Securing Electronic Commerce
Rating: 8 vote(s) Average rating: 3.8
Author: Eyal Eckhaus, posted on 6/26/2010 , in category "eCommerce"
Views: this article has been read 12445 times
Abstract: E-commerce is spreading rapidly, dominating a significant portion of global transactions. Thanks to this rapid growth, there is growing concern regarding information privacy and security. This article discusses basic security processes.

E-commerce is spreading rapidly, dominating a significant portion of global transactions. Thanks to this rapid growth, there is growing concern regarding information privacy and security. This article discusses basic security processes.

     1.  E-commerce

From the mid 1990’s, global e-commerce enjoyed rapid growth, with trillions of dollars exchanged annually over the web [1]. e-commerce is expected to be one of the most promising 21st century breakthroughs in B2C commerce, transforming traditional ways of purchasing, reducing communication costs, facilitating consumer-seller interaction, enabling global access, and lowering market entry costs [2]. The Internet’s strengths such as speed, user-friendliness, low cost and broad accessibility created a global networked economy [3].

    2.  Privacy and Security

While the emergence of information and communications technology (ICT) contributed to the rapid growth of the electronic marketplace [3], information technology increases the ability to store, process, and exploit personal data, raising growing privacy and security concern [4]. The growth of e-commerce has been accompanied by an increase in web merchants' ability to gather, process, and sell personal information about consumers without their consent, intensifying consumers’ concerns  regarding information privacy [5]. Moreover, since personal and financial information can be intercepted for fraudulent use, there is growing concern regarding security issues [6] and online crime [7]. There is a variety of technological solutions to protect internet communication, the most basic of which is message encryption [8].

     3.  Cryptography

The term cryptography comes from the Greek words Kryptos and Graphos, which mean “to hide” and “writing” respectively, a technique that transforms a text message to a form that will be understood only by authorized parties. This is fast becoming an essential feature for technological applications, with two common forms: private-key (or symmetric) and public-key (or asymmetric) encryption [9]. Both use cryptographic algorithms and keys to encode and decode data [10].

        3.1  Symmetric encryption

In symmetric key systems, the sender and receiver of a message share a single key used to encrypt and decrypt the message[9]. The security of these system depends on protecting the secrecy of the key, requiring a separate secure distribution channel, which is a disadvantage for e-commerce [10]. The strength of modern symmetric encryption is measured in terms of the length of the binary key used to encrypt data – the higher the binary value the stronger the encryption. For example, modern digital encryption systems use keys with binary digits ranging from 56 to 512; encryption keys with 512 digits create 2512 possibilities to check out, which will require the strongest computers available years to decrypt [8].
The most widely used symmetric key encryption is the Data Encryption Standard (DES) developed by the National Security Agency (NSA) and IBM in the 1950s, and improved later to triple DES – encrypting the message three times with a different key, to cope with growing computing power [8]. 
 *Editor’s note: use the symmetric encryption hands-on utility to encrypt messages, using the DES algorithm.

        3.2  Asymmetric encryption (public key)

This method employs two password keys: a public key which is widely disseminated and used to encrypt data, and a private key kept secret by the owner and used to decrypt data, which can be deduced from the public key [8]. The sender encrypts the message using the public key and the receiver decrypts it using his private key. This method has a significant advantage over symmetric encryption – not having to agree on a common key for sender and receiver. However, its disadvantage is its much slower encryption speed [9].
The most commonly used asymmetric algorithm is RSA [11], which stands for Rivest, Shamir and Adleman, RSA involves private and public keys which are linked by the factorization of prime numbers [9].
 *Editor’s note: use the Asymmetric encryption hands-on utility that demonstrates the process.

        3.3  Digital signature

Digital signature is one of the applications of cryptography [12], designed to ensure message authenticity and non-repudiation. The sender encrypts a block of ciphered text using the his unique private key, and the recipient uses the sender’s public key to authenticate the message [8]. Legislation in many countries treats digital signatures similarly to handwritten ones [13]. When used with a hash function, the digital signature is more even more unique that a handwriting signature, becoming not only individually exclusive, but also unique to the document: once the recipient has authenticated the message with the sender’s public key, he uses his private key to obtain a hashed result and the message, then applies the same hash function to the message and compares it with the result sent by the sender, which will indicate, if the hashes are identical, that the message hasn’t been tampered with during transmission [8].
 *Editor’s note: use the digital signature and hash hands-on utility to hash messages.

        4.   Summary

Electronic commerce is growing at a rapid pace, raising questions and concerns regarding information privacy and security. There are various technological solutions designed to meet these needs, one of the most important of which is cryptography. This article introduced symmetric encryption, asymmetric (public key) encryption, and digital signature.

Bibiolography

  1. Alhorr, H.S., N. Singh, and S.H. Kim, E-commerce on the global platform: strategic insights on the localization-standartization perspective. Journal of Electronic Commerce Research: Special Issue: Global B-Commerce, 2010. 11(1): p. 6-13.
  2. Mangiaracina, R. and A. Perego, Payment Systems in the B2c eCommerce: Are They a Barrier for the Online Customer? Journal of Internet Banking and Commerce, 2009. 14(3): p. 1-16.
  3. Salwani, M.I., et al., E-commerce usage and business performance in the Malaysian tourism sector: empirical analysis. Information Management & Computer Security, 2009. 17(2): p. 166-185.
  4. Xu, H., Consumer Responses to the Introduction of Privacy Protection Measures: An Exploratory Research Framework. International Journal of E-Business Research, 2009. 5(2): p. 21-47.
  5. Meinert, D.B., et al., Privacy Policy Statements and Consumer Willingness to Provide Personal Information. Journal of Electronic Commerce in Organizations, 2006. 4(1): p. 1-17.
  6. Roca, J.C., J.J. García, and J.J.d.l. Vega, The importance of perceived trust, security and privacy in online trading systems. Information Management & Computer Security, 2009. 17(2): p. 96-113.
  7. Hinduja, S., Perceptions of local and state law enforcement concerning the role of computer crime investigative teams. Policing, 2004. 27(3): p. 341-357.
  8. Laudon, K.C. and C.G. Traver, E-commerce . Business .technology . Society. 2006: Prentice Hall; Third edition
  9. Pujol, F.A., et al., A client/server implementation of an encryption system for fingerprint user authentication. Kybernetes, 2008. 37(8): p. 1111-1119.
  10. Garrett, S.G.E. and P.J. Skevington, An Introduction to Electronic Commerce. BT Technology Journal, 1999. 17(3): p. 11-16.
  11. Rosado, D.G., et al., Security patterns and requirements for internet-based applications. Internet Research, 2006. 16(5): p. 519-536.
  12. Aydin, N., Enhancing Undergraduate Mathematics Curriculum via Coding Theory and Cryptography. Primus : Problems, Resources, and Issues in Mathematics Undergraduate Studies, 2009. 19(3).
  13. Wolff-Marting, V., A. Köhler, and V. Gruhn, Securing Electronic Customer-Signatures in Legally Binding Business Processes: A Case Study from the Insurance Industry. Journal of Theoretical and Applied Electronic Commerce Research, 2009. 4(5): p. 72-79.


copyright © Purchasesmarter.com. All rights reserved. The material may not be published, rewritten, broadcast, or redistributed. Any reproduction in whole or part by and individuals or organizations will be held liable for copyright infringement to the full extent of the law.

Rate

User Feedback

Post your comment
Name:
E-mail: (Will not be displayed)
Comment:
Insert Cancel