to prevent threats to system integrity
– Requires daily updates