BUS303: Strategic Information Technology

Security is an eternal concern for organizations as they face the dual problem of protecting stored data and transported messages. Organizations have always had sensitive data to which they want to limit access to a few authorized people. Historically, such data have been stored in restricted areas (e.g., a vault) or encoded. These methods of restricting access and encoding are still appropriate.

Electronic commerce poses additional security problems. First, the intent of the Internet is to give people remote access to information. The system is inherently open, and traditional approaches of restricting access by the use of physical barriers are less viable, though organizations still need to restrict physical access to their servers. Second, because electronic commerce is based on computers and networks, these same technologies can be used to attack security systems. Hackers can use computers to intercept network traffic and scan it for confidential information. They can use computers to run repeated attacks on a system to breach its security (e.g., trying all words in the dictionary for an account's password).

Access control

Data access control , the major method of controlling access to stored data, often begins with some form of visitor authentication, though this is not always the case with the Web because many organizations are more interested in attracting rather than restricting visitors to their Web site. A variety of authentication mechanisms may be used (see Exhibit 12). The common techniques for the Internet are account number, password, and IP address.

Exhibit 12. Authentication mechanisms

Firewall

A system may often use multiple authentication methods to control data access, particularly because hackers are often persistent and ingenious in their efforts to gain unauthorized access. A second layer of defense can be a firewall , a device (e.g., a computer) placed between an organization's network and the Internet. This barrier monitors and controls all traffic between the Internet and the intranet. Its purpose is to restrict the access of outsiders to the intranet. A firewall is usually located at the point where an intranet connects to the Internet, but it is also feasible to have firewalls within an intranet to further restrict the access of those within the barrier.

There are several approaches to operating a firewall. The simplest method is to restrict traffic to packets with designated IP addresses (e.g., only permit those messages that come from the University of Georgia–i.e., the address ends with uga.edu). Another screening rule is to restrict access to certain applications (e.g., Web pages). More elaborate screening rules can be implemented to decrease the ability of unauthorized people to access an intranet.

Implementing and managing a firewall involves a tradeoff between the cost of maintaining the firewall and the loss caused by unauthorized access. An organization that simply wants to publicize its products and services may operate a simple firewall with limited screening rules. Alternatively, a firm that wants to share sensitive data with selected customers may install a more complex firewall to offer a high degree of protection.

Coding

Coding or encryption techniques, as old as writing, have been used for thousands of years to maintain confidentiality. Although encryption is primarily used for protecting the integrity of messages, it can also be used to complement data access controls. There is always some chance that people will circumvent authentication controls and gain unauthorized access. To counteract this possibility, encryption can be used to obscure the meaning of data. The intruder cannot read the data without knowing the method of encryption and the key.

Societies have always needed secure methods of transmitting highly sensitive information and confirming the identity of the sender. In an earlier time, messages were sealed with the sender's personal signet ring–a simple, but easily forged, method of authentication. We still rely on personal signatures for checks and legal contracts, but how do you sign an e-mail message? In the information age, we need electronic encryption and signing for the orderly conduct of business, government, and personal correspondence.

Internet messages can pass through many computers on their way from sender to receiver, and there is always the danger that a sniffer program on an intermediate computer briefly intercepts and reads a message. In most cases, this will not cause you great concern, but what happens if your message contains your name, credit card number, and expiration date? The sniffer program, looking for a typical credit card number format of four blocks of four digits (e.g., 1234 5678 9012 3456), copies your message before letting it continue its normal progress. Now, the owner of the rogue program can use your credit card details to purchase products in your name and charge them to your account.

Without a secure means of transmitting payment information, customers and merchants will be very reluctant to place and receive orders, respectively. When the customer places an order, the Web browser should automatically encrypt the order prior to transmission–this is not the customer's task.

Credit card numbers are not the only sensitive information transmitted on the Internet. Because it is a general transport system for electronic information, the Internet can carry a wide range of confidential information (financial reports, sales figures, marketing strategies, technology reports, and so on). If senders and receivers cannot be sure that their communication is strictly private, they will not use the Internet. Secure transmission of information is necessary for electronic commerce to thrive.

Encryption

Encryption is the process of transforming messages or data to protect their meaning. Encryption scrambles a message so that it is meaningful only to the person knowing the method of encryption and the key for deciphering it. To everybody else, it is gobbledygook. The reverse process, decryption, converts a seemingly senseless character string into the original message. A popular form of encryption, readily available to Internet users, goes by the name of Pretty Good Privacy (PGP) and is distributed on the Web. PGP is a public domain implementation of public-key encryption.

Traditional encryption, which uses the same key to encode and decode a message, has a very significant problem. How do you securely distribute the key? It can't be sent with the message because if the message is intercepted, the key can be used to decipher it. You must find another secure medium for transmitting the key. So, do you fax the key or phone it? Either method is not completely secure and is time-consuming whenever the key is changed. Also, how do you know that the key's receiver will protect its secrecy?

A public-key encryption system has two keys: one private and the other public. A public key can be freely distributed because it is quite separate from its corresponding private key. To send and receive messages, communicators first need to create separate pairs of private and public keys and then exchange their public keys. The sender encrypts a message with the intended receiver's public key, and upon receiving the message, the receiver applies her private key (see Exhibit 13). The receiver's private key, the only one that can decrypt the message, must be kept secret to permit secure message exchange.

Exhibit 13.: Encryption with a public-key system

The elegance of the public-key system is that it totally avoids the problem of secure transmission of keys. Public keys can be freely exchanged. Indeed, there can be a public database containing each person's or organization's public key. For instance, if you want to e-mail a confidential message, you can simply obtain the sender's public key and encrypt your entire message prior to transmission.

Exhibit 14: Message before encryption

Consider the message shown in Exhibit 14; the sender would hardly want this message to fall into the wrong hands. After encryption, the message is totally secure (see Exhibit 15). Only the receiver, using his private key, can decode the message.

Exhibit 15: Message after encryption

Signing

In addition, a public-key encryption system can be used to authenticate messages. In cases where the content of the message is not confidential, the receiver may still wish to verify the sender's identity. For example, one of your friends may find it amusing to have some fun at your expense (see Exhibit 16).

Exhibit 16: Message before signing

If the President indeed were in the habit of communicating electronically, it is likely that he would sign his messages so that the receiver could verify it. A sender's private key is used to create a signed message . The receiver then applies the sender's public key to verify the signature (see Exhibit 17).

Exhibit 17.: Signing with a public-key system

A signed message has additional encrypted text containing the sender's signature (see Exhibit 18). When the purported sender's public key is applied to this message, the identity of the sender can be verified (it was not the President).

Exhibit 18: Message after signing

Imagine you pay USD 1,000 per year for an investment information service. The provider might want to verify that any e-mail requests it receives are from subscribers. Thus, as part of the subscription sign-up, subscribers have to supply their public key, and when using the service, sign all electronic messages with their private key. The provider is then assured that it is servicing paying customers. Naturally, any messages between the service and the client should be encrypted to ensure that others do not gain from the information.