Passwords are simple to implement, simple to use, and require no special input devices.They provide some level of authentication, but might be not be appropriate on their own for high se
Trang 1282 Chapter 13 E-commerce Security Issues
A good guideline for writing your security policy is that it’s like writing a set of func-tional requirements for software.The policy shouldn’t talk about specific implementa-tions or soluimplementa-tions, but instead about the goals and security requirements in your environ-ment It shouldn’t need to be updated very often
You should keep a separate document that sets out guidelines for how the require-ments of the security policy are met in a particular environment.You can have different guidelines for different parts of your organization.This is more along the lines of a design document or a procedure manual that documents what is actually done in order
to ensure the level of security that you require
Authentication Principles
Authentication attempts to prove that somebody is actually who she claims to be.There
are many possible ways to provide authentication, but as with many security measures, the more secure methods are more troublesome to use
Authentication techniques include passwords, digital signatures, biometric measures such as fingerprint scans, and measures involving hardware such as smart cards Only two are in common use on the Web: passwords and digital signatures
Biometric measures and most hardware solutions involve special input devices and would limit authorized users to specific machines with these attached.This might be acceptable, or even desirable, for access to an organization’s internal systems, but takes away much of the advantage of making a system available over the Web
Passwords are simple to implement, simple to use, and require no special input devices.They provide some level of authentication, but might be not be appropriate on their own for high security systems
A password is a simple concept.You and the system know your password If a visitor claims to be you, and knows your password, the system has reason to believe he is you
As long as nobody else knows or can guess the password, this is secure Passwords on their own have a number of potential weaknesses and do not provide strong authentica-tion
Many passwords are easily guessed If left to choose their own passwords, around 50%
of users will choose an easily guessed password Common passwords that fit this descrip-tion include dicdescrip-tionary words or the username for the account At the expense of usabil-ity, you can force users to include numbers or punctuation in their passwords, but this will cause some users to have difficulty remembering their passwords Educating users to choose better passwords can help, but even when educated, around 25% of users will still choose an easily guessed password.You could enforce password policies that stop users from choosing easily guessed combinations by checking new passwords against a diction-ary, or requiring some numbers or punctuation symbols or a mixture of uppercase and lowercase letters One danger is that strict password rules will lead to passwords that many legitimate users will not be able to remember
Trang 2Hard to remember passwords increase the likelihood that users will do something unsecure such as write “username fred password rover” on a note taped to their moni-tors
Users need to be educated not to write down their passwords or to do other silly things like give them to people over the phone who ring up claiming to be working on the system
Passwords can also be captured electronically By running a program to capture key-strokes at a terminal or using a packet sniffer to capture network traffic, crackers can—
and do—capture useable pairs of login names and passwords.You can limit the opportu-nities to capture passwords by encrypting network traffic
For all their potential flaws, passwords are a simple and relatively effective way of authenticating your users.They provide a level of secrecy that might not be appropriate for national security, but is ideal for checking on the delivery status of a customer’s order
Using Authentication
Authentication mechanisms are built in to the most popular Web browsers and Web servers.Web servers might require a username and password for people requesting files from particular directories on the server
When challenged for a login name and password, your browser will present a dialog box looking something like the one shown in Figure 13.2
Figure 13.2 Web browsers prompt users for authentication when they attempt to visit a restricted directory on a Web server.
Both the Apache Web server and Microsoft’s IIS enable you to very easily protect all or part of a site in this way Using PHP or MySQL, there are many other ways we can achieve the same effect Using MySQL is faster than the built-in authentication Using PHP, we can provide more flexible authentication or present the request in a more attractive way
We will see some authentication examples in Chapter 14, “Implementing Authentication with PHP and MySQL.”
Trang 3284 Chapter 13 E-commerce Security Issues
Encryption Basics
An encryption algorithm is a mathematical process to transform information into a
seem-ingly random string of data
The data that you start with is often called plain text, although it is not important to
the process what the information represents—whether it is actually text, or some other
sort of data Similarly, the encrypted information is called ciphertext, but rarely looks
any-thing like text Figure 13.3 shows the encryption process as a simple flowchart.The plain text is fed to an encryption engine, which might have been a mechanical device, such as
a World War II Engima machine, once upon a time, but is now nearly always a computer program.The engine produces the ciphertext
Plain Text
Cipher Text Encryption
Algorithm
Figure 13.3 Encryption takes plain text and transforms
it into seemingly random ciphertext.
To create the protected directory whose authentication prompt is shown in Figure 13.2,
we used Apache’s most basic type of authentication (You’ll see how to use this in the next chapter.) This encrypts passwords before storing them.We created a user with the password password.This was encrypted and stored as aWDuA3X3H.mc2.You can see that the plain text and ciphertext bear no obvious resemblance to each other
This particular encryption method is not reversible Many passwords are stored using
a one-way encryption algorithm In order to see whether an attempt at entering a pass-word is correct, we do not need to decrypt the stored passpass-word.We can instead encrypt the attempt and compare that to the stored version
Many, but not all encryption processes can be reversed.The reverse process is called
decryption Figure 13.4 shows a two-way encryption process.
Plain Text
Cipher Text
Key
Encryption Algorithm
Plain Text Decryption
Algorithm
Figure 13.4 Encryption takes plain text and transforms it into seemingly random ciphertext Decryption takes the ciphertext and transforms it back into plain text.
Trang 4Cryptography is nearly 4000 years old, but came of age in World War II Its growth since then has followed a similar pattern to the adoption of computer networks, initially only being used by military and finance corporations, being more widely used by companies starting in the 1970s, and becoming ubiquitous in the 1990s In the last few years, encryption has gone from a concept that ordinary people only saw in World War II movies and spy thrillers to something that they read about in newspapers and use every time they purchase something with their Web browsers
Many different encryption algorithms are available Some, like DES, use a secret or private key; some, like RSA, use a public key and a separate private key
Private Key Encryption
Private key encryption relies on authorized people knowing or having access to a key
This key must be kept secret If the key falls into the wrong hands, unauthorized people can also read your encrypted messages As shown in Figure 13.4, both the sender (who encrypts the message) and the recipient (who decrypts the message) have the same key
The most widely used secret key algorithm is the Data Encryption Standard (DES)
This scheme was developed by IBM in the 1970s and adopted as the American standard for commercial and unclassified government communications Computing speeds are orders of magnitudes faster now than in 1970, and DES has been obsolete since at least 1998
Other well-known secret key systems include RC2, RC4, RC5, triple DES, and IDEA.Triple DES is fairly secure.2It uses the same algorithm as DES, applied three times with up to three different keys A plain text message is encrypted with key one, decrypted with key two, and then encrypted with key three
One obvious flaw of secret key encryption is that, in order to send somebody a secure message, you need a secure way to get the secret key to him If you have a secure way to deliver a key, why not just deliver the message that way?
Fortunately, there was a breakthrough in 1976, when Diffie and Hellman published the first public key scheme
Public Key Encryption
Public key encryption relies on two different keys, a public key and a private key As shown in Figure 13.5, the public key is used to encrypt messages, and the private key to decrypt them
The advantage to this system is that the public key, as its name suggests, can be dis-tributed publicly Anybody to whom you give your public key can send you a secure message As long as only you have your private key, then only you can decrypt the mes-sage
2 Somewhat paradoxically, triple DES is twice as secure as DES If you needed something three times as strong, you could write a program to implement a quintuple DES algorithm.
Trang 5286 Chapter 13 E-commerce Security Issues
Figure 13.5 Public key encryption uses separate keys for
encryption and decryption.
The most common public key algorithm is RSA, developed by Rivest, Shamir, and Adelman at MIT and published in 1978 RSA was a proprietary system, but the patent expired in September 2000
The capability to transmit a public key in the clear and not need to worry about it being seen by a third party is a huge advantage, but secret key systems are still in com-mon use Often, a hybrid system is used A public key system is used to transmit the key for a secret key system that will be used for the remainder of a session’s communication This added complexity is tolerated because secret key systems are around 1000 times faster than public key systems
Digital Signatures
Digital signatures are related to public key cryptography, but reverse the role of public and private keys A sender can encrypt and digitally sign a message with her secret key When the message is received, the recipient can decrypt it with the sender’s public key
As the sender is the only person with access to the secret key, the recipient can be fairly certain from whom the message came and that it has not been altered
Digital signatures can be really useful.They let the recipient be sure that the message has not been tampered with, and they make it difficult for the sender to repudiate, or deny sending, the message
It is important to note though that although the message has been encrypted, it can
be read by anybody who has the public key Although the same techniques and keys are used, the purpose of encryption here is to prevent tampering and repudiation, not to prevent reading
As public key encryption is fairly slow for large messages, another type of algorithm,
called a hash function, is usually used to improve efficiency.
The hash function calculates a message digest or hash value for any message it is given It is not important what value the algorithm produces It is important that the output is deterministic, that is, that the output is the same each time a particular input is used, that the output is small, and that the algorithm is fast
The most common hash functions are MD5 and SHA
Plain Text
Public Key
Private Key
Cipher Text Encryption
Algorithm
Plain Text Decryption
Algorithm