The security technology of e-commerce - Essay Example

The security technology of e-commerce CONTENTS 0 Executive Summary2.0 Introduction 3.0 Research hypothesis Statement 4.0 Explanation of the Technology 4.1 Background 4.2 Firewall 4.3 Intrusion detection System (IDS) 4.4 Anti-Virus Software 4.5 Secure socket layers (SSL) 4.6 Secure Electronic Transaction (SET) protocol 4.7 Suppliers and users of Security Technology 5.0 Application and uses of Security technology in Business 5.1 Strength and Week areas of SSL 6.0 Future Trends 7.0 Conclusion 8.0 References 1.0 EXECURIVE SUMMARY: E-commerce is associated with business carried out through Internet. It evolves on line banking, purchasing and selling products online. Making payments through online accounts and transfer of electronic documents. In today's internet environment, consumer faces a lot of risks while conducting business through internet. Many financial crimes are being carried out at internet such as frauds, identity thefts, cyber attacks, cyber Terrorism, cyber attacks during the war on terrorism, viruses and worms, hacking and malware techniques Some of the common practices for security, while dealing in any financial activity online are Update operating system and software whenever their updated versions are available. Insure the network security before online financial transaction. Disable all unnecessary services. Don't give anyone your personal information. Check privacy and security policies before making any transaction. Avoid any unknown e-mails. In addition to the common practices available to persons, some strict security measures are also required to be taken for conducting a safe transaction. The present day security measures needs improvement to sustain the confidence of consumer in e-commerce. Some of the latest works in system securities has been cited. 2.0 INTRODUCTION: Most reputable financial institutions and e-commerce service providers takes all measures to protect the data and transactions online and simultaneously they provide the details to the customers, how to protect their transaction. (1) Although the risks are generally avoided while dealing with internet transactions, even then the threats are enormous. The various threats include cyber terrorism, credit card number may be intercepted, cyber attacks during the war on terrorism, viruses and worms, hacking and malware techniques (2), one of the service providers may deny that the deals ever took place (3), hackers may exploit data from web page due to some improper security measures, hackers may gain access to the system. Sometimes customers may also become a victim of identity theft (4). According to a survey conducted by the US Department of Justice (DOJ), identity theft is affecting millions of household in the US and costing an estimated $ 6.4 billion per year (5). To avoid all these consumers must take some proactive steps and practices to access the computer before carry out any financial transaction. Some of the most common practices include use of updated versions of software and operating systems, ensure proper network security, avoid opening unknown e-mails and attachments, use of passwords, use of updated antivirus softwares and use of encryption. In the present paper the author attempts to deal with the type of risks available to the internet user, the present security system available to the consumers and future security trends. The finding of available security system has been summarized. 3.0 RESEARCH HYPOTHESIS STATEMENT: While going before the literature as cited in bibliography, author made an attempt to a hypothetical statement as , " Are the current security systems able to provide security to the e-commerce users" 4.0 EXPLANATION OF THE TECHNOLOGY: 4.1 BACKGROUND: In the early 1990's digital break-ins, kidnapping were the terms used by many popular journals to hackers. The early targets were educational institutes and government sites. Web pages of the Department of Justice were modified on august 17, 1996 and Central Intelligence agency was made a victim on Sept 18, 1996 (6). Starting with the simple precautions in early 1990's , today we have developed various security measures such as firewalls, intrusion detection systems (IDS) and antivirus- softwares 4.2 FIREWALL: A system that acts as a network traffic cop, allowing some types of traffic through while blocking other types of traffic. Different types of firewalls can make decisions to transmit or block traffic based on individual packets, particular applications or particular functions within applications (1). Firewalls are generally of two types packet filter type and proxy filter type. In packet filter type, the firewall looks through TCP/IP header of each packet sent through and decide whether to transmit it or not.All information is available at the header of the packet such as source address, destination address, source port, destination port etc.In proxy filter, client application first connect to the firewall machine known as proxy server or proxy. After connecting to the proxy server, the client indicates which server is needed for access. The proxy server connects to the remote host and pass on the information sent by client and vice-versa.Hence all the transactions are held through proxy server. 4.3 INTRUSION DETECTION SYSTEMS (IDS): A system or program that looks for attacker activity and warns administrators when it discovers evidence of an attacks (1). In IDS initial important information about files is collected and stored. At a later stage the information is recollected and checked for the stored values to determine if the file has been modified. 4.4 ANTI-VIRUS SOFTWARE: Software that can detect the features and activities ( the signature) of worms and viruses and prevent them from entering the computer, This software typically alerts the user when a virus is detected, but must be updated regularly to ensure that the user is protected against recently detected worms.(7) 4.5 SECURE SOCKET LAYERS (SSL): The secure socket layers protocol uses encryption and authentication techniques to ensure communication between a client and a server, which remains private and allow the clients to identify server and vice-versa. (8) 4.6 SECURE ELECTRONIC TRANSACTION PROTOCOL (SET): MasterCard, VISA, jointly developed the secure electronic transaction protocol with IBM and other technology providers, protects the bank card transfer information to unauthorized hackers on internet. This is a application layer security. 4.5 SUPPLIERS AND USERS OF SECURITY TECHNOLOGIES: There are more than hundred vendors of these security technologies, but some of the most prominent providers are Axent, Network associates, Cisco, GFI, Sourcefire, RSA Security , Checkpoint Software Technologies. The users of technologies are from single network users to large organizations, fortune 500 companies, multinationals, government offices etc. 5.0 APPLICATION AND USES OF SECURITY TECHNOLOGY IN BUSINESS: At present for secure business transactions, most browsers and web servers choose SSL (Secure Socket Layer) technology, to provide a safe way to transmit secured information such as credit card details, e-mail messages, online banking and for personal informations. Netscape Communication Corporation developed SSL technology and it has become the industry standard for web browsers. The SSL protocol provides data encryption, server authentication, message integrity and optional client authentication for a TCP/IP connection, allowing for the secure transfer of sensitive information on the internet. (8) 5.1 STRENGTH AND WEEK AREAS OF SSL: This VPN technology is growing due to its advantage over other VPNs. The major advantage is that a special VPN client software is not required, because the SSL VPN uses the web browser as the client application. SSL VPN is termed as clientless solutions. Even though there is no client software installed (other than the Web browser), SSL VPN gateways can still provide the advantages of "managed clients" by forcing the browser to run applets, for example, to verify that anti-virus software is in place before the VPN connection can be established. (9) SSL and Clickbank is one of the example of success. The main disadvantage of SSL is that it operates at the application layer, thus it must be supported by user application. (10) SSL runs on TCP/IP layer, so every layer below it is not protected. 6.0 FUTURE TRENDS: Internationally, various service providers, research scholars and technology regulators are examining the consumer's confidence in online shopping. It was suggested that the consumer confidence or trust improves by increasing the transparency of the transaction process (11). It has also been suggested that the fundamental requirements for e- commerce satisfies the following security issues, authentication, authorization, availability, confidentiality, data integrity, nonrepudiation and selective application services(12). With the growing customers interest in purchasing online, the privacy and security concern up to a certain extent will always be there. There could be two methods to resolve the issue. The first would be the companies to enforce self-regulatory privacy policy as suggested by Federal trade Commission (13).The second will be use of encryption technology as in the case of SSS and S-HTTP( secure Hypertext Transfer Protocol). The current industry standards such as SSL and SET provide enough measures to protect the consumers data from unauthorized access. To make sure that whatever information goes from the customer to the network is secure, it would be mandatory to implement encryption standard right at machine level. The Clipper chip, which is a new encryption device, could be used to each computer to provide a foolproof communication. It is desirable for the future communication devices such as internet computer, PDA, phone etc, would have the clipper chip imbedded in them , so that these communication devices can provide a secure communication. Any data or voice which will be sent out by these communication devices will be encrypted at one end and the clipper chip will decrypt the data or voice at other end. It was further suggested that this chip will employ "escrowed encryption" meaning that a third party , in this case government, would hold the encryption keys (14). There are concerns among people, that the government may take advantage of sensitive information. The main advantage of this technology will be that this could not be cracked easily as it is not a software but rather a hardware. For the integrity protection in e-commerce, new code-on-demand (COD) mobile agents has been proposed. The use of new dynamically upgraded agent-code, in which new agent function can be added and reluctant one can be deleted, is hopeful to enhance code privacy and helpful for the recoverability of agents after attack (15). Such codes will be useful for the recovery of the agents in future. 7.0 CONCLUSION: Risk will always be there for cyber shoppers, as we have already seen, huge money is being siphoned every year by illegal means. The present security system as we have also focused in our hypothesis, seems to be unable to take care of all network users. Hackers are deceiving many people visiting other sites or making online purchase through credit card, or any other means. The government should also come forward with new cyber laws to tackle this problem; simultaneously the security technology providers should come up with new superior security technologies, clipper chip being a good solution. 8.0 REFERENCES: 1. Best Practices For E-Commerce Consumers, Institute For Security technology Studies, October 2002, Retrieved 2nd April 2006, . 2. Information and Technology US, Sub committee on government management, "computer security, Cyber attacks-War Without borders :Hearing Before The Sub committee" Published 2001, retrieved 2nd April 2006. 3. Terry Bernstein, "Internet Security For Business", New York, Wiley Computer publishing, 1996. 4. Fraud Section, Criminal division, US Department of Justice; Posted on Jan6, 2006, retrieved on 2nd April 2006. 5. Mc Millan, IDG News & Service, "Identity theft hit 3.6 million in US", revised Mar 31, 2006, Retrieved 2/4/06 6. Held, Jonathan S; Bowers, John; "Securing E-Business Applications and Communications," CRC Press, 2001 7. "Protect your computer with confidence," Retrieved on 2nd April 2006 8. Umar, Amjad, "E-Business and Distributed system Hand Book- Platform Module", NGE Solution Inc., 2003. 9. Shinder, Deb, "Comparing VPN options", windowsecurity.com, updated April 6,2005 , Retrieved 2nd April 2006 10. Shinder, Debra; John, Little; "Computer Networking Essentials", Cisco Press, 2001. 11. Swaminathan, V; Lepkowska, White and Rao, B.P; "Browsers or Burgers in Cyberspace An investigation of factors influencing Electronic Exchange," Journal Of Computer Mediated Communication" 1999, Vol 5, Part 2, 32. 12. Bhimani, A; "Securing the commercial internet," Communication of the ACM 1996, Vol 39, Part 6, 29-35. 13. Fazlollahi, Bijan ; "Strategies for E-Commerce Success", Idea Group Inc, Business and Economics, 2002. 14. Denning, D.E; "Clipper Chip will reinforce privacy, in computerization and controversy" 2nd Ed, Academi Press, 1996. 15. Wang, Tianhan; Guan, Sheng-Vei; Chan, Tai, Khoon; "Integrity protection for code-on-demand mobile agents in e-commerce" Journal of System and Software, Vol 60, Issue 3, Febr 2002. Read More