Data Security in the Digital Era:Issues and ChallengesDr. Jayanti Goyal Anjali Vijayvargiya Author DetailsDr.Jayanti Goyal AnjaliVijayvargiya HOD,Dept. of Computer Science AssistantProfessor,Kanoria PG Mahila Mahavidyalaya KanoriaPG Mahila MahavidyalayaAddress: Address: ContactNo.: +91-9828458172 ContactNo.: +91-9461641495E-mail:[email protected]
in E-mail:[email protected] Abstract:Dataplays a critical aspect in our daily routine; whether it is for getting accessto the bank account or it is for paying the bill over the network. At present, onthis technology of digitalization, personal information vulnerabilities haveincreased so far. So security becomes a crucial part in any online transaction.This information can keep private by various security measures, includingstrong authentication, encryption and digital signatures; each ensuring thatour valuable information is available only to those who have authorized accessrights. These security measures are very capable to prevent unauthorized accessof personal data. There are 2 major concerns for both e-commerce customers andwebsites; Privacy is the control over one’s own data whereas Securityis the protection which prevents unauthorized access on the data over the network.
Clients will lose their faith towards e-commerce if their valuable data iscompromised at any level.Today,due to its ubiquitous nature, E-Commerce sites are accessed by anyone atanywhere. As customers increases the risk have also increased in such a waythat we need to considered security as a major challenge. This paper would throwlight on E-commerce security, its purpose, different security issues and challengesand the way they affect trust and behavior of a customer within the environmentof purchasing or buying the product. Keywords:E-Commerce, Authentication, Encryption, Digital Signature, Privacy, SecurityIntroduction:E-Commerceor electronic commerce is broadly considered as buying and selling the goodsand services over the network.
It includes significant business area such asshopping, banking, tickets booking, paying bills and taxes, food delivery andmuch more other option available. E-commerce is subdivided into three categories: businessto business or B2B (Cisco), consumer to consumer or C2C (eBay) and business to consumeror B2C (Amazon). E-commerce Security is a part of the Information Securityframework and is in particular carried out to the components that affecte-commerce that include Computer Security, Data security and other wider realmsof the Information Security framework. Webe-commerce applications that take care of payments such as electronictransactions using credit cards or debit cards, online banking, PayPal or othertokens have more compliance issues and are at increased risk from beingtargeted than other websites as they suffer greater consequences if there isdata loss or alteration. Mule, Trojan horse and worms if launched againstclient systems, pose the greatest threat to e-commerce privacy and securitybecause they can subvert most of the authorization and authenticationmechanisms used in an ecommerce transaction.
Trust has always been an importantelement in influencing consumer behavior toward merchants and has been provento be of high significance in uncertain environments such as Internet-based environments.While a variety of factors such as branding and store reputation may influencetrust, one missing factor is the face-to-face communication and lack of touchand feels which is present in physical interactions. Therefore, it has beenargued that trust would be favorably influenced by increase in perceptions ofsecurity and privacy in E-commerce transactions. How e-commerce works?A customer wants to order a product online by his/her computer. Web browser then communicate with the web server that manages the e-commerce store’s website.The Web server sends the order to the order manager which is the central computer that operates orders from submission to dispatch through every stage of processing.The order manager then queries the store database to check whether the customer wants is actually in stock or not.
If the item is not found in stock database then the system can order new supplies from the wholesalers or manufacturers. And if the item or product found in the stock database then the order manager continues to process it. Next it communicates with the merchant system to make payment using the customer’s credit or debit card number. The bank computer confirms whether the customer has enough funds.The merchant system authorizes the transaction to go ahead after done with payment.Then merchant system contacts to order manager after payment being done.The order manager confirms that the transaction has been successfully processed and then notifies the Web server.
The Web server shows a Web page confirming that order has been processed and the transaction has been complete to the customer. The order manager then request to the warehouse to dispatch the goods to the customer.A dispatch truck then collects the goods from the warehouse.Once the goods have been dispatched, the warehouse computer e-mails the customer to confirm that goods are on the way.The goods are delivered to the customer.Purposeof Study:Thepurpose behind choose data security is following-· To understandthe process behind online shopping.· To deal withthe purpose of security in e-commerce.· To discuss thedifferent security issues which are faced during e-commerce transactions· To discussvarious security threats.
Purposeof Security in E-Commerce:E-commercesecurity is a crucial part of any online transactions that happens often andtakes place over the network. There are various dimensions of e-commercesecurity. ØIntegrity:It refers to prevention against unauthorized data modification.
That means information or data should not be altered during its transmissionwhich takes place online. ØNo Repudiation:It refers to prevention against the denial of order or payment. Once a sendersends her transaction details, the sender should not be able to deny sendingthe message. Similarly, the receiver of messageshould not be able to deny the receipt. ØAuthenticity:It refers to authentication of data source. There should be a mechanism to giveauthentication only authorized person or user. ØConfidentiality:It refers to protection against unauthorized data disclosure.
That means data or information should not be accessible or available to anunauthorized person. The data has to be between the client and server only. Itshould not be intercepted over the transmission.ØPrivacy:It refers to provision of data control and disclosure of data. ØAvailability:It refers to prevention against data delays or removal of data. Informationshould be available whenever and wherever it required. SecurityIssues in E-commerce:Data is transferred over thenetwork by login or by transaction details. To secure those data fromunauthorized access, E-commerce security provides a protection layer one-commerce assets.
Consumers hesitate by the fear of losing their financialdata and e-commerce sites frighten about their financial losses and thatresults to bad impact on publicity. There are many security issues associatedwith e-commerce such as critical issues, social issues and organizationalissues. An online transaction requires a customer to disclose sensitiveinformation to the vendor in order to make purchase, placing him at significantrisk. Transaction security is concerned with providing privacy in transactionsto the buyers and sellers and protecting the network from breakdowns and thirdparty attack. It basically deals with-1. Issues related with customers or ClientsSecurity – if their data is not secured over the network, then it is anissue to think about. Organization has to provide security feature and takeguarantee that data is secured by them.
Techniques and practices that protectuser privacy and integrity of the computing system.2. Issue related with Server Security– to protect web server, software and associated hardware from break-ins,vandalism from attacks. If there is an error in that software which implementssecurity and by any reason it is not providing that security so it is thesecond case which also takes seriously.3. Issue related with Transactions Security– to provide guarantee protection against eavesdropping and intentional messagemodification such ad tapping, intercepting and diverting the intended data. A.
Security threats – Thevarious types of security threats exist in e-commerce. 1. Malicious Code– it is harmful code that harms the computer system and makes it useless afterattack. It includes virus, worms, Trojan horse etc. 2. Phishing and Identity Theft– it is a type of attack in which user data such as login credentials andcredit and debit card numbers steal by the attacker by providing an email,instant message.
By clicking in this malicious link and providing his/herdetails then, their data hack easily by the intruder.3. Unauthorized access-it includes illegal access to data or systems for some malicious purpose. Twotypes of attack are included for unauthorized access, one is passiveunauthorized access, in which the hacker keeps his eye only on the data that isover the network and further used it for their own illegal ambitions. However,in active unauthorized access the hacker modifies the data with the intentionto manipulate it. Home computer, point-of-sale and handheld devices can easilyget affected by this attack.4.
Denial of service-hackers flood a website with useless traffic to target a computer or a networkand to stop them working properly. It may occur by spamming and virus. Spammingis an unusual email bombing on the targeted device by the hacker. By sendingthousands of email one after the other, the system is affected by this attack.5.
Theft and fraud-fraud occurs when the stolen data is used or modified for illegal action.Hackers break into insecure merchant web servers to harvest archives of creditcard numbers generally stored along with personal information when a consumermakes an online purchase. The merchant back-end and database is alsosusceptible for theft from third party fulfillment centers and other processingagents. B.
Defensive measuresagainst security threatsThe defensive measures used intransactions security are:1. Encryption– it’s far the system of converting plain text or information into cipher textthat can’t be examined by using every person except the sender and receiver. Itis accomplished with the help of mathematical algorithm the key’s required todecode the message. In an asymmetric key encryption each the sender andreceiver use the same key to encrypt and decrypt the messages whereas symmetricor public key encryption makes use of two digital keys which are public and privateto encrypt and decrypt the messages.2. Secure Socket Layer– the SSL protocol provides data encryption, server authentication, clientauthentication and message integrity for TCP/IP connections. It preventseavesdropping, tampering or forgery when data is transported over the internetbetween two applications.
It is system networking protocol forsecuring connections between network application clients and servers over aninsecure network, such as the internet.3. Secure hypertext transfer protocol- An Internet protocol for encryption of Hypertext Transfer Protocol (HTTP)traffic. Secure Hypertext Transfer Protocol (S-HTTP) is an application-levelprotocol that extends the HTTP protocol by adding encryption to Web pages. Itadditionally gives mechanisms for authentication and signatures of messages.4.
Digital Signature -A Digital Signature Certificate (DSC) is a secure digital key that certifiesthe identity of the holder, issued by a Certifying Authority (CA). It typicallycontains your identity (name, email, country, APNIC account name and yourpublic key). Digital Certificates use Public Key Infrastructure meaning datathat has been digitally signed or encrypted by a private key can only bedecrypted by its corresponding public key. A digital certificate is anelectronic “credit card” that establishes your credentials when doingbusiness or other transactions on the Web.Challenges:Almost all data security issues arecaused by the lack of effective measures provided by antivirus software andfirewalls. Here are the following measures, on the basis of which security isbeing determined.
Some organizations cannot provide access controls to divide the level of confidentiality within the company.Access control encryption and connections security can become inaccessible to the IT specialists who rely on it.Unethical IT specialists practicing information mining can gather personal data without asking users for permission or notifying them.When a system receives a large amount of information, it should be validated to remain trustworthy and accurate; this practice doesn’t always occur, however.
Automated data transfer requires additional security measures, which are often not available.Most distributed systems computations have only a single level of protection, which is not recommended.Conclusion:Today, e-commerce is widely taken into consideration forthe buying and selling of goods and services over the internet, however any digitaltransaction that is completed entirely through digital measures can be consideredin e-commerce. Day by day e-commerce playing very good role in online retailmarketing and peoples using this technology day by day increasing all over the world.
So it is very essential to take security parameter seriouslyin case of e-commerce transactions. E-commerce security is the protection of e-commerceassets from unauthorized access, use, alteration, or destruction. Notonly must e-commerce sites and consumers judge security vulnerabilities andassess potential technical solutions, they must also assess, evaluate, andresolve the risks involved. A networked application cannot offer completemeasures of connectivity, security, and ease-of-use simultaneously; there appearsto be an intrinsic trade-off here, and some sacrifice is unavoidable. For thatreason, the security concern at first place over the other from an e-commercemerchant’s perspective and web servers has to provide the customer that.
Furthermore, sensitive servers should be kept highly specialized, by turningoff and removing all inessential services and applications (e.g., ftp, email).Until e-commerce vendors achieve the necessary delicate balance of privacy,trust and security. Therefore the mechanisms such as encryption, protection,verification and authentication are used to implement security in proper way.
The marketplace can be trustworthy only when consumers sense trust intransacting in that surroundings.References:1 “E-Commerce- Study of Privacy, Trust and Security from Consumer’s Perspective”International Journal of ComputerScience and Mobile Computing, IJCSMC, Vol. 5, Issue. 6, June 2016, pg.224 – 232 2 “Security Issues over E-Commerceand their Solutions” https://www.researchgate.net/publication/317612828_Security_Issues_over_ECommerce_and_their_Solutions3 Website Link http://www.bbamantra.com/transaction-security-e-commerce/4 Website Link http://www.datacenterknowledge.com/archives/2016/01/19/nine-main-challenges-big-data-security