E-COMMERCE

SECURING THE BUISNESS ON INTERNET:

Security is an essential part of any transaction that takes place over the internet. Customers will
lose his/her faith in e-business if its security is compromised. Following are the essential
requirements for safe e-payments/transactions −
 Confidentiality − Information should not be accessible to an unauthorized person. It
should not be intercepted during the transmission.

 Integrity − Information should not be altered during its transmission over the network.

 Availability − Information should be available wherever and whenever required within a
time limit specified.

 Authenticity − There should be a mechanism to authenticate a user before giving
him/her an access to the required information.

 Non-Repudiability − It is the protection against the denial of order or denial of
payment. Once a sender sends a message, the sender should not be able to deny sending
the message. Similarly, the recipient of message should not be able to deny the receipt.

 Encryption − Information should be encrypted and decrypted only by an authorized
user.

 Auditability − Data should be recorded in such a way that it can be audited for integrity
requirements.

Measures to ensure Security

Major security measures are following −
 Encryption − It is a very effective and practical way to safeguard the data being
transmitted over the network. Sender of the information encrypts the data using a secret
code and only the specified receiver can decrypt the data using the same or a different
secret code.

 Digital Signature − Digital signature ensures the authenticity of the information. A
digital signature is an e-signature authenticated through encryption and password.

 Security Certificates − Security certificate is a unique digital id used to verify the
identity of an individual website or user.
 E-COMMERCE

SECURITY POLICY:
A security policy is a formal statement of the rules bu which people with access to an
organization’s technology and information assets must abide, to ensure the security of these
assets. It provided a framework for making specific decisions such as which defense
mechanisms to use and how to configure services. It is the basis for developing secure
programming guidelines and procedures, for users and system administration to follow.

A security policy generally covers the following aspects:

 High level description of the technical environment of the site, the legal environment
(governing laws), the authority of the policy, and the basic philosophy to be used when
 interpreting the policy.
 Risk analysis to identify the site’s assets, the threats existing against those assets, and the
 costs of asset loss
  Guidelines for system administrators on how to manage the systems
  Definition of acceptable use for users
 Guidelines for reacting to a site compromise (eg., whether to trace the intruder or
shutdown and rebuild the system)
A successful security policy involves many contributing factors like management commitment,
technological support for enforcing the policy, effective dissemination of the policy, and the
security awareness of all users. Management assigns responsibility for security and ensures that
security personnel are adequately trained. Technological support for the security policy includes
options like:

  Challenge/response systems for authencation

  Encryption systems for confidential storage and transmission of data
  Network tools such as firewalls and proxy servers
 Auditing systems for accountability and event reconstruction
Security related procedures
Procedures are specific steps to be followed, based on the security policy. Procedures address
topics such as connecting to the site’s system from home or while travelling, retrieving program
from the network, using encryption, authentication for issuing accounts, configuration and
monitoring.
Security practices
System administration practices play a keyrole in network security. Some commonly
recommended practices are:

 Implement a one-time password system, ensure that all accounts have a password and
these passwords are difficult to guess
 E-COMMERCE

 Use strong cryptographic techniques to ensure the integrity of the system software on a
 regular basis
  Use safe programming techniques when writing software
 Make appropriate changes to the network configuration when vulnerabilities become
 known
  Keep the systems current with upgrades and patches
  Check for the security alerts and technical advice regularly
 Audit systems and networks, and regularly check logs for detecting an intrusion
Security remains the biggest obstacle for many individual and organization reposing full faith in
the Information Superhighway. It is a major issue facing organizations today.
Transaction Security
In the electronic commerce environment the transaction take place over the network. During the
various phases of an electronic transaction the information such as product specification, order
details, payment and delivery information travels over the Internet. The transaction information
transmitted over the public Internet can be tapped, intercepted, diverted, modified and fabricated
by an intruder trying to gain some benefit or cause damages to competing business. The intruder
may be interested in seeking the confidential information about the competing business entities
or may even be interested in misguiding to cause losses to competing business or gain benefit
from such an act. The intruding activities can be broadly classified into two categories- passive
and active intrusion.
In passive intrusion, transmissions on the network are eavesdropped on or monitored. The
motive of the attacker is to obtain the information, resulting in the loss of confidentiality and the
privacy of the data. Passive attacks are difficult to detect, as the data is not altered. Hence the
emphasis is on prevention of such attacks rather than detecting them. For example, data can be
scrambled using an encryption technique so that even if the intruder is able to intercept the
message, no meaningful information can be extracted from it.
Active attacks involve mutation of data or generation of counterfeit messages. The motive of
the attacker is prevent messages from reaching their intended destination; to masquerade as
another entity and get access to restricted information; or to feed another user with falsified
information, with the aim of misleading the person. Active attacks are easier to detect as
compared to their passive counterparts. For example, a cryptographic checksum can accompany
each message. If the message is altered during the passage in any manner, the tampering can be
detected because of the violation of the checksum. In the context of the communication over a
network, the following attacks can be identified:
Network Transaction Security issues
Disclosure: Release of message contents to any person not authorized to see them or not
possessing the appropriate cryptographic key.
 E-COMMERCE

Traffic Analysis: It refers to the discovery of the pattern of traffic between parties. In a
connection-oriented application, the frequency and duration of connections could be determined.
In either a connection-oriented or connectionless environment, the number and length of
message between parties could be determined.
Masquerade: It refers to insertion of messages into the network, from a fraudulent source. This
includes the creating of messages by an opponent, that are purported to come from an authorized
entity. Also included are fraudulent acknowledgements of message receipt or non-receipt by
someone other than the message recipient

Content Modification: Changes to the contents of a message, including insertion, deletion,

transposition, or modification
Sequence Modification: It refers to modification of the sequence of messages between parties,
including insertion, deletion and reordering of some sequenced packets, by the intruder, during
transmission.
Timing modification: It refers to delayed messages, or also replay of old message sequences,
that were recorded by intruder in an earlier transaction. In an connection-oriented application, an
entire session or sequence of messages corresponding to a full session could be recorded by an
intruder, later replayed. The destination may think of it as a valid session and carry out the
indicated transactions one more time. Also, both in connection and connectionless services the
individual messages in a sequence could be delayed.
Repudiation: It refers to the denial of the receipt of message by the destination or the denial of
transmission of message by the source.
Security Services
In the transactional internet environment, it is important to ensure the security of transactions as
they travel over the network. As stated above, transactions may be subjected to passive or active
intrusion. Passive intrusion threatens the loss of privacy and confidentiality of data, but and
active intrusion may result in the in the intruder assuming someone else identity and creating
transactions on their behalf, through fabrication. The active intruder may also modify the content
of the transaction. For example, an order being placed for 1000 items may be modified to 10,000
items that may later result in conflict between business parties, and subsequent loss of money ass
well as trust. For developing trust in the electronic commerce environment, for transactions to
take place, the following five issues are important.
Authentication:
Simply stated, authentication is the process of verifying the identity of a person from whom
the communication message emanated. In the case of a single message, authentication assures
the recipient that the communication partner is no an imposter, and that the text of the message
itself has not been altered.
 E-COMMERCE

In case of an ongoing interaction, such as the connection of a remote terminal to a host, there
are two aspects of this service:
1. At the time of initiation of a connection, the verification of the two participating
entities, i.e., establishing that each of them is the same entity what they claim to be.
2. The connection is not interfered with, insuch a way that a third party can masquerade
as one of the two legitimate parties, for purposes of unauthorized transmission or
reception.

Integrity:
Integrity means that it should be possible for the receiver of a message to verify that the
message has not been tampered with, while in transit. An intruder should not be able to
substitute a false message for a legitimate one. In other words, no one should be able to add,
delete or modify any part of the message during transmission. The receiver should be in a
position to verify, in case any tampering has taken place in the message stream. The integrity of
the message prevents any intentional or unintentional modification of the message through the
use of error detection codes, checksums and sequence numbering, time-stamping and
encryption, and hashing techniques. Error detection codes and checksums computed on fields, or
entire messages, help in detecting, and sometimes even correcting, errors that may have crept in
during transmission. Sequence numbering and time-stamping protects against reordering,
replaying, and loss of part of the message. Encryption techniques can be used for detecting the
tampering of messages.
Algorithms such as Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) compute a
hash code of a fixed size, for any given message. The code computed by these algorithms is
guaranteed to be unique. In order to ensure integrity the sender may send the message and the
computed hash code as well. The receiving side, on receiving the message, can also compute the
hash code of the received message. In case of a tampered message, the two hash codes the one
computed at the receiver’s end and the one provided by the sender, will not match.
Non-repudiation:
Non repudiation prevents either the sender or the receiver from denying a transmitted
message and files or data, when in fact they did. When a message is sent, the receiver can prove
that the message was in fact sent by the alleged sender. Similarly, when a message us receive, the
sender can prove that the message was in fact received by the alleged receiver. In a business
transaction, the legal framework ensures that no party is in position to unilaterally repudiate the
transaction. But, for legal purposes an agreement should be signed by the parties. However, in
the electronic commerce environment, as transactions take place over the network, only digital
content, rather than physically signed documents, may exist.
 E-COMMERCE

In such a situation, let us say a customer places an order for 100 shares of XYZ Corporation,
at Rs.100 per share. The stock broker executes the order, but later on the same day price drops
down to Rs.10 per share. If the transaction was placed electronically, the customer may deny
placing the order. A similar repudiation can take place from a greedy broker, who may discover
the price for the shares have gone up to Rs.500 per share. In either of situation, authentication
and integrity play a role, but in addition the electronic commerce environment has to guard
against repudiation by introducing fool-proof, digitally signed contacts and agreements that can
be validated by the legal infrastructure, to offer a repudiation-free business environment.

Confidentiality:

Confidentiality is the protection of transmitted data, from passive attacks. When a message is
transmitted over the communication channel, it can be intercepted at any point in between,
through wiretapping or with the help of computer programs. Confidentiality ensures that the
contents of a message are not leaked or revealed to a hacker as it travels to its destination. In the
electronic commerce environment, the confidentiality of payment information and ordering
details are of utmost concern. Similarly, in case of business partners and associates sharing
sensitive information over the network, a competitor may like to have access to the information.
Since, the internet environment is quite susceptible to passive intrusion, as the packets pass
through variety of host computers, confidentiality is usually ensured by encrypting information.

Authorization:

Systems connected on the internet share information over the network, among a variety of
users. The authentication process ensures the correct identification of the user and letting him/her
in, but all the information on an system may not be shared with all users. Authorization pertains
to the permission granted to a person or a process to do certain things. Privileges are associated
with sensitive information stored on hosts. Authentication ascertains that the user is who he
claims to be, while authorization ascertains the rights of the claimant to access the information,
before presenting the data to him.

The confidentiality of messages in electronic commerce can be handled by encrypting the

message prior to transmitting it over the network, and finally decrypting it at the destination.
Cryptography, the science of encryption, can be used for addressing a variety of issues related to
secure communication over the network.

Cryptology in E-commerce:
Cryptographic primitives
The above cryptographic services can be realized by several cryptographic primitives: we
distinguish between primitives for encryption, primitives for authentication, and cryptographic
 E-COMMERCE

protocols. Encryption primitives can be used to provide confidentiality, authentication primitives

can be used to provide data authentication. We will also discuss protocols for user authentication
and for key management.
Encryption primitives
In cryptography one often makes use of encryption. With encryption we transform the clear-text
(or plaintext) into cipher-text. To get back to the original text, we apply the inverse
transformation, called decryption. These transformations themselves are public: this makes it
possible to analyze these algorithms and to develop efficient implementations. However they use
a secret parameter: the keys which are known only by the sender and/ or the receiver.
This key is the only thing one needs to know in order to encipher or decipher. Thus it is really
important to manage one’s keys and keep them secret where necessary.
We discuss two types of encryption primitives, symmetric or conventional ciphers and
asymmetric or public-key ciphers.
Symmetric ciphers
Basically there are two kinds of encryption-schemes. The oldest ones and most used until now
are the symmetric ciphers. In these schemes, the key used to decipher the cipher-text is equal to
the one used to encipher the plaintext.
The best known cipher in this category is the Data Encryption Standard (DES) that was adopted
in 1977 by the American NBS (National Bureau of Standards) as FIPS 46. Since then it has been
used all over the world and until now no major flaws have been discovered.
Asymmetric ciphers
The asymmetric or public-key ciphers are the most recent cryptographic tools. In contrary to the
symmetric systems the key used to encipher and the one used to decipher are different. Each
partner thus has two keys. He keeps one key secret and makes the other one public. If A wants to
send a message to B, he just enciphers it with B’s public key. Since B is the only one who has
access to the secret key, B is the only one who can decipher the message and read the contents.
The most popular public-key cipher is the RSA system (RSA stands for Rivest, Shamir and
Adleman, the names of the three inventors). The security of this scheme is related to the
mathematical problem of factorization: it is easy to generate two large primes and to multiply
them, but given a large number that is the product of two primes, it requires a huge amount of
computation to find the two prime factors.
Symmetric versus asymmetric ciphers
The biggest drawback of the asymmetric systems up until now has been the relative low
performance compared to the symmetric ones.
Public-key systems provide significant benefits in terms of key management: if every user
generates his own key, only an authentic channel is required, eliminating (expensive) secret
channels like couriers.
In systems without a central trusted server, the number of keys can be reduced. Indeed, suppose
we have a network of n users each of whom wanting to communicate with the others. Since each
communication requires a secret key, the total number of keys required equals n*(n-1)/2.
 E-COMMERCE

Authentication primitives
One-way functions and hash codes
A one-way function is defined as a function f such that for every x in the domain of f, f(x) is easy
to compute; but for virtually all y in the range of f, it is computationally infeasible to find an x
such that y=f(x). In addition one requires that it is hard to find a second pre-image: given an x
and the corresponding value of f(x), it should be hard to find an x’ different from x which has the
same image under f. One-way functions are used to protect passwords: one will store a one-way
image of the password in the computer rather than the password itself. One applies then the
oneway function to the input of the user and verifies whether the outcome agrees with the value
stored in the table.
A hash function is a function which maps an input of arbitrary length into a fixed number of
output bits. In order to be useful for cryptographic applications, a hash function has to satisfy
some additional requirements. One can distinguish two types of hash functions. A MAC
(Message Authentication Code) that uses a secret key, and an MDC (Manipulation Detection
Code) that works without a key. For a MAC one requires that it should be impossible to compute
the MAC without knowledge of the secret key. For an MDC one requires that it is a one-way
function, and - in most cases - that it is collision resistant, which means that it should be hard to
find two arguments hashing to the same result. Hash functions can be used to protect the
authenticity of large quantities of data with a short secret key (MAC), or to protect the
authenticity of a short string (MDC). Sometimes an MDC is used in combination with
encryption, which can yield protection of both confidentiality and authenticity.
There are several schemes which have been proposed for use as hash functions.
The widely used construction for a MAC is the CBC mode of the DES (with an additional output
transformation), as specified in ISO-9797. Several MDC’s have been constructed based on the
DES. Other dedicated designs are SHA (Secure Hash Algorithm or FIPS 180), and RIPE-MD
160. These hash functions achieve a very high throughput (Mbit/s), even in software
implementations.
Digital signature
Public-key techniques can also be used for other purposes than for enciphering information. If
Alice adds some redundancy to her message and transforms the result using her secret key,
anyone who knows Alice’s public key can verify that this message was sent by Alice (by
verifying the redundancy). In this way one can create a digital signature, which is the equivalent
of the hand-written signature on a document.
Since it is not physically connected to the signed data or the originator, it will depend on this
data and on the secret key of the originator. Several signature schemes have been proposed. The
RSA public-key cryptosystem is the only one which can be used for both enciphering and digital
signatures. Schemes which can only be used for digital signature purposes are the DSA and the
Fiat-Shamir scheme. Note that it is possible to produce a digital signature based on conventional
ciphers like the DES. However, these schemes are less efficient in terms of memory and
computations. Other constructions use a conventional cipher in combination with tamper
resistant hardware: this offers only a limited protection.
 E-COMMERCE

Assume Bob has received from Alice a digitally signed message. If Alice subsequently denies
having sent the message, Bob can go to a third party (e.g., a judge), who will be able to obtain
Alice’s public key. Subsequently he can verify the validity of the signature. In this way a digital
signature can provide non-repudiation of origin. It is easy to see that it provides in addition data
authentication, i.e., data integrity and data origin authentication.
Hash functions versus digital signatures
Hash functions can only be used in a situation where the parties mutually trust each other: they
cannot be used to resolve a dispute (unless one uses, in addition tamper resistant hardware).
As in the case of encryption, hash functions tend to be three orders of magnitude faster than
digital signatures. This explains why in general one will first compute the hashcode of the
message with a fast hash function and subsequently apply the digital signature to this short
hashcode. This provides digital signatures which are not only faster and shorter, but also more
secure.
Cryptographic protocols
A cryptographic protocol is an interaction between one or more entities to achieve a certain goal.
In fact, encryption and digital signatures can be seen as a special case of cryptographic protocols.
While a huge number of protocols have been developed, we will restrict this section to two types
of protocols: protocols for user authentication and protocols for key management.
User authentication protocols
The design of cryptographic protocols for user authentication is very complex. A large number
of protocols have been presented in the available literature, many of which exhibit some
weaknesses. The simplest protocol providing unilateral authentication consist of sending a
password.
More complex challenge-response protocols can be designed in which the user does not transmit
his secret information. They are based on an encryption algorithm, a MAC or a digital signature
and the use, in addition, of so called nonces (never used more than once): random numbers,
sequence numbers or time stamps. More complex protocols are required to achieve mutual
authentication.
Key Management Protocols
One of the main links in the cryptographic keychain is the key management protocol: every
cryptographic service will make use of cryptographic keying material, whose confidentiality
and/or integrity has to be protected. For the distribution of this keying material, one can use a
new cryptographic primitive, and ultimately, a physical channel.
In this way one builds a key hierarchy: secret keys for bulk encryption with a symmetric cipher
system will be encrypted using an asymmetric cipher system and signed with a digital signature
scheme. The public keys of the asymmetric cipher can be distributed via an authentic channel
which can be provided for example by combining conventional mail with voice authentication.
An alternative is to sign these public keys with a single master key: now one only has to
distribute a single master key via an authentic channel.
 E-COMMERCE

These signed public keys are called certificates. The central authority certifies that a certain
public key belongs to a particular user. The commonly used scheme nowadays in based on the
ITU-T X.509 recommendation.
Note that there also exist public-key protocols which result in the agreement of a secret key
between two parties, by exchanging public keys or parameters. A well known example in this
class is the Diffie-Hellman key agreement scheme. This protocol is different from a key transport
protocol, in which one party generates the secret key and enciphers it with the public key of the
other party. The key agreement protocols have the advantage that they result in an increased
security level.
In the context of public-key cryptography, revocation of public keys is very important: once the
user’s secret key is compromised, anybody can read his messages or forge his signatures.
Although public-key systems require no on-line central management system, the system has to
provide a means to protect the user in the case by warning the other users that his public key is
no longer valid.

Security Protocols in Internet

We will discuss here some of the popular protocols used over the internet to ensure secured
online transactions.

Secure Socket Layer (SSL)

It is the most commonly used protocol and is widely used across the industry. It meets
following security requirements −

 Authentication

 Encryption

 Integrity

 Non-reputability
Secure Hypertext Transfer Protocol (SHTTP)
SHTTP extends the HTTP internet protocol with public key encryption, authentication, and
digital signature over the internet. Secure HTTP supports multiple security mechanism,
providing security to the end-users. SHTTP works by negotiating encryption scheme types used
between the client and the server.

Secure Electronic Transaction

It is a secure protocol developed by MasterCard and Visa in collaboration. Theoretically, it is
the best security protocol. It has the following components −
 Card Holder's Digital Wallet Software − Digital Wallet allows the card holder to make
secure purchases online via point and click interface.

 Merchant Software − This software helps merchants to communicate with potential
customers and financial institutions in a secure manner.
 E-COMMERCE

 Payment Gateway Server Software − Payment gateway provides automatic and

standard payment process. It supports the process for merchant's certificate request.

 Certificate Authority Software − This software is used by financial institutions to issue
digital certificates to card holders and merchants, and to enable them to register their
account agreements for secure electronic commerce.