University of Southeastern Philippines

Institute of Computing

ES310-E Commerce
Semester 1 - 2010
Assessment 3
E-Commerce Security

Submitted to:
Engr. Ma. Cristina Enriquez

Submitted by:
Ann Juvie S. Papas
BSCS 3- EVENING

August 26,2010
Question 1

What is E-commerce security?

E-commerce security is the protection of E-commerce assets from unauthorized access,

use, alteration or destruction.

What are the elements of a secured E-commerce System?

Secrecy is the ability to hide or protect all the datum from the outside attackers that
has a bad intention with your online business.

Integrity is referring to the capacity of the security of preventing the unauthorized to

modify any object or data that contributes to the business transactions through Web.

Necessity is one of the elements of a secured E-commerce System that protect from
the outside forces in delaying the message or even removing it.

What are the security risks of an E-commerce installation?

Security risks in E-commerce installation is that it is risky to many forms of outside attacks.
Weak authentication and authorization is a major concern.

How can these risks be avoided or reduced?

This risk can be reduced thru this following steps:
o Install personal firewalls for the client machines.
o Store confidential information in encrypted form.
o Encrypt the stream using the Secure Socket Layer (SSL) protocol to protect
information flowing between the client and the e-Commerce Web site.
o Use appropriate password policies, firewalls, and routine external security audits.
o Use threat model analysis, strict development policies, and external security
audits to protect ISV software running the Web site.
 Process of Encryption and Decryption

Question 2 (10 marks)

Assume that John wants to buy some CD from an online shop called MusicPlus.
Describe step by step (with figures and words):

(a) How John should encrypt the information and send via the Internet so
that the information will be sent securely to MusicPlus.

i) A Sender sends the message, the shared key, and the algorithm identifier to the Encryptor.
ii) Encryptor ciphers the message using the algorithm specified by the sender.
iii) Encryptor creates the EncryptedMessage that includes the cipher text .
(b) How MusicPlus can ensure the information received is not being altered
during the transmission process.

i) A Receiver sends the encrypted message and the shared key to the decryptor.
ii) The Decryptor deciphers the encrypted message using the shared key.
iii) The Decryptor creates the Message that contains the plain text obtained from the previous
step.
iv) The Decryptor sends the plain Message to the receiver.

Question 3
What are the differences between key distribution centre and certification
authority? Briefly describe their mechanisms step by step.

Key distribution centre is a system that distributes and manages shared and private
keys for authentication of network sessions and access to applications while certification
authority (CA) is an authority in a network that issues and manages security credentials
and public keys for message encryption. As part of a public key infrastructure (PKI), a CA
checks with a registration authority (RA) to verify information provided by the requestor of
a digital certificate. If the RA verifies the requestor's information, the CA can then issue a
certificate.