Electronic Commerce COMP3210

Dr. Paul Walcott08/11/04

The Department of Computer Science Mathematics and Physics, University of the West Indies, Cave Hill Campus, Barbados

Contents Online Security Issues Client computer security Communication Channel Security Server Computer Security

Man-in-The-Middle Exploit Imagine sending an important containing

valuable information to a colleague A person intercepts this email and changes

its contents The intended recipient receives the email

and acts on the wrong information. This is called the man-in-the-middle

exploit

Definitions We first list a number of important definitions

[Sch2004]: Computer security is the protection of assets from

unauthorized access, use, alteration or destruction Physical security includes tangible protection

devices, such as alarms, guards, fireproof doors, and safes

Protection of assets using nonphysical means is called logical security

Definitions (I) A security threat is any act or object that poses a

danger to computer assets Countermeasure is the general name for a

procedure, either physical or logical, that recognises, reduces, or eliminates a threat

An eavesdropper is a person or device that can listen in on and copy Internet transmissions

Crackers/hackers are people who write software to gain unauthorised access to computers and networks

Physical Security In the old days (50 years ago), computer

security was more about physical security Security guards Security badges Alarm systems Surveillance systems

All terminals tended to be dumb and computers were not networked

Managing Risk It does not make sense to protect against

threats that are deemed low risk – especially if the cost to protect the asset exceeds the cost of the asset Example: it would be sensible to protect a

network from a hurricane in Barbados, but not protect it from low (below 0 degrees) temperatures

Risk Management Model

Contain and control

I

III

Ignore

Prevent

II

IV

Insurance or backup plan

High probability

Low probability

Low impact (cost)

High impact (cost)

Risk Management Model (I) This model shows four actions an

organisation can take depending on the cost and probability of the physical threat

In this model The threat posed by a hurricane in Barbados

would be in quadrant II The threat posed by temperatures dropping

below freezing would be in quadrant IV

Good Security Schemes To implement a good security scheme you

must Identify risks Determine how to protect those assets at risk Calculate the amount to spend to protect

against the identified risks

Computer Security Classifications There three main security classifications:

Secrecy Protecting against unauthorised access

Integrity Protecting against unauthorised modification

Necessity (denial of service/or avaliability) Preventing data delays or denials (removals); e.g. if

important information had to be received at a given time but a hacker delayed it by flooding an e-mail sever with email

Security Policy Every company concerned about protecting

its assets should have a security policy This is a document which describes

Which assets require protection and why The person who is responsible for protecting

it And which behaviours are permissible and

which are not

Security Policy (I) The security policy typically addresses:

Physical security Network security Access authorisation Virus protection And disaster recovery

This document should be updated regularly

Requirements for Secure E-commerce Secrecy

Prevent unauthorised individuals from reading messages and business plans, obtaining credit card numbers or accessing confidential information

Integrity Provide a way of digitally determining whether

information has been altered Availability

Provide delivery assurance for each message so that a loss will not go undetected

Requirements for Secure E-commerce Key Management

All key information must be distributed and managed securely

Nonrepudiation Provide undeniable, end-to-end proof of each

message’s origin and recipient

Authentication Securely identify clients and servers with digital

signature and certificates

Client Computer Security This section outlines

security threats that may occur on client computers

how they work and how to protect against them

Active Content Active content refers to programs that are

embedded transparently in Web pages that cause actions to occur [Sch2004] E.g. displaying moving graphics and

downloading and playing audio In e-commerce it is used to place items in a

shopping cart and compute total invoice amounts

Active Content (I) Active content also

extends HTML functionality Since they are programs that run on client

computers they pose a security risk

Active Content (II) The best known examples are:

Cookies Java applets JavaScript VBScript ActiveX controls

Other examples include graphics, Web browser plug-ins and email attachments

Active Content (III) Since active content is embedded in Web

pages (e.g. scripting languages) they can be transparent to browsers of the Web page

Crackers for example can include a Trojan horse A Trojan horse is a program hidden inside

another program or Web page that masks its true purpose

Active Content (IV) A Trojan horse could

Send private information on the client’s computer back to a server (a secrecy violation)

Could alter or erase information on the client’s computer (an integrity violation)

Alternatively, a zombie attack is a program that takes over another computer to launch an attack on other computers

Cookies and Web Pages Allowing active content to be added to

Web Pages used for e-commerce can be dangerous since Cookies (files) frequently store credit card

numbers, usernames and passwords Information stored in cookies can be read by

the Server computer that stored then there See http://www.cookiecentral.com/

Cookies Cookies were designed to solve the

problem of the stateless nature of the HTTP protocol To save information between one session and

another

Cookies There are two types of time duration

cookies Session cookies

These exist until the Web client ends the session (or connection)

Persistent cookies These remain on the client’s computer indefinitely

E-commerce uses both types of these cookies

Cookies (I) Cookies can also be categorised by source:

First-party cookies are cookies put on the client computer by the Web server

Third-party cookies are cookies put on the client computer by some other Web site

The third-party Web site usually provides some content on the Web site being viewed

Cookies (II) These third party Web site can then track

visitors from one site to the next (because they have ads and cookies set up on many of these sites)

Cookies (III) To protect yourself against cookies (or

cookie monsters) is to Disable cookies altogether, however this will

stop some sites from functioning correctly Users would have to re-enter information every

time they visit the Web site Disable third-party cookies Or use a third-party cookie blocker program

that stores cookies selectively

Java Applets Applets are downloaded with Web pages and run

on client computers Once downloaded Java code can run on the

clients computer which introduces a security hole To counteract this Java has a security model

called the Java sandbox which prevents applets from performing certain functions

Also applets are classified as “untrusted” if they have not been established as being secure

Java Applets (I) When running in the sandbox Java applets

can not perform file input, output or delete operations

This scheme provides secrecy and integrity

JavaScript JavaScript is a scripting language developed by

Netscape When a Web page is downloaded and contains

embedded JavaScript code, it runs on the user’s (client) computer

This code can be used to attack the client’s computer destroy a user’s hard disk Disclose email stored in mailboxes Capture information stored in Web forms (e.g. credit card

information)

JavaScript (I) Try the following JavaScript code: <html> <body> <script type="text/javascript"> askmeagain(); function askmeagain() { alert("Ouch!"); askmeagain(); } </script> </body> </html>

ActiveX Controls An ActiveX control is an object that contains

programs Only runs on Windows operating system When downloaded the control is run on the

client’s computer like any other program They have full access to system resources

Can reformat hard disk Rename or delete files Shut down the computer

ActiveX Controls (I) Execution of ActiveX controls can not be

halted once started Web browsers can be configured to warn

users when ActiveX controls are about to be downloaded

Graphics and Plug-ins Graphics, browser plug-ins and email

attachments can include executable content Some graphic file formats contain special

instructions on how to render the graphic The embedded code can be used to attack

your computer Plug-ins enhance your browser’s

capabilities but can also pose a threat

Viruses, Worms and Antivirus Software A virus is software that attaches itself to another

program A macro virus is a type of virus that is coded as a

macro A worm is a type of virus that replicates itself on the

computer it affects Email attachments may include word processing files,

spreadsheets, databases, images which may contain viruses Viruses within Word and Excel macros (Visual Basic for

Applications) can damage your computer

Viruses, Worms and Antivirus Software Viruses tend to prey on operating system

(or Web server) vulnerabilities To counteract viruses

Ensure you have installed the latest security patches

Ensure that you are running the latest Antivirus software with the latest virus updates

Digital Certificates A digital certificate is an attachment to a

message which verifies the sender of the message It also provides a means of sending encrypted

messages

Digital Certificates (I) A digital certificate contains an encrypted

message that identifies the author Indicates whether the certificate is valid or

not This provides a way to sign a message

In many countries including Barbados this is accepted as a signature

Digital Certificates (II) Digital certificates are issued by a

certification authority (CA) To individuals or organisations Appropriate proof of identity must be

provided

Digital Certificates (III) A digital certificate contains six main elements

[Sch2004]: The certificate’s owner’s identifying information,

such as name, organisation and address The certificate owner’s public key Dates between which the certificate is valid Serial number of the certificate Name of the certificate issuer Digital signature of the certificate issuer

Digital Certificates (IV) One of the oldest and best know CA is

VeriSign

Communication Channel Security These threats come from various sources

including: Sniffer Programs Backdoors CyberVandalism Masquerading or Spoofing Denial-of-Service

Sniffer Programs These programs provide a means of

recording packets passing through a computer or router It is similar to telephone line tapping

Sniffer programs can Read email messages Read user logins and passwords Read credit card numbers

Backdoors Some e-commerce programs contain backdoors These backdoors are left intentionally or

unintentionally by software developers Backdoors provide a way for an unauthorised

user to gain access to protected information including: Credit card information Proprietary company information (which could be

sold for millions to competitors)

CyberVandalism This is the electronic defacing of Web site

pages Replace regular content

It’s parallel is the spraying of graffiti on public property

Masquerading or Spoofing This is when a person impersonates someone else

E.g. pretending that a Web site belongs to someone else, when it does not

On a domain name server a perpetrator might use a security hole in order to change the IP address of a given Web page

Any order entered on this new page could then be modified (e.g. change the shipping address of the goods) and the modified order sent to the original Web site.

Denial-of-Service Threat This threat disrupts normal computer

processing For example a zombie computer was used

to flood a Web site with packets This prevented legitimate users from using

the Web site This also may lead to a loss in business

Communication Channel Security (I) Solutions are provided in the form of

(discussed in the next section): Symmetric Encryption Asymmetric Encryption Digital Signatures Message Hashing Digital Certificates Secure Socket Layer

Server Computer Security Server vulnerabilities come from

Web servers and their software Backend programs such as

Databases programs

Web Server Threats The more complex this software the more

chance it contains errors which might lead to vulnerabilities

A Web server can compromise secrecy if it allows automatic directory listings

Passwords users select could be a threat since a dictionary attack might reveal it

Database Threats These databases store confidential

information Some databases store username/passwords

in unencrypted tables, or do not enforce security at all

Other Threats Threats may arise when programs are

executed by the server E.g. buffer overrun or buffer overflow

Buffers can overflow into critical memory locations causing the Web server to run an attacker’s program

Mail bombs cause mail servers to malfunction by overloading them with email

Physical Security All Web servers and associated machines require

physical protection Backup servers and store at remote locations

The use of fingerprint readers, and biometric security help provide physical security Writing pads that measure the pressure and form of

hand writing Eye scanners Palm scanners (entire palm rather than single finger)

Access Control Only allow permitted users to access

services. This can be controlled through Digital certificates

Ensure the digital signature is valid Check the time stamp on the digital certificate

Usernames and passwords

Firewalls For information on firewalls see: http://

scitec.uwichill.edu.bb/cmp/online/comp3210/presentations/AntonioArthur.ppt

References [Sch2004] Schneider, Gary, P.,

“Electronic Commerce: The second wave”, Thomson Course Technology, Fifth Annual Edition, 2004