My IT Management course in UBC MBA
Prof: Ron Cenfetelli
Web 2.0 – Moving beyond HTML
Confidentiality
Authentication
Ability to verify the identity of people/organizations
Data/Message Integrity
Ensuring communications were not modified in transit/storage
Nonrepudiation
Parties cannot deny a communication
Proof that the sender sent and proof that the receiver received
9. January 16, 2008 “ Internet penetration continues to show signs of hitting a plateau. The percentage of former users who say they have no intention of going back online continues to increase, and less than half of those who have never used the Internet plan to log on in the coming year. “
10. Digital Divide? Age , Education , Income and Location appear to be highly predictive of broadband access
23. Uniform Resource Locator (URL) http://www.sauder.ubc.ca/bcom/ PROTOCOL FOR THE WEB DIRECTORY Domain Name Uniform Resource Locater (URL) Host Computer Top Level Domain (TLD)
55. Security in the Physical World Lock Security forces Safe Signature Physical barriers Fingerprint Seal Contract
56.
57.
58.
59.
60.
61.
62.
63.
64. Hashing Hashing algorithm A value say X Hashing algorithm Y Sender Receiver If X = Y, message sent and received are the same. X message message X=Hash Value message X message
65. PKI Components: Digital Signature (cont.) Note how the private/public key process is reversed! Compute digest from hashing algorithm Encrypt Digest Transmission Decrypt Digest Compute expecteddigest from hashing algorithm Confirm or deny integrity of message Cleartext message Sender encrypts with his private key Cleartext message Receiver decrypts w/ Sender’s public key Digital Signature Digest Digest Expected Digest
66.
67.
68.
69.
70.
71. Putting it all together… Customer Internet merchant Certificate authority Customer’s info requests and Merchant’s info are exchanged. Customer verifies Merchant (received msg’s are signed with a hash that can be decrypted with the merchant’s public keys held by CA) Provides encrypted information for purchases ( encrypted with merchant’s public key). Credit card and message digest is signed with customer’s private key. Merchant verifies Customer (received msg’s are signed with a hash that can be decrypted with the customer’s public keys held by CA) Customer’s Public Key Merchant’s Public Key
72. More Security and Identification We’ve discussed how to ID ourselves across the Internet, but how do we ID ourselves at our “point of presence”?
87. “ Symantec says the Trojan.Silentbanker has so far targeted over 400 banks around the world, but according to a blog posted by Symantec's Liam O’Murchu on January 14 [2008], the most worrying aspect is that the Trojan can perform man-in-the-middle attacks (where an attacker can read, insert and modify messages between two parties without either party knowing).” http://m-net.net.nz/2157/latest-news/latest-news/trojan.silentbanker-defeats-2-factor-authentication-attacks-400-b.php