Affiliation:
1. National University of Ireland, Ireland
Abstract
Electronic commerce has grown into a vital segment of the economy of many nations. It is a global phenomenon providing markets and commercialization opportunities world-wide with a significantly reduced barrier to entry as compared to global marketing in the 20th century. Providing protocols to secure such commerce is critical and continues to be an area for both scientific and engineering study. Falsification, fraud, identity theft, and disinformation campaigns or other attacks could damage the credibility and value of electronic commerce if left unchecked. Consequently, cryptographic methods have emerged to combat any such efforts, be they the occasional random attempt at theft or highly organized criminal or political activities. This chapter covers the use of cryptographic methods and emerging standards in this area to provide the necessary protection. That protection, as is common for web-based protocols, evolves over time to deal with more and more sophisticated attacks. At the same time, the provision of security in a manner convenient enough to not deter electronic commerce has driven research efforts to find easier to use and simpler protocols to implement even as the strength of the cryptographic methods has increased. This chapter covers current standards, looking at several facets of the secure commercialization problem from authentication to intrusion detection and identity and reputation management. Vulnerabilities are discussed as well as capabilities.
Reference50 articles.
1. Adida, B. (2007). BeamAuth: two-factor web authentication with a bookmark. In CCS ’07: Proceedings of the 14th ACM conference on Computer and communications security, pages 48–57, New York: ACM.
2. Agarwal, N., Renfro, S., & Bejar, A. (2007, May). Current Anti-Phishing Solutions and Yahoo's Sign-in Seal. Paper presented at W2SP: Workshop on Web 2.0 Security and Privacy 2007 held in conjunction with the 2007 IEEE Symposium on Security and Privacy.
3. Apple (2009). Changes Coming to the iTunes Store, Retrieved from http://www.apple.com/pr/library/2009/01/06itunes.html
4. Bellovin, S. M., & Merritt, M. (1992). Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks. Paper presented at SP'92: In Proceedings of the 1992 IEEE Symposium on Security and Privacy, page 72, Washington, DC: IEEE Computer Society.
5. Berners-Lee, T., Fielding, R., & Frystyk. H. (1996). Hypertext Transfer Protocol. HTTP/1.0.