Description
This is a documentation about e-commerce security.
The Business of E Commerce:
E-commerce can be simply defined as conducting business over a data network that in some logical way has access to the all-encompassing Internet. E-commerce is the means to build efficient relationships among customers, producers, and suppliers by providing a set of products and services that facilitate the exchange of products, services and information over electronic networks within a company, and between companies and their customers.
E-Commerce Models:
• Business-to-Customer (B2C) B2C involves direct purchase /sale of goods and services as in retailing (Person to system). E-catalogue are provided for price and product information (browsing, order placement, payment, order tracking).The provider defines and controls the business process • Business-to-Business (B2B) B2B involves interactions among customers, providers, and suppliers (multiple participants). It involves complex relationships (negotiation, static/dynamic contracting) and peer-to-peer collaboration to define and execute business processes, sophisticated infrastructure (e.g., workflow, EDI). Transaction value is generally high in B2B transactions.
Essential Difference between B2B and B2C
The main difference between B2B commerce and B2C commerce is that in the B2B segment of the ecommerce market a number of buyers and a number of suppliers do business over the internet using technology to automate a big number of processes. Thus automatically, B2B commerce unlike B2C is a many to many relationship.
Payment methods in B2C e- commerce:
There are a variety of possible methods for making payments across the Internet. These methods include: • • • Debit/ Credit cards; Bank transfers/ Cheques; Third party payment services (e.g. Paypal).
The following is the flow diagram of how payment is routed in a credit card setup:
Trust in e commerce activities and its role in security aspects:
Trust is a lot more important in e-Commerce than in traditional commerce because of the paucity of rules and customs in regulating e-Commerce and because online services and products typically are not immediately verifiable. Moreover, online transactions lack the assurance provided in traditional settings through formal proceedings and receipts. Many dot.com failures have been attributed to the vendor's inability to create a strong trusting relationship with its customers and, consistent with this observation, only 5% of VISA International clients appear to trust e-Commerce, a very low percentage compared with other financial transactions. However, in contrast to face-to-face commerce and to other applications of trust in the literature discussed below, there are typically no interpersonal interactions in e-Commerce, neither direct nor implied. Such interactions, or even cues relating to them, are notably missing from eCommerce Websites.
The four main aspects of e trust are: (1) e-Trust is composed of four distinct beliefs dealing with the integrity, benevolence, ability, and predictability of the vendor; (2) that among these beliefs, integrity and predictability are the pertinent ones; (3) that the control variables disposition to trust and familiarity affect
these beliefs; and (4) that e-Trust, especially the belief in benevolence, is increased by the perception of social presence in the Website. The purchase intentions of an individual using an e commerce site can be analyzes using the following framework, as proposed by Gefen and Staub.
The major observations are: • • Consumer trust in an e-Vendor’s integrity, predictability, ability and benevolence increases intentions to purchase online from that e-Vendor. Higher social presence embedded in a Website increases consumer trust in an e-Vendor’s integrity, predictability, ability and benevolence. Predictability here refers to the belief that they will behave reliably in delivering the goods and services on time by abiding to accept and expected rules of conduct, and in doing so reduce social uncertainty relating to when and how these goods or services will be delivered. Ability here refers to the assessment that the trusted party knows its job and that this knowledge reduces the uncertainty that is involved in the trusting party obtaining its expected outcomes from the relationship by virtue of reducing the possible range of undesirable behaviors relating to inadequate ability that the trusted party may show. Integrity is the central belief convincing the consumers that their expected outcomes from the interaction will be fulfilled. The vendor would reduce social uncertainty involved in breaking promises. Moreover, a
dishonest e-Vendor may even make inappropriate use of credit card and personal information and could track purchase activity without prior approval. Benevolence deals with the belief that the vendor actually cares about the consumer. Caring as an aspect of emphatic good service generally increases customer satisfaction and retention (Ref: http://www.milab.dk/dokumentation/public)
Recent data on e commerce security breaches:
The Information Security Breaches Survey 2002, sponsored by the Department of Trade and Industry and prepared by consultancy firm PricewaterhouseCoopers, found that in small companies, 32 percent of the worst incidents were caused by insiders, but in large companies this figure climbed to 48 percent A third of the "worst" security incidents were virus infections, but there were also high incidences of other, more deliberately targeted attacks. Forty-one percent of companies reported virus infections in the past 12 months -- nearly triple the 16 percent reported in the same survey two years ago. While hacking attacks accounted for only 14 percent of the worst incidents in the past 12 months, this figure shot up from just 4 percent two years prior. Eleven percent of companies reported that their worst incident was due to inappropriate use of systems (using email or Web browsing to access or distribute inappropriate material), and 6 percent said the cause was theft of information. In The Information Security Breaches Survey 2006, 62% of UK companies had a security incident in the last year, down from 74% two years ago. Large businesses have also seen a reduction, down to 87% from 94%. Malicious incidents were responsible for the large increase in 2004; they now account for the reduction seen in 2006 (down to 52% from 68%). The 2006 figures still remain higher than 2002 levels, so it is too early to assume the reduction represents a long term downward trend.
Large businesses are more likely to have security incidents (87%), tend to have more of them (median of 19 per year) and their breaches tend to be more expensive (£90,000 on average for the worst incident). For firms overall the cost is roughly 50% higher than two years ago. In contrast, large businesses have seen a 20% reduction in the average cost. Overall, the cost of security breaches to UK plc is up from two years ago, and is of the order of ten billion pounds per annum. Change in situation compared to 2004:
Nearly two-thirds expect there will be more security incidents in the next year than in the last. Three-fifths of companies believe it will be harder to detect security breaches in the future. (Ref:www.enisa.europa.eu/doc/pdf/studies/dtiisbs2006.pdf www.zdnet.co.uk/tsearch/information+security+breaches+survey+2002.htm www.networkmagazineindia.com/200304/cover1.html)
Security issues in B2C e Commerce:
E-commerce systems are based upon Internet use, which provides open and easy communications on a global basis. However, because the Internet is unregulated, unmanaged and uncontrolled, it poses a wide range of risks and threats to the systems operating on it. The use of the Internet means that your internal IT and e-commerce systems are potentially accessible by anyone, irrespective of their location. Security is a major issue in developing E-Commerce because this is probably the most important reason people hesitates to buy things on the Net. Buying on the Net requires your credit card number and other personal information. But broadcasting your credit card number through the internet sounds pretty dicey. So, it’s a challenge for companies to make their site secure and safe so that people can fully rely on them.
Whatever the environment, paper or electronic, securing it necessarily implies the prevention of • • Risks Some of the common threats that hackers pose to e-commerce systems include: • Carrying out denial-of-service (DoS) attacks that stop access to authorized users of a website so that the site is forced to offer a reduced level of service or, in some cases, ceases operation completely • • • • Gaining access to sensitive data such as price lists, catalogues and valuable intellectual property, and altering, destroying or copying it Altering your website, thereby damaging your image or directing your customers to another site Gaining access to financial information about your business or your customers, with a view to perpetrating fraud Using viruses to corrupt your business data Destruction of information and Unauthorized availability of information.
(Ref: www.ecommercetimes.com/story/54118.html)
Impact of security threat upon the business:
All of these risks can have a significant impact upon a business running an e-commerce service. The potential business implications of a security incident include the following: • • • • Direct financial loss as a consequence of fraud or litigation. Subsequent loss as a result of unwelcome publicity. Criminal charges if found to be in breach of the Data Protection or Computer Misuse Acts, or other regulation on e-commerce. Loss of market share if customer confidence is affected by a DoS attack.
•
The image presented by the business, together with the brands are valuable assets. It is important to recognize that the use of e-commerce creates new ways for both image and brands to be attacked.
Threats due to security breaches:
Over the years, there has been a lot of misplaced concern about the vulnerability of the Internet to unauthorized interception. In reality interception of communications is the least of threats with which we are faced. Yet the only real security measure that is regularly applied is the encryption of transactions made over the Internet (but not those over the ordinary telephone, which are slightly easier to intercept). In terms of the real threats, this security offers no value. The three most important vulnerabilities with which a customer should be concerned of are: 1. Details from a credit card can be recorded during a regular card-present transaction. This is undoubtedly the easiest vulnerability to exploit. 2. Many organizations keep records of customers that include credit card details. This is particularly true of online retailers. These records are not always well protected and, too often, have been discovered and downloaded by hackers. This is the main means whereby the Internet is exploited to obtain details. 3 Unscrupulous vendors (or their employees) can submit repeat transactions. This was the main vulnerability before the Internet era. Although, in theory, the credit card information might be exploited in a number of ways, the specific weakness in the authentication for remote transactions makes that form of transaction especially attractive to criminals. As an added bonus, to the criminal, the Internet makes it easy for the criminal and victim to be in different legal jurisdictions, thus complicating the situation for all concerned. (Ref: www.aph.gov.au/library/pubs/rp/1998-99/99rp12.htm) Security issues: The issues that confront us in relation to securing electronic transaction are: • • • • • Confidentiality Integrity Availability Authenticity/Non-reputability Auditability
Confidentiality: Information should be protected from prying eyes of unauthorized internal users, external hackers and from being intercepted during transmission on communication networks by making it unintelligible to the attacker. The content should be transformed in such a way that it is not decipherable by anyone who does not know the transformation information. Integrity: On retrieval or receipt at the other end of a communication network the information should appear exactly as was stored are sent. It should be possible to generate an alert on any modification, addition or deletion to the original content. Integrity also precludes information “replay” i.e., a fresh copy of the data is generated or resent using the authorization features of the earlier authentic message. Suitable mechanisms are required to ensure end-to end message content and copy authentication. Availability: The information that is being stored or transmitted across communication networks should be available whenever required and to whatever extent as desired within pre-established time constraints. Network errors, power outages, operational errors, application software errors, hardware problems and viruses are some of the causes of unavailability of information. The mechanisms for implementation of counter measures to these threats are available but are beyond the scope of end-to-end message security for implementing Electronic Commerce. Authenticity: It should be possible any person or object from masquerading as some other person or object. When a message is received it should therefore be possible to verify it has indeed been sent by the person or object claiming to be the originator. Similarly, it should also be possible to ensure that the message is sent to the person or object for whom it is meant. This implies the need for reliable identification of the originator and recipient of data. Non-reputability: After sending / authorizing a message, the sender should not be able to, at a later date, deny having done so. Similarly the recipient of a message should not be able to deny receipt at a later date. It should, therefore be possible to bind message acknowledgements with their originations. Auditability: Audit data must be recorded in such a way that all specified confidentiality and integrity requirements are met.
Security Issues in B2B:
Security involves a total set of exposures in B2B e-commerce. Besides storing on computers, transactional data need to travel from within the perimeter of company’s network (Intranet) to the space of its suppliers’ and business partners’ enterprise applications through Extranet or Internet as well as to voyage to the terrain of its customers via Internet. As a result, it is unattainable to maintain a robust security control by simply
implementing a “one-size- fits-all” solution. Data traveling between diverse communication dimensions need to be secured differently. The security requirements are identified and categorized based on different needs on the two sides of an emarketplace: • The Seller Side: The selling parties in the B2B e- marketplace are mostly interested in the identification and authentication of users (buyers). The sellers are concerned with acquiring adequate buyers’ data and installing robust security measures for billing and other business transactional purposes, such as preventing the sender of a message from denying having sent it and mitigating the risks of so called Denial-of-Service attacks. • The Buyer Side: The participants on the buyer side in the e-Marketplace share a common interest in the integrity and confidentiality of the information transmitted. Usually, buyers are more interested in reliable services and expect their privacy to be soundly protected. In most of the cases, they may prefer to use services without being identified and being monitored of their every single movement on the Web by the unrelated business parties. B2B is predicted to generate millions of revenue world wide. Companies from small medium size to large enterprise organizations are using B2B commerce to increase their revenue and market their products on a global scale. If applied effectively B2B e-commerce can bring the following benefits: • • • • • • • Lower costs of conducting day to day business Market of products on an international level Increased the company’s agility and flexibility Improved and more efficient decision making Increase the customer base Lower procurement cost for both supplier and buyers Increase business intelligence.
Security threats:
From a technological perspective, the security threats are in terms of compromising company data, transactional data and disruption of the operations of the B2B environment. These Security threats are broadly of 2 types as follows:
Malicious Outsiders/ Insiders: E-commerce systems are based upon Internet use, which provides open and easy communications on a global basis. However, because the Internet is unregulated, unmanaged and uncontrolled, it poses a wide range of risks and threats to the systems operating on it. The use of the Internet means that company’s internal IT and e-commerce systems are potentially accessible by anyone, irrespective of their location. Thus outsiders who want to steal company information or disrupt company’s operations can pose a problem by various methods.
MALWARE SPOOFING NETWORK SNIFFING PASSWORD CRACKING
INTRUSION ATTACKS
SOCIAL ENGINEE-RING
THREAT METHODS
DENIAL-OFSERVICE ATTACKS
DUMPSTER DIVING PACKET MODIFICA-TION PACKET REPLAY
HACKING
IMPERSONA-TION EAVES-DROPPING
1.
Malware
These are malicious codes which include viruses, Trojan horses, worms and harmful applications. These techniques are used by a number of people on the internet in order to be able to infiltrate the systems of individuals or mostly companies and be able to disrupt or retrieve sensitive information. 2. Network Sniffing
A big number of sensitive data traveling on the web and especially between businesses sometimes are not encrypted. This allows an attacker that uses special tools to be able to gain access to the connections made and read the data. This can be from simple e-mails to e-mail contracts and B2B trading agreements. 3. Password cracking
Passwords are the most common method of authentication used to control access to digital resources. They are also the easiest way to gain unauthorized access to these resources. Armed with password cracking software, an intruder can discover a dictionary word password, or simple variation, in a matter of seconds. There are three different types of attacks against passwords: guessing, cracking, and disclosure via social engineering. 4. Denial-of-service attacks
In DOS attacks, the attacker(s) floods the B2B site (portal or extranet) with useless traffic making the server load unbearable. This causes the trading site to crash and the network to shut down. For busy sites this is a very unwanted and more importantly a costly situation. Of course is not only about money, and not only form the supplier’s perspective. A buyer may rely on a certain product that supplier X provides, loosing that product may not only bring more costs but it may also affect critical manufacturing processes. 5. Hacking
Hackers are individuals that use their skills and find weaknesses in web sites and or computer systems to infiltrate and retrieve information often with a criminal intent. Several times hackers destroy archives, web sites, applications and computer systems which this in technological terms is called cyber vandalism. Hackers, that post these vulnerabilities of company owned networks, programs and application on the internet, and hackers that vandalize for what ever purpose company data compromise the sensitive information and shake the trust of companies trading in the B2B environment. 6. Impersonation
Impersonation involves an attacker assuming the role of an individual who pretends to have some legitimate need for the information being sought. The assumed role could be that of an actual employee, or someone outside the organization who purports to have a relationship with the company, or is simply doing some work on the company premises (e.g. phone repair). 7. Eavesdropping
E-mail headers and contents are transmitted in the clear text if no encryption is used. As a result, the contents of a message can be read or altered in transit. The header can be modified to hide or change the sender, or to redirect the message. This allows a cracker (hacker) to make a complete copy of network activity. As a result, a cracker can obtain sensitive information such as passwords, data, and procedures for performing functions. It is possible for a cracker to eavesdrop by wiretapping, using radio, or using auxiliary ports on terminals. It is also possible to eavesdrop using software that monitors packets sent over the network. In most cases, it is difficult to detect eavesdropping.
8.
Packet replay
This refers to the recording and retransmission of message packets in the network. Packet replay is a significant threat for programs that require authentication sequences, because an intruder could replay legitimate authentication sequence messages to gain access to a system. Packet replay is frequently undetectable, but can be prevented by using packet time stamping and packet sequence counting. 9. Packet modification
This involves one system intercepting and modifying a packet destined for another system. Packet information may not only be modified, it could also be destroyed. 10. Dumpster Diving Even today companies throw away a big number of paper based information without disposing of it correctly (e.g. shredding). Individuals tend to search through the organizations trash and find, sensitive information like, organization charts, password, directories-mails, and confidential client information such as bank accounts, recent purchases etc. 11. Social engineering An individual can compromise and find weaknesses in companies by just having casual phone conversations with company staff. A “con-artist” can retrieve information from company staff by asking simple information like, where are your servers, or what database is the company using or operating system is in place. As a result the hackers can better direct their attack and thus increase their chances of success. It vital for companies to ensure that staff is properly educated on the confidentiality of this information. 12. Intrusion attacks Attackers using well-known techniques can penetrate many networks. This often happens when attackers use known vulnerabilities in the network. In updateable systems, administrators may not have or take the time to install all the necessary patches in a large number of hosts. In addition, it is usually not possible to perfectly map an organization's policy on computer use to its access-control mechanisms and thus authorized users often can perform unauthorized actions.Users may also demand network services and protocols that are known to be flawed and subject to attack. 13. Network spoofing
Attackers often use this technique, to disguise themselves or a specific B2B site and make it look identical to the original site. Having done that the attackers can receive orders from company clients and alter these orders before returning them to the company
Non Malicious Ignorant Employees; Attackers are not the only ones who can harm an organization. The primary threat to data integrity comes from authorized users who are not aware of the actions they are performing. Errors and omissions can lose, damage, or alter valuable data. Users, data entry clerks, system operators, and programmers frequently make unintentional errors that contribute to security problems, directly and indirectly. Sometimes the error is the threat, such as a data entry error or a programming error that crashes a system. In other cases, errors create vulnerabilities. Errors can occur in all phases of the system life cycle.
Countermeasures and protections from security threats in B2C:
1. Limitation of usage: The first protective measure available as a cardholder is to limit the usage of each card. It is safer to use more than one card and maintain strict separation of usage. In particular, Internet transactions and ordinary card-present transactions should never be mixed on the same card. This will very much reduce the potential for fraud because the most likely way for a fraudster to get details of the card details is from an ordinary off-line transaction. For cards that are never used on the Internet, any fraudulent Internet transaction will be immediately obvious. 2. Credit limits: The second weapon in the armory against the fraudster is the credit limit. The main rule is not to have a larger credit limit than you need for the usage you intend to put your card. If you need to make high value transactions, then keep a specific card solely for the purpose - and don't flash it about unnecessarily. Financial institutions must recognize that credit limits are not there solely to protect the institution but also to protect the customer, and to act accordingly. Breaching an agreed limit is prima facie evidence that a transaction may be fraudulent and in my view it is the institution's duty to enforce the credit limit by refusing the transaction (or possibly delaying payment until specific authorization has been obtained). The current practice, which appears to treat limits as though they didn't exist, is dangerous and should be discontinued. (Ref: wiki.media-culture.org.au/index.php/E-Commerce_-_B2C_Applications) 3. Notification of transactions: One of the reasons why fraudulent transactions are a headache for all concerned is that several weeks can elapse before they are spotted. With Internet transactions, at least, it should be inexpensive to improve the situation. A major strength of the Internet is its support for rapid, cheap and automatic communications. It should be easy to provide early notification of a transaction to help identify fraud. Unfortunately this is not something that individuals can implement on a self-help basis. It does need action by the financial institutions. The necessary steps are: • • • Before being allowed to conduct transactions over the Internet the cardholder should supply an email address. Whenever an Internet transaction reaches the financial institution, an automatic email notification should be sent to the address supplied. Ideally the payment processing should have a built-in delay, say 48 hours, to allow the cardholder to raise an alarm.
4. Better cards: In the past, credit cards were very limited in capability (and easy to forge). The industry is already moving away from the older magnetic stripe technology to the more expensive smart card, with on-board memory and processing. At the moment the capabilities are relatively unsophisticated (chip and pin). Nowadays, there are much higher assurance mechanisms to tie the card to the legitimate cardholder. This includes one or more of photographs on the card, biometric information and stronger password/pin. Use of such technologies will increase the difficulty of using a stolen card and of forgery and so should greatly reduce the incidence of card-present fraud. 5. An end to ‘card not present’ transactions: For remote transactions the greatest improvement will come about from having the card present during a transaction. Although card readers are not standard components of the current generation of terminal (home computer, PDA, telephone etc), it will not be very long before the technology is sufficiently cheap and robust to allow it, and there will come a juncture when it will be economically and socially reasonable to insist on card presence for remote transactions. This could result in three significant improvements: • • Better authentication information (held on the card) could be made available to support the transaction. The information that is readily available to human beings (especially at the vendor end of the transaction) can be minimized. There is no actual reason for the vendor to learn any of the details of the card. • Third parties will not be able to initiate a transaction without providing a substitute card.
6. Authorization path independent of vendor: Increasingly, modern telecommunications involve more than two parties. This is becoming especially common for real-time communications using the Internet. A model that allows all three parties to the transaction to be involved at the same time, with an independent channel between purchaser and financial institution could provide a much higher degree of assurance than the present model and make large reductions in the incidence of fraud. 7. Use of SET protocol: Secure Electronic Transaction (SET) is a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET is not itself a payment system, but rather a set of security protocols and formats that enables users to employ the existing credit card payment infrastructure on an open network in a secure fashion. The salient points are: • • In mid-1990s, Visa and MasterCard agreed on SET (Secure Electronic Transaction) specifications. SET provides ‘complete’ protection for e-commerce transactions.
• • •
Bidirectional authentication, encryption of card details at merchant server, privacy of transaction details from acquirer bank, transaction integrity protection, … SET transactions regarded as ‘cardholder present’ transactions. SET makes use of cryptographic techniques such as digital certificates and public key cryptography to allow parties to identify themselves to each other and exchange information securely
Modern Security solutions: The numbers of security breaches and increasing awareness towards e thefts have lead to a number of modern solutions being developed. This may include: • • • On-line transaction authorization at merchant (prevents use of stolen cards) CVC value printed on card (designed to make use of stolen card details harder) Use of SSL/TLS to protect cardholder/merchant link (and authenticate merchant)
1. EMV: EMV is a standard for interoperation of IC cards ("Chip cards") and IC capable POS terminals and ATM's, for authenticating credit and debit card payments. The name EMV comes from the initial letters of Europay, MasterCard and VISA, the three companies which originally cooperated to develop the standard. The EMV standard defines the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions. Some major pointers are: • • • EMV-compliant credit cards now being rolled out in UK. EMV not really designed to protect ecommerce. Designed to reduce fraud and reduce number of online authorizations (expensive).
2. SSL/TLS: Secure Sockets Layer (SSL) and the Transport Layer Security (TLS) provide security for an Internet communications link. TLS is commonly used to protect ecommerce transactions against Internet eavesdroppers. However: • • • SSL/TLS does not protect data once it reaches the merchant server. SSL/TLS does not provide cardholder authentication. Although SSL/TLS provides merchant authentication, this is not foolproof, as it relies on the cardholder checking displayed web pages. 3. Cryptography: It is the most widely used technique for implementing technology solution for security problems. It comprises of encryption which is the process of making information unintelligible to the unauthorized reader and decryption which is reserving encryption to make the information readable once again. Conventional cryptography uses a secret code or key to encrypt information. The same secret key is used by the receiver to decrypt the information.
4. Digital signature: It can be used not only to verify the authenticity of the message and the claimed identity of the sender, but also to verify the message integrity. The recipient, however, should not be able to use the received digital signature to falsely “sign” messages on behalf of the original sender. Here a message is encrypted with the sender’s private key to generate the ‘signature’. The message is then sent to the destination along with this signature. The recipient decrypts the signature using the sender’s public key, and if the result matches with the copy of the message received, the recipient can be sure that the message was sent by the claimed originator and that the message has not been modified during transmission, since only the originator is in possession of the corresponding encryption key. It is a two key cryptosystems. 5. Biometric solutions: A more effective solution can be obtained by using a biometric authentication device, such as a fingerprint scanner, in the e-wallet. Smart card are similar to credit cards except that they have chips embedded in them. These cards can be used to store value and carry authentication information. 6. 3-D Secure: Recently there is a newly devised approach being promoted by Visa which is called One of a number of ‘3 domain’ solutions. Instead of requiring cardholder and merchant to provide secure payment functionality, servers provided by issuer and acquirers perform functions on behalf of end players. Servers interact with interoperability (brand) server – hence ‘3 domains’. 7. M-commerce solutions: Another possible approach to secure Internet payments operate via mobile networks (or with support of mobile networks). This is promising because mobile networks already have means for end-user authentication, and mobiles rapidly becoming ubiquitous. 8. Electronic cash: Other solutions rely on payment methods other than credit card. One family of solutions involves storing value on smart cards. Such e-cash already in use in variety of countries, and can also potentially be used for e-commerce transactions. (Ref:https://www2.sans.org/reading_room/whitepapers/ecommerce/37.php? portal=75b14170c904f262bb13dff8eb2cfa8c)
Securing the B2B environment: We see security is important in all fields of the B2B segment. Both in terms of sustaining the value chain, but most importantly, to ensure and build a trust infrastructure between two trading parties. Moreover having a robust security policy ensures that the problems of transactional and information asymmetry do not occur, and ensures that both companies perform as expected. Approach It is important for companies to understand that security in its literal sense is not only a piece of software, or hardware that is put in place, but security has to be enabled and studied from a wider perspective.
The following approach can be followed:
• • • •
Prevent- Put measures in place in order to avert security risks. Detect- Mechanisms should be embedded in systems in order to efficiently and effectively identify security breaches. Respond- To be able to react in response to a threat and take action to nullify the effects. Improve- The affected areas should be improved and ensure that the same security event does not occur again.
It is very important however, for companies to acknowledge that the actual prevention of all security threats is virtually impossible. New ways will be implemented to counteract and counterattack security threats and new ways will be devised by individuals to breach those new techniques. Consequently although companies, should keep aware of old threats and ensure that these do not occur, they should at the moment, put the weight of focus on detecting and responding aggressively to those threats. Security Measures: Security measures can be broadly divided into two as follows:
Policies/ Standards:
Each organization participating in a B2B transaction should have securities policies to have a standardized strategy to counteract security threats. The policies should cover the following topics: • • • • • • • The company should limit privileges to staff in every function. Privileges should be given depending on the necessity of the work done. Extra levels of security must be used for key corporate assets. Legacy and new systems should be integrated. Complexity makes security much more difficult. A number of security mechanisms should be kept. Having in place only one security mechanism can expose the entire organization. Complex passwords should put in place should be put in place in internal and external applications, protocols and network connections. Invalid password attempts should be logged and investigated Security systems should be audited as frequently as possible. Industry standards are important. This ensures that all systems are universal and that security is an aligned with the business processes, especially transactional and value chain. This will allow better management and minimize risks. • • Policies should be put in place that legally limit access to confidentiality information, prevent access to files, sites and illegal practices. Privacy and company confidentiality is important for both supplier/buyer. Information and data that fall into this category are very important and should be kept and guarded responsibly. Technological: There are a number of measures that companies can use, to prevent, detect and respond to security threats. These are situated in the network, physical and link layer, the application layer and the web services layer. Some of these technological measures include the following: 1. Firewalls • • Access Control: Firewalls restrict communications between two or more networks/hosts based on rules. Logging: Most firewalls will generate logs about the traffic that goes through them to provide an audit trail. A firewall can be used to separate untrusted networks such as the Internet, from internal networks that contain sensitive and private data. Because a firewall can implement a security policy for a whole network, such as, no inbound HTTP should reach Mainframe; a firewall can remove some security burden from internal systems. Network firewalls are not the only network security measures needed on a network however. Systems that are exposed to untrusted networks must still be protected, since the firewall is already configured to allow traffic through to the system.
Firewalls generally provide the following functions:
2.
VPN (Virtually Private networks)
A VPN is a network that is constructed using network protocols to create a “virtual” private network out of a network this is not truly private. VPNs are constructed using protocols that typically perform Authentication and Encryption so that two networks, not directly connected, can appear to the user or other networks as if they are private. A VPN device could be either a hardware or software, which is installed in a client and server to create secure private links. VPN can be deployed on a public network as links between point-to-point (or) point-to-multipoint networks. Point-to-point networks have one source and one destination as apposed to point-to-multipoint that has one source to multiple destinations. Virtual Private Networks can also be deployed over network-to-network connection (e.g. Company A connected to Company B over leased circuits) or network-to-client connection (e.g. User connecting to Company over dial-up connection). 3. Secure socket layer (SSL) Secure Sockets Layer, SSL is used to secure data in transit and provides security using data encryption, server authentication and message integrity. SSL is a security protocol originally developed by Netscape for protecting network communications. SSL is an open, non-proprietary protocol that has become the industry standard for protecting data in transit. Several versions of SSL are currently available including SSLv2 and SSLv3. TLS (Transport Layer Security) is the latest internet standard SSL-style protocol and is found in the newest servers and browsers. SSL provides secure communications using: • • • • 4. Data Encryption Server authentication Message Integrity Optional client authentication
FTPS-FTP that uses SSL
FTP is the file transfer protocol. FTP is a protocol designed for the transmission of files over TCP/IP networks. FTP was designed before security of network protocols was as important as it is today. As such, FTP has few built-in security measures to defend against modern threats. Most operating systems come with both an FTP client and Server. There is a draft standard for a new version of FTP that supports strong authentication and encryption. FTPS uses SSL to provide confidentiality and integrity for both authentication information and file data during transmission. Several products support the FTPS protocol and more are expected. For the transmission of sensitive data in File-at-a-time mode, FTPS is a good option if both organizations sending/receiving data can support it. FTPS is still an evolving draft-status protocol. Though several vendors do have implementations that adhere to the current draft specification, FTPS support is not nearly as available as FTP. FTPS has roughly the same administrative and protocol features of FTP. FTPS has native support for userid + password authentication. The FTPS specification also allows for SSL-Certificate Authentication.
The FTP protocol itself does not support the transmission of authorization information. There is no standard for how the server should perform authorization checks. Most servers rely on local files system permissions for their authorization. FTPS supports full-strength SSL encryption. FTPS can protect both the command and data channels of the FTP communication. FTPS supports integrity modes of SSL. FTPS will perform integrity checks for each packet/file of data transferred. 5. HTTPS
HTTP is the HyperText Transport Protocol. It is a protocol for exchanging marked-up text with hyperlinks. HTTP is a protocol that was designed for sending small text and images using TCP. HTTP has evolved to be the major protocol in use on the Internet and extended to carry video, XML, and all manner of richcontent. HTTP was designed before Internet security was a major concern, and as such HTTP does not offer many native security features. Most operating systems come with an HTTP server. HTTPS is HTTP+SSL. HTTPS relies on SSL to provide Confidentiality, Integrity, and stronger Authentication and HTTP alone. HTTPS is the standard for securing HTTP. All major browsers and web servers support HTTPS. HTTPS is the protocol used to secure the vast majority of HTTP communications. Most servers that support the HTTP protocol also support HTTPS. HTTPS has native support for userid + password authentication. The HTTPS specification also allows for SSL-Certificate Authentication. The HTTPS protocol itself does not support the transmission of authorization information. There is no standard for how the server should perform authorization checks. Most servers have relatively simple built-in mechanisms for access control. HTTPS supports full-strength SSL encryption. HTTPS supports Integrity modes of SSL. HTTPS will perform integrity checks for each packet/file of data transferred. 6. Cryptography
Encryption of data both transactional but also private and confidential information is very important in the B2B environment. Encryption is the process of converting data from one format to another (more like from a human readable format to junk characters). In other words it involves converting plain text to cipher text. Decryption is the reversal process, which involves converting cipher text to plain text. There are two types of encryption technologies, one is the symmetric encryption and the other is asymmetric encryption. Symmetric encryption uses the same key for both encryption and decryption. Asymmetric encryption uses two keys, one for encryption and the other for decryption. This is more like public and private keys. The public key is given to any one and the private key is kept secret. The keys use a one-way hash function that is impossible to reverse engineer. In essence, the same key cannot be used for both encryption and decryption. 7. Prevention and detection of malicious software
All systems have to be updated and be kept up to date with the latest malicious Software threats such as viruses, Trojans and worms. The standard method of protecting against malicious software is anti-virus
software. Many vendors make packages for detecting, disabling, and removing/repairing malicious software. Anti-Virus software operates in two general modes. The first mode matches files on disk and in memory against patterns of known viruses. This mode relies on the anti-virus vendors to constantly update their signature databases and distribute them to customers. Anti-Virus vendors often compete on how quickly they can react to a new virus/threat and send out signatures to their customers. The second mode of anti-virus software is called heuristic. Anti-Virus software that operates in this mode attempts to watch the system for suspicious behavior. It does not rely on a constantly updated signature database. Most anti-virus software can operate in both modes. Some anti-virus software can operate not only on the individual enduser system, but also on servers or gateways. Anti-virus software exists that can scan all email passing through a server, or all HTTP traffic passing through a proxy. 8. Digital signature
A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means to know who created the document and that it has not been altered in any way since that person created it. Digital signatures rely on certain types of encryption to ensure authentication. Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Authentication is the process of verifying that information is coming from a trusted source. These two processes work hand in hand for digital signatures. There are several ways to authenticate a person or information on a computer:
•
Password – One enters name and password when prompted by the computer. It checks the pair against a secure file to confirm. If either the name or password does not match, then one is not allowed further access.
•
Checksum - Probably one of the oldest methods of ensuring that data is correct, checksums
also provide a form of authentication since an invalid checksum suggests that the data has been compromised in some fashion. A checksum is determined in one of two ways. Let's say the checksum of a packet is 1 byte long, which means it can have a maximum value of 255. If the sum of the other bytes in the packet is 255 or less, then the checksum contains that exact value. However, if the sum of the other bytes is more than 255, then the checksum is the remainder of the total value after it has been divided by 256.
•
CRC (Cyclic Redundancy Check) - CRCs are similar in concept to checksums but they use
polynomial division to determine the value of the CRC, which is usually 16 or 32 bits in length. The good thing about CRC is that it is very accurate. If a single bit is incorrect, the CRC value will not match up. Both checksum and CRC are good for preventing random errors in transmission, but provide little protection from an intentional attack on your data. The encryption techniques below are much more secure.
•
Private Key encryption -Private Key means that each computer has a secret key (code) that it
can use to encrypt a packet of information before it is sent over the network to the other computer. Private Key requires that one knows which computers will talk to each other and install the key on each one. Private Key encryption is essentially the same as a secret code that the two computers must each know in order to decode the information. The code would provide the key to decoding the message.
•
Public key encryption - Public key encryption uses a combination of a private key and a public
key. The private key is known only to your computer while the public key is given by your computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key provided by the originating computer and it's own private key. The key is based on a hash value. This is a value that is computed from a base input number using a hashing algorithm. The important thing about a hash value is that it is nearly impossible to derive the original input number without knowing the data used to create the hash value.
•
Digital certificates - To implement public key encryption on a large scale, such as a secure
Web server might need, requires a different approach. This is where digital certificates come in. A digital certificate is essentially a bit of information that says the Web server is trusted by an independent source known as a Certificate Authority. The Certificate Authority acts as the middleman that both computers trust. It confirms that each computer is in fact who they say they are and then provides the public keys of each computer to the other. The Digital Signature Standard (DSS) is based on a type of public key encryption method that uses the Digital Signature Algorithm (DSA). DSS is the format for digital signatures that has been endorsed by the US government. The DSA algorithm consists of a private key that only the originator of the document (signer) knows and a public key.
Study of various B2B and B2C websites:
Ariba.com
Ariba is committed to the security and integrity of customer information within Ariba Supplier Network (Ariba SN). Ariba uses industry best-practice security measures to protect against the loss, misuse or alteration of the information under our control. The Ariba Supplier Network (ASN) application; the shared service offerings of Ariba Category Management (ACM), Ariba Enterprise Sourcing (AES), Ariba Analysis, Ariba Spend Visibility, Ariba Procure to Pay (P2P), Ariba Travel and Expense, and Electronic Invoice Presentation and Payment (EIPP) applications have been certified for a WebTrust seal for Availability, Confidentiality, Processing Integrity, and Security.
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ariba has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect within the Ariba SN. These measures include the following: ? ? ? ? ? Multiple level firewalls to segregate and secure network segments based on system roles. Data transmissions are encrypted using SSL technology Use of server-side and client-side digital certificates Role-based administrative access policies and procedures Primary co-location facility uses cipher-encoded access badges, biometric scans, and 24-hour video surveillance and guards to control access ? ? ? ? Comprehensive in-house performance and security monitoring and auditing Intrusion detection and analysis Detailed security policy, processes and procedures Security auditing performed by outside consulting agencies
To provide for the availability of service and information within Ariba SN, Ariba implements the following components: ? ? ? ? ? ? ? A disaster recovery plan Detailed backup strategy and secure off-site storage High availability clustered database servers Redundant systems, power supplies, and network connections Service level agreements with service providers to guarantee service levels Comprehensive change management and testing policies 24-hour x 7-day per week technical support staff
Ariba provides for transaction integrity in the Ariba SN through the implementation of solid business practices, which include: ? ? ? Continuous real-time monitoring of failed transactions Detailed procedures for troubleshooting and resolving issues Policies and procedures on information privacy and disclosure
i2.com
i2's mission is to enhance customers' competitive positions by providing planning and optimization solutions that enable secure intelligent B2B and B2C electronic commerce.
2 Electronics References Databases: Database (formerly known as VIP from Aspect Development) is utilized by electronics distributors, contract manufacturers, and OEM’s to find, select, compare, and purchase components that meet both technical and business requirements in a secure mode. In e Commerce business users are committed to utilizing these familiar, easy-to-use office applications, but disparate spreadsheets are not easily synchronized or updated in real time and plans can suffer from inaccurate, out-of-synch, or corrupt data which can have a significant impact on business plans and transactions. i2 Tether, a solution from I2 Technologies Inc enables companies to leverage best in class Supply Chain Management applications across the enterprise while working with the tools in which users are most accustomed. i2 Tether links Office Excel 2007 spreadsheets to the i2 Agile Business Process Platform ensuring that enterprise data and business logic can be secured, recorded and measured across multiple organizations. The solution allows users to collaborate on data through a central enterprise environment at various times, dates and locations with the accuracy and confidence of maintaining one single version of the truth. i2 Tether allows Microsoft Office Excel 2007 to be integrated into solutions and workflows via the i2 Agile Business Process Platform. This takes Office Excel 2007 beyond the user interface and opens the door to include capabilities from the platform such as our data model, business rules and workflows. Benefits of i2 Tether for Office Excel 2007 include: ? Managing distributed Supply Chain operations with an accurate up to date single version of the truth ? ? ? ? ? Improved data integrity and security Accelerated user adoption Ability to develop and re-configure business processes easily Ability to log changes as they occur and by user Enhanced role-based control and security
Another company named Entrust Technologies Inc., a global leader in solutions that bring trust to ebusiness supports i2 Technologies, to use market-leading security software within its TradeMatrix(TM) solutions in order to provide the trust infrastructure to support high volume transactions, in many-to-many, buy/sell environment."
For this security feature i2 integrates the Entrust/Toolkit(TM) for Java(TM) development software, with the i2 TradeMatrix solutions. This combination is designed to enable more secure business interactions between i2 and its partners, suppliers, customers, service providers and TradeMatrix marketplace users. The integrated capability provides certificate-based authentication between i2's TradeMatrix solutions. For security reasons, access to the website is limited to current i2 customers, employees and partners.
PerfectCommerce.com
Perfect Commerce brings the Open Supplier Network (OSN) and our On-Demand Supplier Relationship Management (SRM) solutions to market in a secure and stable environment and has built world-class methodologies and procedures. Perfect Commerce was one of the first e-business services providers to achieve level 2 certification of the Software Engineering Institute's Capability Maturity Model (CMM). Furthermore, Perfect Commerce partners and technology represent the best-of-class in e-business solutions. The importance of security is recognized and addressed in a number of ways: ? Security policy based on ISO International Standard 17799 (Information Technology - Code of Practice for Information Security Management) ? ? ? ? ? Full utilization of third-party security monitoring 24 x 7 Periodic audits by third-party security firm Periodic SAS 70 completed by Deloitte and Touche Periodic Internal System Scans Multi-tiered Firewall Infrastructure
Its security model is based on widely accepted standards, drawing upon sources such as regulatory guidance, ISO 17799 standards and ONCE (Open Network of Commerce Exchanges) security requirements. All data are stored in a secured environment with appropriate backups while data transport occurs in a 128-bit SSL encrypted environment. High-availability and load balancing are provided by complete IT and operational redundancy. Combinations of host-based and network-based Intrusion Detection Systems (IDS) are used for monitoring and reporting activities. Independent auditors assess the vulnerabilities of both internal and external networks on a periodic basis using a variety of scanning tools. These external security assessments are used to confirm existing controls and support the continuous improvement of security measures.
The system protects sensitive user and vendor data and provides secure transmission and storage of user information, transaction data, and vendor ERP data to ensure data privacy and integrity.
Yatra.com:
It assures appropriate standards when it comes to protecting user’s privacy on its web site while accessing the features. In general, anyone can visit Yatra website without revealing his or her identity. Web professionals at managing the site track the Internet address of the domains from which people visit and analyze this data for trends and statistics, but the individual user remains anonymous. Some of the web pages use "cookies" so that web professionals at Yatra.com can better serve its users with customized information when they return to the site. Cookies are identifiers which a web site can send to the user’s browser to keep on their computer to facilitate their next visit to the site. The user can set his/her browser to notify them when they receive a cookie, giving them the option to decide whether or not to accept it. Yatra does not sell, trade or disclose to third parties any information derived from the registration for, or use of, any online service (including names and addresses) without the consent of the user or customer (except as required by subpoena, search warrant, or other legal process or in the case of imminent physical harm to the user or others). Yatra will allow suppliers to access the information for purposes of confirming the user’s registration and providing them benefits that they are entitled to. If the privacy policy changes in the future, it is posted on the web page and a new effective date is shown.
MakeMyTrip.com:
All payments on the MakeMyTrip.com site is Verisign SSL secured. This means all personal information provided to MakeMyTrip is transmitted using SSL (Secure Socket Layer) encryption The same process happens when the user makes travel purchases on the MakeMyTrip.com site. Conventionally cookies are used as a security alert measure. "Cookies" are small pieces of information that are stored by the browser on user computer's hard drive. The use of cookies is very common on the Internet and MakeMyTrip's use of cookies is similar to that of such sites as Expedia and Orbitz, as well as Yahoo!, CNN.com and other reputable online companies. Such cookies are also used to display an advertisement while the users are on MakeMyTrip.com site or to send a "Best Day to Buy" email (or similar emails - assuming that users have not opted out of receiving such emails) focusing on destinations in which users may be interested. None of this information is passed to any third party
The third - party advertising companies may also employ technology that is used to measure the effectiveness of ads. Any such information is anonymous. They may use this anonymous information about the user’s visits to this and other sites in order to provide advertisements about goods and services of potential interest to the concerned user. No PII is collected during this process. The information is anonymous, and does not link online actions to an identifiable person.
doc_644750488.doc
This is a documentation about e-commerce security.
The Business of E Commerce:
E-commerce can be simply defined as conducting business over a data network that in some logical way has access to the all-encompassing Internet. E-commerce is the means to build efficient relationships among customers, producers, and suppliers by providing a set of products and services that facilitate the exchange of products, services and information over electronic networks within a company, and between companies and their customers.
E-Commerce Models:
• Business-to-Customer (B2C) B2C involves direct purchase /sale of goods and services as in retailing (Person to system). E-catalogue are provided for price and product information (browsing, order placement, payment, order tracking).The provider defines and controls the business process • Business-to-Business (B2B) B2B involves interactions among customers, providers, and suppliers (multiple participants). It involves complex relationships (negotiation, static/dynamic contracting) and peer-to-peer collaboration to define and execute business processes, sophisticated infrastructure (e.g., workflow, EDI). Transaction value is generally high in B2B transactions.
Essential Difference between B2B and B2C
The main difference between B2B commerce and B2C commerce is that in the B2B segment of the ecommerce market a number of buyers and a number of suppliers do business over the internet using technology to automate a big number of processes. Thus automatically, B2B commerce unlike B2C is a many to many relationship.
Payment methods in B2C e- commerce:
There are a variety of possible methods for making payments across the Internet. These methods include: • • • Debit/ Credit cards; Bank transfers/ Cheques; Third party payment services (e.g. Paypal).
The following is the flow diagram of how payment is routed in a credit card setup:
Trust in e commerce activities and its role in security aspects:
Trust is a lot more important in e-Commerce than in traditional commerce because of the paucity of rules and customs in regulating e-Commerce and because online services and products typically are not immediately verifiable. Moreover, online transactions lack the assurance provided in traditional settings through formal proceedings and receipts. Many dot.com failures have been attributed to the vendor's inability to create a strong trusting relationship with its customers and, consistent with this observation, only 5% of VISA International clients appear to trust e-Commerce, a very low percentage compared with other financial transactions. However, in contrast to face-to-face commerce and to other applications of trust in the literature discussed below, there are typically no interpersonal interactions in e-Commerce, neither direct nor implied. Such interactions, or even cues relating to them, are notably missing from eCommerce Websites.
The four main aspects of e trust are: (1) e-Trust is composed of four distinct beliefs dealing with the integrity, benevolence, ability, and predictability of the vendor; (2) that among these beliefs, integrity and predictability are the pertinent ones; (3) that the control variables disposition to trust and familiarity affect
these beliefs; and (4) that e-Trust, especially the belief in benevolence, is increased by the perception of social presence in the Website. The purchase intentions of an individual using an e commerce site can be analyzes using the following framework, as proposed by Gefen and Staub.
The major observations are: • • Consumer trust in an e-Vendor’s integrity, predictability, ability and benevolence increases intentions to purchase online from that e-Vendor. Higher social presence embedded in a Website increases consumer trust in an e-Vendor’s integrity, predictability, ability and benevolence. Predictability here refers to the belief that they will behave reliably in delivering the goods and services on time by abiding to accept and expected rules of conduct, and in doing so reduce social uncertainty relating to when and how these goods or services will be delivered. Ability here refers to the assessment that the trusted party knows its job and that this knowledge reduces the uncertainty that is involved in the trusting party obtaining its expected outcomes from the relationship by virtue of reducing the possible range of undesirable behaviors relating to inadequate ability that the trusted party may show. Integrity is the central belief convincing the consumers that their expected outcomes from the interaction will be fulfilled. The vendor would reduce social uncertainty involved in breaking promises. Moreover, a
dishonest e-Vendor may even make inappropriate use of credit card and personal information and could track purchase activity without prior approval. Benevolence deals with the belief that the vendor actually cares about the consumer. Caring as an aspect of emphatic good service generally increases customer satisfaction and retention (Ref: http://www.milab.dk/dokumentation/public)
Recent data on e commerce security breaches:
The Information Security Breaches Survey 2002, sponsored by the Department of Trade and Industry and prepared by consultancy firm PricewaterhouseCoopers, found that in small companies, 32 percent of the worst incidents were caused by insiders, but in large companies this figure climbed to 48 percent A third of the "worst" security incidents were virus infections, but there were also high incidences of other, more deliberately targeted attacks. Forty-one percent of companies reported virus infections in the past 12 months -- nearly triple the 16 percent reported in the same survey two years ago. While hacking attacks accounted for only 14 percent of the worst incidents in the past 12 months, this figure shot up from just 4 percent two years prior. Eleven percent of companies reported that their worst incident was due to inappropriate use of systems (using email or Web browsing to access or distribute inappropriate material), and 6 percent said the cause was theft of information. In The Information Security Breaches Survey 2006, 62% of UK companies had a security incident in the last year, down from 74% two years ago. Large businesses have also seen a reduction, down to 87% from 94%. Malicious incidents were responsible for the large increase in 2004; they now account for the reduction seen in 2006 (down to 52% from 68%). The 2006 figures still remain higher than 2002 levels, so it is too early to assume the reduction represents a long term downward trend.
Large businesses are more likely to have security incidents (87%), tend to have more of them (median of 19 per year) and their breaches tend to be more expensive (£90,000 on average for the worst incident). For firms overall the cost is roughly 50% higher than two years ago. In contrast, large businesses have seen a 20% reduction in the average cost. Overall, the cost of security breaches to UK plc is up from two years ago, and is of the order of ten billion pounds per annum. Change in situation compared to 2004:
Nearly two-thirds expect there will be more security incidents in the next year than in the last. Three-fifths of companies believe it will be harder to detect security breaches in the future. (Ref:www.enisa.europa.eu/doc/pdf/studies/dtiisbs2006.pdf www.zdnet.co.uk/tsearch/information+security+breaches+survey+2002.htm www.networkmagazineindia.com/200304/cover1.html)
Security issues in B2C e Commerce:
E-commerce systems are based upon Internet use, which provides open and easy communications on a global basis. However, because the Internet is unregulated, unmanaged and uncontrolled, it poses a wide range of risks and threats to the systems operating on it. The use of the Internet means that your internal IT and e-commerce systems are potentially accessible by anyone, irrespective of their location. Security is a major issue in developing E-Commerce because this is probably the most important reason people hesitates to buy things on the Net. Buying on the Net requires your credit card number and other personal information. But broadcasting your credit card number through the internet sounds pretty dicey. So, it’s a challenge for companies to make their site secure and safe so that people can fully rely on them.
Whatever the environment, paper or electronic, securing it necessarily implies the prevention of • • Risks Some of the common threats that hackers pose to e-commerce systems include: • Carrying out denial-of-service (DoS) attacks that stop access to authorized users of a website so that the site is forced to offer a reduced level of service or, in some cases, ceases operation completely • • • • Gaining access to sensitive data such as price lists, catalogues and valuable intellectual property, and altering, destroying or copying it Altering your website, thereby damaging your image or directing your customers to another site Gaining access to financial information about your business or your customers, with a view to perpetrating fraud Using viruses to corrupt your business data Destruction of information and Unauthorized availability of information.
(Ref: www.ecommercetimes.com/story/54118.html)
Impact of security threat upon the business:
All of these risks can have a significant impact upon a business running an e-commerce service. The potential business implications of a security incident include the following: • • • • Direct financial loss as a consequence of fraud or litigation. Subsequent loss as a result of unwelcome publicity. Criminal charges if found to be in breach of the Data Protection or Computer Misuse Acts, or other regulation on e-commerce. Loss of market share if customer confidence is affected by a DoS attack.
•
The image presented by the business, together with the brands are valuable assets. It is important to recognize that the use of e-commerce creates new ways for both image and brands to be attacked.
Threats due to security breaches:
Over the years, there has been a lot of misplaced concern about the vulnerability of the Internet to unauthorized interception. In reality interception of communications is the least of threats with which we are faced. Yet the only real security measure that is regularly applied is the encryption of transactions made over the Internet (but not those over the ordinary telephone, which are slightly easier to intercept). In terms of the real threats, this security offers no value. The three most important vulnerabilities with which a customer should be concerned of are: 1. Details from a credit card can be recorded during a regular card-present transaction. This is undoubtedly the easiest vulnerability to exploit. 2. Many organizations keep records of customers that include credit card details. This is particularly true of online retailers. These records are not always well protected and, too often, have been discovered and downloaded by hackers. This is the main means whereby the Internet is exploited to obtain details. 3 Unscrupulous vendors (or their employees) can submit repeat transactions. This was the main vulnerability before the Internet era. Although, in theory, the credit card information might be exploited in a number of ways, the specific weakness in the authentication for remote transactions makes that form of transaction especially attractive to criminals. As an added bonus, to the criminal, the Internet makes it easy for the criminal and victim to be in different legal jurisdictions, thus complicating the situation for all concerned. (Ref: www.aph.gov.au/library/pubs/rp/1998-99/99rp12.htm) Security issues: The issues that confront us in relation to securing electronic transaction are: • • • • • Confidentiality Integrity Availability Authenticity/Non-reputability Auditability
Confidentiality: Information should be protected from prying eyes of unauthorized internal users, external hackers and from being intercepted during transmission on communication networks by making it unintelligible to the attacker. The content should be transformed in such a way that it is not decipherable by anyone who does not know the transformation information. Integrity: On retrieval or receipt at the other end of a communication network the information should appear exactly as was stored are sent. It should be possible to generate an alert on any modification, addition or deletion to the original content. Integrity also precludes information “replay” i.e., a fresh copy of the data is generated or resent using the authorization features of the earlier authentic message. Suitable mechanisms are required to ensure end-to end message content and copy authentication. Availability: The information that is being stored or transmitted across communication networks should be available whenever required and to whatever extent as desired within pre-established time constraints. Network errors, power outages, operational errors, application software errors, hardware problems and viruses are some of the causes of unavailability of information. The mechanisms for implementation of counter measures to these threats are available but are beyond the scope of end-to-end message security for implementing Electronic Commerce. Authenticity: It should be possible any person or object from masquerading as some other person or object. When a message is received it should therefore be possible to verify it has indeed been sent by the person or object claiming to be the originator. Similarly, it should also be possible to ensure that the message is sent to the person or object for whom it is meant. This implies the need for reliable identification of the originator and recipient of data. Non-reputability: After sending / authorizing a message, the sender should not be able to, at a later date, deny having done so. Similarly the recipient of a message should not be able to deny receipt at a later date. It should, therefore be possible to bind message acknowledgements with their originations. Auditability: Audit data must be recorded in such a way that all specified confidentiality and integrity requirements are met.
Security Issues in B2B:
Security involves a total set of exposures in B2B e-commerce. Besides storing on computers, transactional data need to travel from within the perimeter of company’s network (Intranet) to the space of its suppliers’ and business partners’ enterprise applications through Extranet or Internet as well as to voyage to the terrain of its customers via Internet. As a result, it is unattainable to maintain a robust security control by simply
implementing a “one-size- fits-all” solution. Data traveling between diverse communication dimensions need to be secured differently. The security requirements are identified and categorized based on different needs on the two sides of an emarketplace: • The Seller Side: The selling parties in the B2B e- marketplace are mostly interested in the identification and authentication of users (buyers). The sellers are concerned with acquiring adequate buyers’ data and installing robust security measures for billing and other business transactional purposes, such as preventing the sender of a message from denying having sent it and mitigating the risks of so called Denial-of-Service attacks. • The Buyer Side: The participants on the buyer side in the e-Marketplace share a common interest in the integrity and confidentiality of the information transmitted. Usually, buyers are more interested in reliable services and expect their privacy to be soundly protected. In most of the cases, they may prefer to use services without being identified and being monitored of their every single movement on the Web by the unrelated business parties. B2B is predicted to generate millions of revenue world wide. Companies from small medium size to large enterprise organizations are using B2B commerce to increase their revenue and market their products on a global scale. If applied effectively B2B e-commerce can bring the following benefits: • • • • • • • Lower costs of conducting day to day business Market of products on an international level Increased the company’s agility and flexibility Improved and more efficient decision making Increase the customer base Lower procurement cost for both supplier and buyers Increase business intelligence.
Security threats:
From a technological perspective, the security threats are in terms of compromising company data, transactional data and disruption of the operations of the B2B environment. These Security threats are broadly of 2 types as follows:
Malicious Outsiders/ Insiders: E-commerce systems are based upon Internet use, which provides open and easy communications on a global basis. However, because the Internet is unregulated, unmanaged and uncontrolled, it poses a wide range of risks and threats to the systems operating on it. The use of the Internet means that company’s internal IT and e-commerce systems are potentially accessible by anyone, irrespective of their location. Thus outsiders who want to steal company information or disrupt company’s operations can pose a problem by various methods.
MALWARE SPOOFING NETWORK SNIFFING PASSWORD CRACKING
INTRUSION ATTACKS
SOCIAL ENGINEE-RING
THREAT METHODS
DENIAL-OFSERVICE ATTACKS
DUMPSTER DIVING PACKET MODIFICA-TION PACKET REPLAY
HACKING
IMPERSONA-TION EAVES-DROPPING
1.
Malware
These are malicious codes which include viruses, Trojan horses, worms and harmful applications. These techniques are used by a number of people on the internet in order to be able to infiltrate the systems of individuals or mostly companies and be able to disrupt or retrieve sensitive information. 2. Network Sniffing
A big number of sensitive data traveling on the web and especially between businesses sometimes are not encrypted. This allows an attacker that uses special tools to be able to gain access to the connections made and read the data. This can be from simple e-mails to e-mail contracts and B2B trading agreements. 3. Password cracking
Passwords are the most common method of authentication used to control access to digital resources. They are also the easiest way to gain unauthorized access to these resources. Armed with password cracking software, an intruder can discover a dictionary word password, or simple variation, in a matter of seconds. There are three different types of attacks against passwords: guessing, cracking, and disclosure via social engineering. 4. Denial-of-service attacks
In DOS attacks, the attacker(s) floods the B2B site (portal or extranet) with useless traffic making the server load unbearable. This causes the trading site to crash and the network to shut down. For busy sites this is a very unwanted and more importantly a costly situation. Of course is not only about money, and not only form the supplier’s perspective. A buyer may rely on a certain product that supplier X provides, loosing that product may not only bring more costs but it may also affect critical manufacturing processes. 5. Hacking
Hackers are individuals that use their skills and find weaknesses in web sites and or computer systems to infiltrate and retrieve information often with a criminal intent. Several times hackers destroy archives, web sites, applications and computer systems which this in technological terms is called cyber vandalism. Hackers, that post these vulnerabilities of company owned networks, programs and application on the internet, and hackers that vandalize for what ever purpose company data compromise the sensitive information and shake the trust of companies trading in the B2B environment. 6. Impersonation
Impersonation involves an attacker assuming the role of an individual who pretends to have some legitimate need for the information being sought. The assumed role could be that of an actual employee, or someone outside the organization who purports to have a relationship with the company, or is simply doing some work on the company premises (e.g. phone repair). 7. Eavesdropping
E-mail headers and contents are transmitted in the clear text if no encryption is used. As a result, the contents of a message can be read or altered in transit. The header can be modified to hide or change the sender, or to redirect the message. This allows a cracker (hacker) to make a complete copy of network activity. As a result, a cracker can obtain sensitive information such as passwords, data, and procedures for performing functions. It is possible for a cracker to eavesdrop by wiretapping, using radio, or using auxiliary ports on terminals. It is also possible to eavesdrop using software that monitors packets sent over the network. In most cases, it is difficult to detect eavesdropping.
8.
Packet replay
This refers to the recording and retransmission of message packets in the network. Packet replay is a significant threat for programs that require authentication sequences, because an intruder could replay legitimate authentication sequence messages to gain access to a system. Packet replay is frequently undetectable, but can be prevented by using packet time stamping and packet sequence counting. 9. Packet modification
This involves one system intercepting and modifying a packet destined for another system. Packet information may not only be modified, it could also be destroyed. 10. Dumpster Diving Even today companies throw away a big number of paper based information without disposing of it correctly (e.g. shredding). Individuals tend to search through the organizations trash and find, sensitive information like, organization charts, password, directories-mails, and confidential client information such as bank accounts, recent purchases etc. 11. Social engineering An individual can compromise and find weaknesses in companies by just having casual phone conversations with company staff. A “con-artist” can retrieve information from company staff by asking simple information like, where are your servers, or what database is the company using or operating system is in place. As a result the hackers can better direct their attack and thus increase their chances of success. It vital for companies to ensure that staff is properly educated on the confidentiality of this information. 12. Intrusion attacks Attackers using well-known techniques can penetrate many networks. This often happens when attackers use known vulnerabilities in the network. In updateable systems, administrators may not have or take the time to install all the necessary patches in a large number of hosts. In addition, it is usually not possible to perfectly map an organization's policy on computer use to its access-control mechanisms and thus authorized users often can perform unauthorized actions.Users may also demand network services and protocols that are known to be flawed and subject to attack. 13. Network spoofing
Attackers often use this technique, to disguise themselves or a specific B2B site and make it look identical to the original site. Having done that the attackers can receive orders from company clients and alter these orders before returning them to the company
Non Malicious Ignorant Employees; Attackers are not the only ones who can harm an organization. The primary threat to data integrity comes from authorized users who are not aware of the actions they are performing. Errors and omissions can lose, damage, or alter valuable data. Users, data entry clerks, system operators, and programmers frequently make unintentional errors that contribute to security problems, directly and indirectly. Sometimes the error is the threat, such as a data entry error or a programming error that crashes a system. In other cases, errors create vulnerabilities. Errors can occur in all phases of the system life cycle.
Countermeasures and protections from security threats in B2C:
1. Limitation of usage: The first protective measure available as a cardholder is to limit the usage of each card. It is safer to use more than one card and maintain strict separation of usage. In particular, Internet transactions and ordinary card-present transactions should never be mixed on the same card. This will very much reduce the potential for fraud because the most likely way for a fraudster to get details of the card details is from an ordinary off-line transaction. For cards that are never used on the Internet, any fraudulent Internet transaction will be immediately obvious. 2. Credit limits: The second weapon in the armory against the fraudster is the credit limit. The main rule is not to have a larger credit limit than you need for the usage you intend to put your card. If you need to make high value transactions, then keep a specific card solely for the purpose - and don't flash it about unnecessarily. Financial institutions must recognize that credit limits are not there solely to protect the institution but also to protect the customer, and to act accordingly. Breaching an agreed limit is prima facie evidence that a transaction may be fraudulent and in my view it is the institution's duty to enforce the credit limit by refusing the transaction (or possibly delaying payment until specific authorization has been obtained). The current practice, which appears to treat limits as though they didn't exist, is dangerous and should be discontinued. (Ref: wiki.media-culture.org.au/index.php/E-Commerce_-_B2C_Applications) 3. Notification of transactions: One of the reasons why fraudulent transactions are a headache for all concerned is that several weeks can elapse before they are spotted. With Internet transactions, at least, it should be inexpensive to improve the situation. A major strength of the Internet is its support for rapid, cheap and automatic communications. It should be easy to provide early notification of a transaction to help identify fraud. Unfortunately this is not something that individuals can implement on a self-help basis. It does need action by the financial institutions. The necessary steps are: • • • Before being allowed to conduct transactions over the Internet the cardholder should supply an email address. Whenever an Internet transaction reaches the financial institution, an automatic email notification should be sent to the address supplied. Ideally the payment processing should have a built-in delay, say 48 hours, to allow the cardholder to raise an alarm.
4. Better cards: In the past, credit cards were very limited in capability (and easy to forge). The industry is already moving away from the older magnetic stripe technology to the more expensive smart card, with on-board memory and processing. At the moment the capabilities are relatively unsophisticated (chip and pin). Nowadays, there are much higher assurance mechanisms to tie the card to the legitimate cardholder. This includes one or more of photographs on the card, biometric information and stronger password/pin. Use of such technologies will increase the difficulty of using a stolen card and of forgery and so should greatly reduce the incidence of card-present fraud. 5. An end to ‘card not present’ transactions: For remote transactions the greatest improvement will come about from having the card present during a transaction. Although card readers are not standard components of the current generation of terminal (home computer, PDA, telephone etc), it will not be very long before the technology is sufficiently cheap and robust to allow it, and there will come a juncture when it will be economically and socially reasonable to insist on card presence for remote transactions. This could result in three significant improvements: • • Better authentication information (held on the card) could be made available to support the transaction. The information that is readily available to human beings (especially at the vendor end of the transaction) can be minimized. There is no actual reason for the vendor to learn any of the details of the card. • Third parties will not be able to initiate a transaction without providing a substitute card.
6. Authorization path independent of vendor: Increasingly, modern telecommunications involve more than two parties. This is becoming especially common for real-time communications using the Internet. A model that allows all three parties to the transaction to be involved at the same time, with an independent channel between purchaser and financial institution could provide a much higher degree of assurance than the present model and make large reductions in the incidence of fraud. 7. Use of SET protocol: Secure Electronic Transaction (SET) is a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET is not itself a payment system, but rather a set of security protocols and formats that enables users to employ the existing credit card payment infrastructure on an open network in a secure fashion. The salient points are: • • In mid-1990s, Visa and MasterCard agreed on SET (Secure Electronic Transaction) specifications. SET provides ‘complete’ protection for e-commerce transactions.
• • •
Bidirectional authentication, encryption of card details at merchant server, privacy of transaction details from acquirer bank, transaction integrity protection, … SET transactions regarded as ‘cardholder present’ transactions. SET makes use of cryptographic techniques such as digital certificates and public key cryptography to allow parties to identify themselves to each other and exchange information securely
Modern Security solutions: The numbers of security breaches and increasing awareness towards e thefts have lead to a number of modern solutions being developed. This may include: • • • On-line transaction authorization at merchant (prevents use of stolen cards) CVC value printed on card (designed to make use of stolen card details harder) Use of SSL/TLS to protect cardholder/merchant link (and authenticate merchant)
1. EMV: EMV is a standard for interoperation of IC cards ("Chip cards") and IC capable POS terminals and ATM's, for authenticating credit and debit card payments. The name EMV comes from the initial letters of Europay, MasterCard and VISA, the three companies which originally cooperated to develop the standard. The EMV standard defines the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions. Some major pointers are: • • • EMV-compliant credit cards now being rolled out in UK. EMV not really designed to protect ecommerce. Designed to reduce fraud and reduce number of online authorizations (expensive).
2. SSL/TLS: Secure Sockets Layer (SSL) and the Transport Layer Security (TLS) provide security for an Internet communications link. TLS is commonly used to protect ecommerce transactions against Internet eavesdroppers. However: • • • SSL/TLS does not protect data once it reaches the merchant server. SSL/TLS does not provide cardholder authentication. Although SSL/TLS provides merchant authentication, this is not foolproof, as it relies on the cardholder checking displayed web pages. 3. Cryptography: It is the most widely used technique for implementing technology solution for security problems. It comprises of encryption which is the process of making information unintelligible to the unauthorized reader and decryption which is reserving encryption to make the information readable once again. Conventional cryptography uses a secret code or key to encrypt information. The same secret key is used by the receiver to decrypt the information.
4. Digital signature: It can be used not only to verify the authenticity of the message and the claimed identity of the sender, but also to verify the message integrity. The recipient, however, should not be able to use the received digital signature to falsely “sign” messages on behalf of the original sender. Here a message is encrypted with the sender’s private key to generate the ‘signature’. The message is then sent to the destination along with this signature. The recipient decrypts the signature using the sender’s public key, and if the result matches with the copy of the message received, the recipient can be sure that the message was sent by the claimed originator and that the message has not been modified during transmission, since only the originator is in possession of the corresponding encryption key. It is a two key cryptosystems. 5. Biometric solutions: A more effective solution can be obtained by using a biometric authentication device, such as a fingerprint scanner, in the e-wallet. Smart card are similar to credit cards except that they have chips embedded in them. These cards can be used to store value and carry authentication information. 6. 3-D Secure: Recently there is a newly devised approach being promoted by Visa which is called One of a number of ‘3 domain’ solutions. Instead of requiring cardholder and merchant to provide secure payment functionality, servers provided by issuer and acquirers perform functions on behalf of end players. Servers interact with interoperability (brand) server – hence ‘3 domains’. 7. M-commerce solutions: Another possible approach to secure Internet payments operate via mobile networks (or with support of mobile networks). This is promising because mobile networks already have means for end-user authentication, and mobiles rapidly becoming ubiquitous. 8. Electronic cash: Other solutions rely on payment methods other than credit card. One family of solutions involves storing value on smart cards. Such e-cash already in use in variety of countries, and can also potentially be used for e-commerce transactions. (Ref:https://www2.sans.org/reading_room/whitepapers/ecommerce/37.php? portal=75b14170c904f262bb13dff8eb2cfa8c)
Securing the B2B environment: We see security is important in all fields of the B2B segment. Both in terms of sustaining the value chain, but most importantly, to ensure and build a trust infrastructure between two trading parties. Moreover having a robust security policy ensures that the problems of transactional and information asymmetry do not occur, and ensures that both companies perform as expected. Approach It is important for companies to understand that security in its literal sense is not only a piece of software, or hardware that is put in place, but security has to be enabled and studied from a wider perspective.
The following approach can be followed:
• • • •
Prevent- Put measures in place in order to avert security risks. Detect- Mechanisms should be embedded in systems in order to efficiently and effectively identify security breaches. Respond- To be able to react in response to a threat and take action to nullify the effects. Improve- The affected areas should be improved and ensure that the same security event does not occur again.
It is very important however, for companies to acknowledge that the actual prevention of all security threats is virtually impossible. New ways will be implemented to counteract and counterattack security threats and new ways will be devised by individuals to breach those new techniques. Consequently although companies, should keep aware of old threats and ensure that these do not occur, they should at the moment, put the weight of focus on detecting and responding aggressively to those threats. Security Measures: Security measures can be broadly divided into two as follows:
Policies/ Standards:
Each organization participating in a B2B transaction should have securities policies to have a standardized strategy to counteract security threats. The policies should cover the following topics: • • • • • • • The company should limit privileges to staff in every function. Privileges should be given depending on the necessity of the work done. Extra levels of security must be used for key corporate assets. Legacy and new systems should be integrated. Complexity makes security much more difficult. A number of security mechanisms should be kept. Having in place only one security mechanism can expose the entire organization. Complex passwords should put in place should be put in place in internal and external applications, protocols and network connections. Invalid password attempts should be logged and investigated Security systems should be audited as frequently as possible. Industry standards are important. This ensures that all systems are universal and that security is an aligned with the business processes, especially transactional and value chain. This will allow better management and minimize risks. • • Policies should be put in place that legally limit access to confidentiality information, prevent access to files, sites and illegal practices. Privacy and company confidentiality is important for both supplier/buyer. Information and data that fall into this category are very important and should be kept and guarded responsibly. Technological: There are a number of measures that companies can use, to prevent, detect and respond to security threats. These are situated in the network, physical and link layer, the application layer and the web services layer. Some of these technological measures include the following: 1. Firewalls • • Access Control: Firewalls restrict communications between two or more networks/hosts based on rules. Logging: Most firewalls will generate logs about the traffic that goes through them to provide an audit trail. A firewall can be used to separate untrusted networks such as the Internet, from internal networks that contain sensitive and private data. Because a firewall can implement a security policy for a whole network, such as, no inbound HTTP should reach Mainframe; a firewall can remove some security burden from internal systems. Network firewalls are not the only network security measures needed on a network however. Systems that are exposed to untrusted networks must still be protected, since the firewall is already configured to allow traffic through to the system.
Firewalls generally provide the following functions:
2.
VPN (Virtually Private networks)
A VPN is a network that is constructed using network protocols to create a “virtual” private network out of a network this is not truly private. VPNs are constructed using protocols that typically perform Authentication and Encryption so that two networks, not directly connected, can appear to the user or other networks as if they are private. A VPN device could be either a hardware or software, which is installed in a client and server to create secure private links. VPN can be deployed on a public network as links between point-to-point (or) point-to-multipoint networks. Point-to-point networks have one source and one destination as apposed to point-to-multipoint that has one source to multiple destinations. Virtual Private Networks can also be deployed over network-to-network connection (e.g. Company A connected to Company B over leased circuits) or network-to-client connection (e.g. User connecting to Company over dial-up connection). 3. Secure socket layer (SSL) Secure Sockets Layer, SSL is used to secure data in transit and provides security using data encryption, server authentication and message integrity. SSL is a security protocol originally developed by Netscape for protecting network communications. SSL is an open, non-proprietary protocol that has become the industry standard for protecting data in transit. Several versions of SSL are currently available including SSLv2 and SSLv3. TLS (Transport Layer Security) is the latest internet standard SSL-style protocol and is found in the newest servers and browsers. SSL provides secure communications using: • • • • 4. Data Encryption Server authentication Message Integrity Optional client authentication
FTPS-FTP that uses SSL
FTP is the file transfer protocol. FTP is a protocol designed for the transmission of files over TCP/IP networks. FTP was designed before security of network protocols was as important as it is today. As such, FTP has few built-in security measures to defend against modern threats. Most operating systems come with both an FTP client and Server. There is a draft standard for a new version of FTP that supports strong authentication and encryption. FTPS uses SSL to provide confidentiality and integrity for both authentication information and file data during transmission. Several products support the FTPS protocol and more are expected. For the transmission of sensitive data in File-at-a-time mode, FTPS is a good option if both organizations sending/receiving data can support it. FTPS is still an evolving draft-status protocol. Though several vendors do have implementations that adhere to the current draft specification, FTPS support is not nearly as available as FTP. FTPS has roughly the same administrative and protocol features of FTP. FTPS has native support for userid + password authentication. The FTPS specification also allows for SSL-Certificate Authentication.
The FTP protocol itself does not support the transmission of authorization information. There is no standard for how the server should perform authorization checks. Most servers rely on local files system permissions for their authorization. FTPS supports full-strength SSL encryption. FTPS can protect both the command and data channels of the FTP communication. FTPS supports integrity modes of SSL. FTPS will perform integrity checks for each packet/file of data transferred. 5. HTTPS
HTTP is the HyperText Transport Protocol. It is a protocol for exchanging marked-up text with hyperlinks. HTTP is a protocol that was designed for sending small text and images using TCP. HTTP has evolved to be the major protocol in use on the Internet and extended to carry video, XML, and all manner of richcontent. HTTP was designed before Internet security was a major concern, and as such HTTP does not offer many native security features. Most operating systems come with an HTTP server. HTTPS is HTTP+SSL. HTTPS relies on SSL to provide Confidentiality, Integrity, and stronger Authentication and HTTP alone. HTTPS is the standard for securing HTTP. All major browsers and web servers support HTTPS. HTTPS is the protocol used to secure the vast majority of HTTP communications. Most servers that support the HTTP protocol also support HTTPS. HTTPS has native support for userid + password authentication. The HTTPS specification also allows for SSL-Certificate Authentication. The HTTPS protocol itself does not support the transmission of authorization information. There is no standard for how the server should perform authorization checks. Most servers have relatively simple built-in mechanisms for access control. HTTPS supports full-strength SSL encryption. HTTPS supports Integrity modes of SSL. HTTPS will perform integrity checks for each packet/file of data transferred. 6. Cryptography
Encryption of data both transactional but also private and confidential information is very important in the B2B environment. Encryption is the process of converting data from one format to another (more like from a human readable format to junk characters). In other words it involves converting plain text to cipher text. Decryption is the reversal process, which involves converting cipher text to plain text. There are two types of encryption technologies, one is the symmetric encryption and the other is asymmetric encryption. Symmetric encryption uses the same key for both encryption and decryption. Asymmetric encryption uses two keys, one for encryption and the other for decryption. This is more like public and private keys. The public key is given to any one and the private key is kept secret. The keys use a one-way hash function that is impossible to reverse engineer. In essence, the same key cannot be used for both encryption and decryption. 7. Prevention and detection of malicious software
All systems have to be updated and be kept up to date with the latest malicious Software threats such as viruses, Trojans and worms. The standard method of protecting against malicious software is anti-virus
software. Many vendors make packages for detecting, disabling, and removing/repairing malicious software. Anti-Virus software operates in two general modes. The first mode matches files on disk and in memory against patterns of known viruses. This mode relies on the anti-virus vendors to constantly update their signature databases and distribute them to customers. Anti-Virus vendors often compete on how quickly they can react to a new virus/threat and send out signatures to their customers. The second mode of anti-virus software is called heuristic. Anti-Virus software that operates in this mode attempts to watch the system for suspicious behavior. It does not rely on a constantly updated signature database. Most anti-virus software can operate in both modes. Some anti-virus software can operate not only on the individual enduser system, but also on servers or gateways. Anti-virus software exists that can scan all email passing through a server, or all HTTP traffic passing through a proxy. 8. Digital signature
A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means to know who created the document and that it has not been altered in any way since that person created it. Digital signatures rely on certain types of encryption to ensure authentication. Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Authentication is the process of verifying that information is coming from a trusted source. These two processes work hand in hand for digital signatures. There are several ways to authenticate a person or information on a computer:
•
Password – One enters name and password when prompted by the computer. It checks the pair against a secure file to confirm. If either the name or password does not match, then one is not allowed further access.
•
Checksum - Probably one of the oldest methods of ensuring that data is correct, checksums
also provide a form of authentication since an invalid checksum suggests that the data has been compromised in some fashion. A checksum is determined in one of two ways. Let's say the checksum of a packet is 1 byte long, which means it can have a maximum value of 255. If the sum of the other bytes in the packet is 255 or less, then the checksum contains that exact value. However, if the sum of the other bytes is more than 255, then the checksum is the remainder of the total value after it has been divided by 256.
•
CRC (Cyclic Redundancy Check) - CRCs are similar in concept to checksums but they use
polynomial division to determine the value of the CRC, which is usually 16 or 32 bits in length. The good thing about CRC is that it is very accurate. If a single bit is incorrect, the CRC value will not match up. Both checksum and CRC are good for preventing random errors in transmission, but provide little protection from an intentional attack on your data. The encryption techniques below are much more secure.
•
Private Key encryption -Private Key means that each computer has a secret key (code) that it
can use to encrypt a packet of information before it is sent over the network to the other computer. Private Key requires that one knows which computers will talk to each other and install the key on each one. Private Key encryption is essentially the same as a secret code that the two computers must each know in order to decode the information. The code would provide the key to decoding the message.
•
Public key encryption - Public key encryption uses a combination of a private key and a public
key. The private key is known only to your computer while the public key is given by your computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key provided by the originating computer and it's own private key. The key is based on a hash value. This is a value that is computed from a base input number using a hashing algorithm. The important thing about a hash value is that it is nearly impossible to derive the original input number without knowing the data used to create the hash value.
•
Digital certificates - To implement public key encryption on a large scale, such as a secure
Web server might need, requires a different approach. This is where digital certificates come in. A digital certificate is essentially a bit of information that says the Web server is trusted by an independent source known as a Certificate Authority. The Certificate Authority acts as the middleman that both computers trust. It confirms that each computer is in fact who they say they are and then provides the public keys of each computer to the other. The Digital Signature Standard (DSS) is based on a type of public key encryption method that uses the Digital Signature Algorithm (DSA). DSS is the format for digital signatures that has been endorsed by the US government. The DSA algorithm consists of a private key that only the originator of the document (signer) knows and a public key.
Study of various B2B and B2C websites:
Ariba.com
Ariba is committed to the security and integrity of customer information within Ariba Supplier Network (Ariba SN). Ariba uses industry best-practice security measures to protect against the loss, misuse or alteration of the information under our control. The Ariba Supplier Network (ASN) application; the shared service offerings of Ariba Category Management (ACM), Ariba Enterprise Sourcing (AES), Ariba Analysis, Ariba Spend Visibility, Ariba Procure to Pay (P2P), Ariba Travel and Expense, and Electronic Invoice Presentation and Payment (EIPP) applications have been certified for a WebTrust seal for Availability, Confidentiality, Processing Integrity, and Security.
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ariba has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect within the Ariba SN. These measures include the following: ? ? ? ? ? Multiple level firewalls to segregate and secure network segments based on system roles. Data transmissions are encrypted using SSL technology Use of server-side and client-side digital certificates Role-based administrative access policies and procedures Primary co-location facility uses cipher-encoded access badges, biometric scans, and 24-hour video surveillance and guards to control access ? ? ? ? Comprehensive in-house performance and security monitoring and auditing Intrusion detection and analysis Detailed security policy, processes and procedures Security auditing performed by outside consulting agencies
To provide for the availability of service and information within Ariba SN, Ariba implements the following components: ? ? ? ? ? ? ? A disaster recovery plan Detailed backup strategy and secure off-site storage High availability clustered database servers Redundant systems, power supplies, and network connections Service level agreements with service providers to guarantee service levels Comprehensive change management and testing policies 24-hour x 7-day per week technical support staff
Ariba provides for transaction integrity in the Ariba SN through the implementation of solid business practices, which include: ? ? ? Continuous real-time monitoring of failed transactions Detailed procedures for troubleshooting and resolving issues Policies and procedures on information privacy and disclosure
i2.com
i2's mission is to enhance customers' competitive positions by providing planning and optimization solutions that enable secure intelligent B2B and B2C electronic commerce.
2 Electronics References Databases: Database (formerly known as VIP from Aspect Development) is utilized by electronics distributors, contract manufacturers, and OEM’s to find, select, compare, and purchase components that meet both technical and business requirements in a secure mode. In e Commerce business users are committed to utilizing these familiar, easy-to-use office applications, but disparate spreadsheets are not easily synchronized or updated in real time and plans can suffer from inaccurate, out-of-synch, or corrupt data which can have a significant impact on business plans and transactions. i2 Tether, a solution from I2 Technologies Inc enables companies to leverage best in class Supply Chain Management applications across the enterprise while working with the tools in which users are most accustomed. i2 Tether links Office Excel 2007 spreadsheets to the i2 Agile Business Process Platform ensuring that enterprise data and business logic can be secured, recorded and measured across multiple organizations. The solution allows users to collaborate on data through a central enterprise environment at various times, dates and locations with the accuracy and confidence of maintaining one single version of the truth. i2 Tether allows Microsoft Office Excel 2007 to be integrated into solutions and workflows via the i2 Agile Business Process Platform. This takes Office Excel 2007 beyond the user interface and opens the door to include capabilities from the platform such as our data model, business rules and workflows. Benefits of i2 Tether for Office Excel 2007 include: ? Managing distributed Supply Chain operations with an accurate up to date single version of the truth ? ? ? ? ? Improved data integrity and security Accelerated user adoption Ability to develop and re-configure business processes easily Ability to log changes as they occur and by user Enhanced role-based control and security
Another company named Entrust Technologies Inc., a global leader in solutions that bring trust to ebusiness supports i2 Technologies, to use market-leading security software within its TradeMatrix(TM) solutions in order to provide the trust infrastructure to support high volume transactions, in many-to-many, buy/sell environment."
For this security feature i2 integrates the Entrust/Toolkit(TM) for Java(TM) development software, with the i2 TradeMatrix solutions. This combination is designed to enable more secure business interactions between i2 and its partners, suppliers, customers, service providers and TradeMatrix marketplace users. The integrated capability provides certificate-based authentication between i2's TradeMatrix solutions. For security reasons, access to the website is limited to current i2 customers, employees and partners.
PerfectCommerce.com
Perfect Commerce brings the Open Supplier Network (OSN) and our On-Demand Supplier Relationship Management (SRM) solutions to market in a secure and stable environment and has built world-class methodologies and procedures. Perfect Commerce was one of the first e-business services providers to achieve level 2 certification of the Software Engineering Institute's Capability Maturity Model (CMM). Furthermore, Perfect Commerce partners and technology represent the best-of-class in e-business solutions. The importance of security is recognized and addressed in a number of ways: ? Security policy based on ISO International Standard 17799 (Information Technology - Code of Practice for Information Security Management) ? ? ? ? ? Full utilization of third-party security monitoring 24 x 7 Periodic audits by third-party security firm Periodic SAS 70 completed by Deloitte and Touche Periodic Internal System Scans Multi-tiered Firewall Infrastructure
Its security model is based on widely accepted standards, drawing upon sources such as regulatory guidance, ISO 17799 standards and ONCE (Open Network of Commerce Exchanges) security requirements. All data are stored in a secured environment with appropriate backups while data transport occurs in a 128-bit SSL encrypted environment. High-availability and load balancing are provided by complete IT and operational redundancy. Combinations of host-based and network-based Intrusion Detection Systems (IDS) are used for monitoring and reporting activities. Independent auditors assess the vulnerabilities of both internal and external networks on a periodic basis using a variety of scanning tools. These external security assessments are used to confirm existing controls and support the continuous improvement of security measures.
The system protects sensitive user and vendor data and provides secure transmission and storage of user information, transaction data, and vendor ERP data to ensure data privacy and integrity.
Yatra.com:
It assures appropriate standards when it comes to protecting user’s privacy on its web site while accessing the features. In general, anyone can visit Yatra website without revealing his or her identity. Web professionals at managing the site track the Internet address of the domains from which people visit and analyze this data for trends and statistics, but the individual user remains anonymous. Some of the web pages use "cookies" so that web professionals at Yatra.com can better serve its users with customized information when they return to the site. Cookies are identifiers which a web site can send to the user’s browser to keep on their computer to facilitate their next visit to the site. The user can set his/her browser to notify them when they receive a cookie, giving them the option to decide whether or not to accept it. Yatra does not sell, trade or disclose to third parties any information derived from the registration for, or use of, any online service (including names and addresses) without the consent of the user or customer (except as required by subpoena, search warrant, or other legal process or in the case of imminent physical harm to the user or others). Yatra will allow suppliers to access the information for purposes of confirming the user’s registration and providing them benefits that they are entitled to. If the privacy policy changes in the future, it is posted on the web page and a new effective date is shown.
MakeMyTrip.com:
All payments on the MakeMyTrip.com site is Verisign SSL secured. This means all personal information provided to MakeMyTrip is transmitted using SSL (Secure Socket Layer) encryption The same process happens when the user makes travel purchases on the MakeMyTrip.com site. Conventionally cookies are used as a security alert measure. "Cookies" are small pieces of information that are stored by the browser on user computer's hard drive. The use of cookies is very common on the Internet and MakeMyTrip's use of cookies is similar to that of such sites as Expedia and Orbitz, as well as Yahoo!, CNN.com and other reputable online companies. Such cookies are also used to display an advertisement while the users are on MakeMyTrip.com site or to send a "Best Day to Buy" email (or similar emails - assuming that users have not opted out of receiving such emails) focusing on destinations in which users may be interested. None of this information is passed to any third party
The third - party advertising companies may also employ technology that is used to measure the effectiveness of ads. Any such information is anonymous. They may use this anonymous information about the user’s visits to this and other sites in order to provide advertisements about goods and services of potential interest to the concerned user. No PII is collected during this process. The information is anonymous, and does not link online actions to an identifiable person.
doc_644750488.doc