Describe the various security mechanisms used to secure e-commerce systems.

-

Security mechanisms used to secure e-commerce systems

E-Commerce security is the guideline that ensures safe transactions through the internet. It consists of protocols that safeguard people who engage in online selling and buying goods and services. 

The different types of security measures of e-commerce systems are given below

i) Cryptography: 

Cryptography is a science that is used to hide the semantic meaning of a text using some mathematical module. They give the power to hide the information during the network traverse or storage. Many methods are 16-bit,32-bit, 128-bit, and 256-bit encryption or many algorithms like AES, DES, Message Digest, RSA, Quantum encryption, etc. In this form, Original messages are converted into non-readable forms.


ii) Hash Function: 

Hash functions are an important type of cryptographic algorithm and are widely used in cryptography such as digital signature, data authentication, e-commerce, e-cash, and many other applications. The purpose of the use of hash functions in many cryptographic protocols is to ensure their security as well as improve their efficiency. A hash function is an algorithm that produces a fixed-length number called a hash or message digest which serves as an authenticator. Standard hash functions are available in MD4 and MD5 produce 128- and 160-bit hashes.


iii) Digital Signature: 

A digital signature or e-signature is a type of asymmetric cryptography used to simulate the security properties of a handwritten signature on paper. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature".A signature provides authentication of a "message". Messages may be anything, from electronic mail to a contract, or even a message sent in a more complicated cryptographic protocol.

Properties of Digital Signature:

-It must be able to verify the author and the date and time of the signature. - It must be able to authenticate the contents at the time of the signature.

- The signature must be verifiable by third parties, to resolve disputes.


iv) Authentication:

Authentication is the process of verifying an identity claimed by or for a system entity. an authentication process consists of two steps:

i. Identification step: Presenting an identifier to the security system.

ii. Verification step: Binding entity (person) and identifier.

There are four general means of authenticating a user's identity, which can be used alone in combination:

Something the individual knows 

-Password, a personal identification number (PIN)

Something the individual possesses

-Cryptographic keys, electronic keycards, smart cards, and physical keys

Something the individual is (static biometrics)

 -Recognition by fingerprint, retina, and face. 

Something the individual does (dynamic biometrics)

-Recognition by voice pattern, handwriting characteristics, and typing rhythm.


v) Access control:

Access control means the prevention of the unauthorized use of a resource i.e. this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do.


vi) Intrusion Detection System:

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. It examines network traffic, watching to see if it matches certain patterns or preconfigured rules indicative of an attack. If it detects suspicious activity, the IDS will set off an alarm alerting administrators and log the event in a database. An IDS is useful for detecting malicious activity that a firewall might miss.


vii) Secured Socket Layer (SSL):

SSL provides security to the data that is transferred between the web browser and the server. SSL encrypts the link between a web server and a browser which ensures that all data passed be private and free from attack. It was first developed by Netscape in 1995 for privacy, authentication, and data integrity in Internet communications. It operates between the transport and the application layers in the network stack and uses both public and private cryptography. 



Comments

Post a Comment

Popular posts from this blog

Suppose that a data warehouse for Big-University consists of the following four dimensions: student, course, semester, and instructor, and two measures count and avg_grade. When at the lowest conceptual level (e.g., for a given student, course, semester, and instructor combination), the avg_grade measure stores the actual course grade of the student. At higher conceptual levels, avg_grade stores the average grade for the given combination. a) Draw a snowflake schema diagram for the data warehouse. b) Starting with the base cuboid [student, course, semester, instructor], what specific OLAP operations (e.g., roll-up from semester to year) should one perform in order to list the average grade of CS courses for each BigUniversity student. c) If each dimension has five levels (including all), such as “student < major < status < university < all”, how many cuboids will this cube contain (including the base and apex cuboids)?

-
Image
a) A Snowflake Shema is shown in figure below: b) The specific OLAP operations to be performed: 1. Roll-up on course from course_id to department. 2. Roll-up on a student from student_id to university. 3. Dice on course, student with department ="CS" and university = "biguniversity" 4. Drill-down on a student from the university to student_name. c) N = 4 dimensions The cube will contain 54 = 625 cuboids.
Read more

Suppose that a data warehouse consists of the four dimensions; date, spectator, location, and game, and the two measures, count and charge, where charge is the fee that a spectator pays when watching a game on a given date. Spectators may be students, adults, or seniors, with each category having its own charge rate. a) Draw a star schema diagram for the data b) Starting with the base cuboid [date; spectator; location; game], what specific OLAP operations should perform in order to list the total charge paid by student spectators at GM Place in 2004?

-
Image
  b) The specific OLAP operations to be performed are: 1. Roll-up on date from date id to year. 2. Roll-up on spectator from spectator id to status. 3. Roll-up on location from location id to location name. 4. Roll-up on the game from game id to all. 5. Dice with status= “students”, location name= “GM Place”, and year=2004
Read more

Explain network topology .Explain tis types with its advantages and disadvantges.

-
Network topology Network topology refers to how the nodes and links in a network are arranged. A network node is a device that can send, receive, store, or forward data. A network link connects nodes and may be either cabled or wireless links. Understanding topology types provides the basis for building a successful network. There are a number of topologies but the most common are bus, ring, star, and mesh: A bus network topology is when every network node is directly connected to a main cable. In a ring topology, nodes are connected in a loop, so each device has exactly two neighbors. Adjacent pairs are connected directly; non-adjacent pairs are connected indirectly through multiple nodes. In a star network topology, all nodes are connected to a single, central hub and each node is indirectly connected through that hub.  A mesh topology is defined by overlapping connections between nodes. You can create a full mesh topology, where every node in the network is connected to every other
Read more