الاثنين، 12 نوفمبر 2012

E-commerce Security Issues

First of all e-commerce is surrounded by different issues such as commercial, Network infrastructure, Social and Cultural and Security issues are presented below which are important for successful business. E-commerce security issues are frequently aired in the press and are certainly important. Customers are concerned that the item ordered won’t materialize, or be as described. As (much worse) they worry about their social security number and credit card details being misappropriated. However rare, these things do happen, and customers need to be assured that all e-commerce security issues have been covered. Your guarantees and returns policies must be stated on the website and they must be adhered to. Let us first state the security attacks on e-commerce process and Security goals we want to achieve for successful e-commerce.

Attacks on Security
Security attacks can be classified in the following categories depending on the nature of the attacker.

a)      Passive Attacks
The attacker can only eavesdrop or monitor the network traffic. Typically, this is the easiest form of attack and can be performed without difficulty in many networking environments, e.g. broadcast type networks such as Ethernet and wireless networks.

b)      Active Attacks
The attacker is not only able to listen to the transmission but is also able to actively alter or obstruct it. Furthermore, depending on the attackers actions, the following subcategories can be used to cover to cover the majority to cover the majority of attacks.

c)       Eavesdropping
This is attack is used to gain knowledge of the transmitted data. This is passive attack which is easily performed in many networking environments as motioned above. However, this attack can easily perform in many networking environments. However this attack can easily be prevented by using an encryption scheme to protect the transmitted data.

d)      Traffic Analysis
The main goal of this attack is not to gain direct knowledge about the transmitted data, but to extra information from the characteristics of the transmission, e.g. amount of data transmitted, identity of the communicating nodes etc. This information may allow the attacked to deduce sensitive information, e.g., the roes of the communicating nodes, their position etc. Unlike the previously described attack, this one is more difficult to prevent.

e)      Impersonation
Here, the attacker uses the identity of another node to gain unauthorized access to resource or data. This attack is often used as a prerequisite to eavesdropping. By impersonating a legitimate node, the attacker can try to gain access to the encryption key used to protect the transmitted data. Once, this key is known by the attacker, she can successfully perform the eavesdropping attack.


f)       Modification
This attack modifies data during the transmission between the communicating nodes, implying that the communicating nodes do not share the same view of the transmitted data. An example could be when the transmitted data represents a financial transaction where the attacker has modified the transactions value.

g)      Insertion
This attack involves an unauthorized party, who inserts new data claiming that it originates from a legitimate party. This attack is related to that of impersonation.

You may also wanted to view the following related posts

    هناك تعليق واحد:

    1. although i ahve fair idea about the security on E commerce, but could you please help us with some kind of fixes for these bugs, like my site needs

      SSL
      and other such security measures,
      Please help.

      ردحذف