Abstract
Cyber crime is a growing threat affecting all business sectors. Stock Exchanges, a financial services sector, are not far from it. Trading stocks via Internet exposes the process to cyber threats that might take advantage of a system defect to breach security and cause possible harm. Online Trading websites are protected by various security systems. Digital Certificate, which is based on Secure Socket Layer (SSL) protocol, is an example. This research examines implementation of Digital Certificate in online trading servers. This evaluation helps to identify security weaknesses and take actions for protection improvement.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ngare, E., Nyamongo, E.M., Misati, R.N.: Stock market development and economic growth in Africa. J. Econ. Bus. 74, 24–39 (2014)
Ayadi, R., Arbak, E., Naceur, S.B., De Groen, W.P.: Financial development, bank efficiency, and economic growth across the Mediterranean. In: Economic and Social Development of the Southern and Eastern Mediterranean Countries. Springer, pp. 219–233 (2015)
Tendulkar, R.: Cyber-crime, securities markets and systemic risk. In: IOSCO Staff Working Paper, pp. 3–11 (2013)
Rashid, F.Y.: Cyber attacks against stock exchanges threaten financial markets: Report (2013). http://www.securityweek.com/cyber-attacks-against-stock-exchanges-threaten-financial-markets-report
Shostack, A.: Threat Modeling: Designing for Security. Wiley, New York (2014)
Frier, A., Karlton, P., Kocher, P.: The SSL 3.0 protocol. Netscape Commun. Corp. 18, 27–80 (1996)
Barnes, R., Thomson, M., Pironti, A., Langley, A.: Deprecating secure sockets layer version 3.0. Technical report, Internet Engineering Task Force (2015)
Dierks, T., Allen, C.: The TLS protocol, version 1.0. The Internet Engineering Task Force (1999)
Polk, T., McKay, K., Chokhani, S.: Guidelines for the selection, configuration, and use of transport layer security (TLS) implementations. NIST Spec. Publ. 800(52), 32 (2014)
Hamid, K., Suleman, M.T., Ali Shah, S.Z., Akash, I., Shahid, R.: Testing the weak form of efficient market hypothesis: empirical evidence from Asia-Pacific markets. Int. Res. J. Finan. Econ. 58, 121–133 (2010)
Fenghua, W., Zhifang, H., Zhifeng, D., Xiaoguang, Y.: Characteristics of investors’risk preference for stock markets. Econ. Comput. Econ. Cybern. Stud. Res. 48(3), 80–99 (2014)
Coffee Jr., J.C., Sale, H., Henderson, M.T.: Securities Regulation: Cases and materials. Foundation Press, New York (2015)
Hussain, S., Kamal, A., Ahmad, S., Rasool, G., Iqbal, S.: Threat modelling methodologies: a survey. Sci. Int. (Lahore) 26(4), 1607–1609 (2014)
Alsaadi, E., Tubaishat, A.: Internet of things: features, challenges, and vulnerabilities. Int. J. Adv. Comput. Sci. Inf. Technol. 4(1), 1–13 (2015)
Andrea, I., Chrysostomou, C., Hadjichristofi, G.: Internet of things: security vulnerabilities and challenges. In: 2015 IEEE Symposium on Computers and Communication (ISCC). IEEE, pp. 180–187 (2015)
William, S.: Cryptography and Network Security, 4/E. Pearson Education India, New Delhi (2006)
McKinley, H.L.: SSL and TLS: A Beginners’ Guide. SANS Institute (2003)
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol, version 1.1. The Internet Engineering Task Force (2006)
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol, version 1.2. The Internet Engineering Task Force (2008)
Turner, S., Polk, T.: Prohibiting secure sockets layer (SSL) version 2.0. The Internet Engineering Task Force (2011)
Sheffer, Y., Holz, R., Saint-Andre, P.: Summarizing known attacks on transport layer security (TLS) and datagram TLS (DTLS). Technical report, The Internet Engineering Task Force (2015)
Ristic, I.: Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications. Feisty Duck, London (2013)
Seltzer, L.: Best practices and applications of TLS/SSL. https://www.symantec.com/content/en/us/enterprise/white_papers/b-best-practices-applications-of-tls-ssl_WP.pdf
Huang, L.S., Adhikarla, S., Boneh, D., Jackson, C.: An experimental study of TLS forward secrecy deployments. IEEE Internet Comput. 18(6), 43–51 (2014)
Rescorla, E., Ray, M., Dispensa, S., Oskov, N.: Transport layer security (TLS) renegotiation indication extension. Internet Engineering Task Force (IETF) (2010)
Giesen, F., Kohlar, F., Stebila, D.: On the security of TLS renegotiation. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. ACM, pp. 387–398 (2013)
Prentow, T.S., Krarup, M.V.: MITM attacks on SSL/TLS related to renegotiation (2009)
Hansen, R.: Strict communications transport security, uS Patent App. 14/172,899 (2014). https://www.google.com/patents/US20140250296
EGX Egyptian exchange (2017). http://www.egx.com.eg
EFSA. Egyptian financial supervisory authority (2017). http://www.efsa.gov.eg
Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, pp 581–590 (2006)
Khandelwal, S.: Millions of linkedin users at risk of man-in-the-middle attack (2014). http://thehackernews.com/2014/06/millions-of-linkedin-users-at-risk-of.html
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
ElShafei, E., AbdelBaki, N. (2018). Stock Exchange Threat Modeling, EGX as a Case Study. In: Hassanien, A., Shaalan, K., Gaber, T., Tolba, M. (eds) Proceedings of the International Conference on Advanced Intelligent Systems and Informatics 2017. AISI 2017. Advances in Intelligent Systems and Computing, vol 639. Springer, Cham. https://doi.org/10.1007/978-3-319-64861-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-64861-3_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64860-6
Online ISBN: 978-3-319-64861-3
eBook Packages: EngineeringEngineering (R0)