Page 78 - DCAP306_DCAP511_E-COMMERCE_AND_E-BUSINESS
P. 78
Unit 6: Security Framework
In case of Hassan Consulting's Shopping Cart, an attacker could execute remote
command execution because the software did not reject the usage of shell Meta
characters such as, |, ; ,&.
6.2 Security Solutions
Today, setting up a secured e-commerce system comes with an unexpected cost for online merchants
and business owners. E-Commerce Web sites that run on Web applications have become an easy target
for theft on information and burglary. Attackers come up with new hacking techniques to steal credit
cards and other sensitive customer information. Hence, it is essential to establish strict security features
in e-commerce systems for Web site owners to maintain the consumer trust.
Cryptography techniques can be used to safeguard the e-commerce Web sites. Cryptography consists of
encryption and decryption techniques. Encryption converts the confidential information into a coded
language that is difficult to understand by unauthorized users. Decryption, also known as reversing
encryption decodes the coded information and translates back into its original form.
While encrypting a password, each alphabet or numerical character contained in the password should
be shifted by a specific number of positions so that it becomes difficult to trace it.
Consider you have to encrypt a password that is eight characters long and you
decide to shift each character by six positions. The encrypted scheme for such an
example is as shown below:
C - I
O - U
N - T
S - Y
T - Z
A - G
N – T
T – Z
This way the word “CONSTANT” would look like “IUTYZGTZ” which is not easily
understandable.
Cryptographic systems are categorized into symmetric and asymmetric cryptosystems. In Symmetric
cryptosystems, only a single secret key is shared by users engaged in secure communication. Whereas,
in asymmetric cryptosystems two keys namely, private and public key are used for communication.
6.2.1 Symmetric Cryptosystems
Symmetric cryptosystems make use of a single key to establish communication between two users.
Hence, every time a new pair of users engages in a secured communication, a new key has to be
generated.
Did you know? Cryptosystems were used commercially in the year 1977, when the Data Encryption
Standard (DES) was accepted as a United States Federal standard.
Symmetric systems function in two modes:
1. Block Cipher Mode: In this mode, the information is divided into fixed size blocks. These blocks
are encrypted and communicated to the receiver. On the receiving end, the encrypted information
is decrypted and the original information is retrieved.
2. Stream Cipher Mode: In this mode, the information is encrypted and sent to the receiver. The
information is not divided into blocks, as this mode is capable of operating on information of any
size. Upon decryption, information of the same size is retrieved as a plain text.
LOVELY PROFESSIONAL UNIVERSITY 71
