Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
0 likes242 views
The document discusses security issues in e-commerce and m-commerce. It outlines four important aspects of security: confidentiality, integrity, authorization, and non-repudiation. It then discusses threats such as malicious code, sniffing, cyber vandalism, denial of service attacks, and spoofing. The document also outlines security measures like antivirus software, firewalls, digital certificates, cryptography, SSL, and protecting intellectual property through copyright, trademarks, digital watermarking, and steganography.
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
- 1. 1 PART - 2 CHAPTER 5 INTRODUCTION TO M-COMMERCE Presented by Nuzhat Ibrahim Memon
- 2. Security Issues in E-Commerce & M-Commerce 2 Secrecy of the information so that unauthorized user cannot read it. It is achieved by using cryptography All the message transmitted are encrypted and only the receiver can read it after decrypting the message using appropriate key. It helps in protecting the confidential data like credit card number Confidentiality Ensures that the information must not be accidentally or maliciously altered or tampered in transit. Receiver should receive the same message as was sent by the sender. If the message is altered in between the transition, it should be detected. This removes the problem of modifying the order quantity in between and later creating the payment problems. Integrity The valuable data or information that travels on the internet may be misused, stolen, corrupted or lost. E-Commerce and M-Commerce security must meet four important aspects: Presented by Nuzhat Ibrahim Memon
- 3. Securing Issues in E-Commerce & M-Commerce (cont.) Authorization Non-repudiation 3 Ensures that only authentic users are allowed to use the system. Login and Password is one of the way to achieve authentication. Sender of the message cannot deny that he/she has sent the message. It prevents sender or receiver from denying a transmitted message when in fact they did send it. It is usually accomplished via digital signatures or a Trusted Third Party (TTP). Presented by Nuzhat Ibrahim Memon
- 4. Internet Security Threats Malicious Code Sniffing 4 Malicious code is one that causes damage to a computer or system. Either Active itself or be like a virus requiring a user to perform an action as clicking on something or opening an e-mail attachment. It can also affect a network, send messages through e- mail and steal information or cause even more damage by deleting file. Program that uses Internet to record information that passes through a computer or router in transits from sender or receiver. Like tapping the telephone wire and recording the conversation. It can read e-mail, login, password, credit card numbers. Presented by Nuzhat Ibrahim Memon
- 5. Internet Security Threats 5 Electronic defacing of an existing website page. An attacker replaces the website’s original content with his/her own content. It is an example of integrity violation. Equivalent electronic equivalent of destroying property or to placing graffiti on someone’s photograph. Cyber Vandalism DoS is an attack used to shut down a machine or network, making it inaccessible to its intended users. An attacker may be able to prevent the user from accessing e-mail, websites, online account etc. The users are flooded with hundreds and thousands of messages that create traffic problem on the network. Denial of Service attack Attacker Presented by Nuzhat Ibrahim Memon
- 6. Internet Security Threats 6 Spoofing is pretending to be someone you are not. Representing a website as authentic when it is actually a fake. It is a technique where the attacker tries to assume the identity of another person or system for transacting with victim site. For example, an attacker can create a fake website as www.gswan.co.in and substitute his IP address for the real website IP address. All the user’s visiting to the real site will then be redirected to the fake website. Spoofing Presented by Nuzhat Ibrahim Memon
- 7. Security Measures 7 Computer program Detects, prevent and takes action to remove the malicious codes like viruses, worms and Trojan horses from the infected system. Once a system is infected by virus, it will replicates itself (spread by attaching it to other programs or files ) within the system and also spread to other systems by taking control of the users email and sending out copies of itself to those in the users contact list. The infection may be simple as causing strange noises, pop-ups and other annoying things on the system. It may delete the files and slow down the system or also can damage the hardware or destroy the entire computer system. Most common way a system is attacked is through e-mail or through internet download. Antivirus software is critical to be installed and kept updated regularly on the computer. Antivirus Software Presented by Nuzhat Ibrahim Memon
- 8. Security Measures 8 Companies having their own websites have to control the access to the network services both inside and outside the company network. Device (computer/router) places between the network and the Internet to monitor and control the traffic between the company’s local network and the outside world. A firewall protects the local network against the following: Email services that sometimes create problems. Undesirable material like photos, videos entering into local network. Unauthorized persons gaining access to local network. Unauthorized data or information leaving the company’s network. Blocks the traffic from outside world to the local network. Protect from any type of network attack. Firewall Presented by Nuzhat Ibrahim Memon
- 9. Security Measures 9 Digital Certificate / Digital ID – proving identify in electronic transactions. With a digital certificate, we can assure the business organizations, online services and friends that the electronic information they receive from us are authentic. Third party issues certificates is known as Certification Authority (CA). Public key which is used for encrypting messages The digital signature of the certification authority so that a receiver can verify that the certificate is real. Digital Certificate Presented by Nuzhat Ibrahim Memon
- 10. Security Measures 10 An art of protecting the information by transforming it into an unreadable form. Encryption is the transformation of normal text or plain text into unreadable or secret text known as cipher text. Secret key is used to encrypt and decrypt a message. Messages are encrypted just before they are sent on the internet or network. When the encrypted message is received by the receiver, it needs to be decrypted. Decryption is the reverse of encryption. It is the transformation of encrypted text back into normal text. Encryption is used to protect data in transit, for example, data being transferred via networks like internet or ecommerce, mobile telephones, Bluetooth devices and bank ATM (Automatic Teller Machines) A coded form of ”WAVES” using encryption. Here the encryption mechanism substitutes each alphabet with the alphabet that comes before it. Plain text (normal text) Cipher text (unreadable/secret text) Cryptography Presented by Nuzhat Ibrahim Memon W A V E S V Z U D R
- 11. Security Measures 11 Securing web transaction on the internet Developed by Netscape. During the e-commerce transactions, all the information is exchanged in secured manner using SSL by encrypting all the messages. If a site is secured by Verisign, then the security logo of VeriSign is displayed on the login screen of the secured site. On clicking the you will get the owner information and the validity of the certificate. This indicates that the communication with this site is secured and the owner of the website is valid who is certified by the authority like VeriSign Starts from https:// rather than http:// Secure Socket Layer (SSL) Presented by Nuzhat Ibrahim Memon
- 12. Securing Intellectual Properties 12 Indian Government has established the IT laws (Information technology laws) under the IT act. Intellectual Properties: books | software | music | video | copyrights | trademarks | webpages Copyright provides the author with a tool to protect his/her original work from being used or taken by other without permission. Applicable to books, software programs & articles. Copyright matter cannot be used freely. Copying contents from the website also violates copyright laws. Copyright Specific logo, mark, word, symbol, design, phrase, image used by an individuals or a company to distinguish product or service from that of other in the market. Trademark symbols : TM : Trade Mark SM : Service Mark ® : Registered Trademark Competition over domain names is another legal issue. Earlier, the domain names were given on first come first serve (FCFS)basis. Thus people would register domain names that were not in use but would be of importance, Later on such domain names were sold to concerned company at a very high price is known as cyber-squatting. Mislead the consumers who generally make typographical errors while entering a URL. Domain Name Disputes Presented by Nuzhat Ibrahim Memon
- 13. Protecting Intellectual Property Steganography Process of hiding information within other information. It works by replacing unused data in computer files such as images, sound or text with invisible information. This hidden information can be text, cipher text, image. Digital Watermarking Digital code inserted into a digital image, audio or video file which can identify the file’s copyright information. Allows hiding information in a totally invisible manner. In Digital world, artist can watermark their work by hiding their name within the image. In the field of data security, watermarks can be used for certification and authentication. Big problem of unauthorized mp3 audio distribution. A visible digital watermark can be added with GIMP. 13Presented by Nuzhat Ibrahim Memon Exercise "new unique zero-error hidden accurate text“
- 14. THANK YOU! Speaker Name Email: [email protected] Phone: +7 888 999-000-11 Presented by Nuzhat Ibrahim Memon