Abstract
E-business is one of the driving factors for the growth of the worldwide economy. But in parallel to the upsurge of the digital trade the cyberspace became also a main attraction for criminals. Today main parts of the Internet are still outside of traditional national legislation and law enforcement. Security is therefore a task that can not be delegated to the government only. Each party in an E-business operation has to care about the threats and the effective countermeasures. This paper introduces in the theme of online security and presents at the end a technical system that helps to defeat many of the actually most dangerous threats to a trusted E-business world.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
The Digital Economy Fact Book, 8.ed, The Progress ¬ Freedom Foundation, 2006
Europe’s eCommerce Forecast:2006 to 2011, Jaap Favier, Forester Research, 2006
Identity theft: A new frontier for hackers and cybercrime, Claudio Cilli, Information Systems Control Journal, 6, 2005 Online fraud costs $2.6 billion this year, B. Sullivan, 2007 MSNBC.com, http://www.msnbc.msn.com
The Scandinavian bank Nordea equipped with a two-factor authentication system was victim of a malware MITM attack: http://www.nytimes.com/2007/01/25/technology/25hack.html?ex=1327381200&en=58990497ce27b2b2&ei=5088&partner=rss nyt&emc=rss (visible 18.07.2007). A similar attack on the Nederlands ABN Amro bank was also successful: http://www.theregister.co.Uk/2007/04/19/phishing_evades_two-.factor_authentication/(visible 18.07.2007)
Access Control Technologies and Market, Forecast 2007, RNCOS online Business research; http:/www-the-infoshop.com (visible 4.11.07)
Thursday’s security tip 2/2/06, The Infopro Corp; www.theinfopro.net
An Introduction to Information, Network and Internet Security, The security practioner; http://security.practionier.com/introduction/infosec_2.htm
PRIME — Privacy and Identity Management for Europe; https:www.prime-project.eu FIDIS — Future of Identity in the Information Society; http://www.fidis.net
Hede and Seek: An Introduction to Steganography; N. Provos and P. Honeyman; IEEE Security and Privacy, May/june 2003; http://computer.org/security/
Data Scrambling Issues; White Paper; Net 2000 Ltd. http://www.datamasker.com/datascramblingissues.pdf
Introduction to Public Key Technology and the Federal PKI Infrastructure; NIST pub. SP800-32; 26.2.2001. See also on wikipedia: http://en.wikipedia.org/wiki/Public_key infrastructure
Melani report, Informationssicherung, Lage in der Schweiz und international, 2007/1; ISB, Schweiz. Eidgenossenschaft
Secrets & Lies; B. Schneier; Wiley Computer Publishing, J. Wiley ¬ Sons, Inc., ISBN 0-471-25311-1
Identity Fraud Trends and Patterns; G. Gordon et al.; Center for Identity Management and Information Protection, Utica College-cimip US Dept. of Homeland Security
ID-Theft: Fraudster Techniques for Personal Data collection, the related digital evidence and investigation issues; Th. Tryfonas et al.; Onlinejournal, ISACA, 2006
Web server exploit Mpack: http://reviews.cnet.com/4520-35137-6745285-.html
At least 45.7 million credit and debit card numbers were stolen by hackers who accessed the computer systems at the TJX Cos. at its headquarters in Framingham and in the United Kingdom (discounter that operates the T.J. Maxx and Marshalls chains) over a period of several years, making it the biggest breach of personal data ever reported; see also:http://www.boston.com/business/globe/articles/2007/03/29/breach_of_data_at_tjx_is_called_the_biggest_ever/ (visible 8.11.07)
Willie Sutton’s law: The law is named after the bank robber Willie Sutton, who supposedly answered a reporter inquiring why he robbed banks by saying “because that’s where the money is“.
Organized Crime and Cyber-Crime, P. Williams, CERT Coordination Center, preprint (visible 10.11.07):http://www.crime-research.org/library/Cybercrime.htm
McAfee North America Criminology Report: Organized Crime and the Internet 2007, McAfee Inc.
Phising Activity Trends, monthly report, 5/07; Anti Phishing Working group — APWG: http://www.antphising.org
Consumer Fraud and Identity theft, complaint data, FTC-report, Jan 2006, http://www.ftc.gov
Security report online Identity theft, Feb 2006; http://www.btplc.com/ onlineidtheft/onlineidtheft.pdf
Washington Post Online (visible 10.11.07): http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html
Private communication, Security officer of a international bank (source remains confidential)
Secure Internet Banking Authentication, A. Hiltgen, Th. Kramp, Th. Weigold; IEEE Security & Privacy, March/April 2006
Trusted Computing Group; http://www.trustedcomputinggroup.org/home
AXSionics homepage: http://www.axsionics.ch
MySpace Passwords aren’t so dumb, Bruce Schneier, in Wired, 14.12.06 http://www.wired.com/politics/security/commentary/securitymatters/2006/12/72300
Biometrics in identity management, FIDIS EU-NoE FP6; D3.10; (to be published), http://www.fidis.net
Information Security is falling short, it is time to change the game; A. Coviello, Keynote speech at the RSA Conference Europe 2007, London
The smart and secure world in 2020, J. Seneca, Eurosmart Conference, 2007
Establishing a uniform identity credential on a national scale; Bearing Point White Paper and Protecting future large polymorphic networked infrastructure; D. Purdy, US solution for a national governmental electronic ID-Card; presented at the World e-ID conference in Sophia Antipolis, Sep. 2007
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Müller, L. (2008). Authentication and Transaction Security in E-business. In: Fischer-Hübner, S., Duquenoy, P., Zuccato, A., Martucci, L. (eds) The Future of Identity in the Information Society. Privacy and Identity 2007. IFIP — The International Federation for Information Processing, vol 262. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-79026-8_13
Download citation
DOI: https://doi.org/10.1007/978-0-387-79026-8_13
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-4629-4
Online ISBN: 978-0-387-79026-8
eBook Packages: Computer ScienceComputer Science (R0)