Ecommerce Security  «Prev  Next»
Lesson 6 Fending off an attack
ObjectiveDefine encryption types that are used to fend off attacks.

Fending off DOS Attack

You have implemented a cryptosystem to protect your ecommerce site, but you may want to ensure that the site remains secure from even the most sophisticated hackers. Though many vendors offer techniques that can dissuade even though most sinister hacker, you should have a basic understanding of what those techniques are; this lesson provides you with that overview.
  • How to fend off attack How do you fend off these various forms of attack? Different "strengths" of encryption provide the means to foil attempted security breaches.
    A commonly discussed but frequently misunderstood aspect of cryptography is the strength of encryption. What constitutes "strong encryption," which is protected by U.S. export laws? What level of encryption is required for various security needs? How do you determine the effective strength of different types of encryption?
    These questions are addressed below.
  • Encryption types Finally, there are three basic encryption types, which typically vary based on how they use keys. The three encryption types include private or symmetric encryption, public or asymmetric encryption, and one-way encryption. They are described in the FlipBook below. A private key might be compared to your house key, and a public key likened to your house number. You give access to the first only to those you know and trust. The second is publicly available information.

Secure ecommerce Transactions

Types of encryption

1) In symmetric or private-key encryption, both parties to the communication most passes a single secret or private key, as show below.
  1. Extracted Text:
    • Title: Private-Key Encryption
    • Description: "In symmetric or private-key encryption, both parties to the communication must possess a single secret or private key, as shown below. Private-key encryption has been around for thousands of years; the use of a secret password is a clear example of this."
  2. Relevant Features:
    • Visual Representation: The image depicts two people at computers (likely representing two parties in communication). Both of them hold the same key labeled "Private Key" with identical information ("DD:10:27:86:P8"). This symbolizes symmetric encryption, where both parties use the same key for encryption and decryption.
    • Key Concept: The image is illustrating private-key (symmetric) encryption, emphasizing that both the sender and the recipient need to have the same secret key to exchange encrypted information securely.
    • Text Emphasis: The title is in larger, prominent text ("Private-Key Encryption"), suggesting that the image is focused on explaining the concept of symmetric encryption. The description emphasizes the history of private-key encryption and how passwords are an early example of this technique.
This image serves as an introductory visual to symmetric encryption methods, explaining that both parties share the same secret key.

2) Private-key encryption is a paradox: 1) to use this encryption, a secure channel has to exist between the two parties to transfer the shared key
2) Private-key encryption is a paradox: 1) to use this encryption, a secure channel has to exist between the two parties to transfer the shared key, but if such a secure channel exists, why are use encryption in the first place?

3) Asymmetric, or public-key encryption as it is more commonly called
3) Asymmetric, or public-key encryption as it is more commonly called, allows parties previously unknown to each other to conduct a transaction. Public key-encryption is fairly recent, and has only been in use since the mid 1980s.

4) The public key is published and widely disseminated, while the private key is kept secret.
4) The public key is published and widely disseminated, while the private key is kept secret.

5) Because communication decryption requires only public keys, which are widely available anyway
5) Because communication decryption requires only public keys, which are widely available anyway, secret keys need no longer be exchanged RSA is the de facto standard for public-key cryptosystems.

6) One-way encryption, as its name implies, is encryption that prevents the resulting cipher from being decrypted.
6) One-way encryption, as its name implies, is encryption that prevents the resulting cipher from being decrypted. A one-way function is relatively easy to compute in one direction, but very difficult ot computer in the other direction.

7) Historically these funcations have been used for storing items such as passwords on Windows and Unix systems
7) Historically these functions have been used for storing items such as passwords on Windows and Unix systems.

Encryption Technology

Encryption Strength

Encryption strength is based on three primary factors:
  1. Strength of the algorithm (or encryption procedure) Algorithm strength determines how difficult it is to mathematically reverse the encrypted information. The strongest algorithms make it nearly impossible to reverse the information with anything short of a brute force attack.
  2. Secrecy of the key: The second factor, the secrecy of the key, is a logical but sometimes overlooked factor in encryption strength. No algorithm, however strong, can protect you from compromised keys. Thus, the safety of your encrypted data is directly tied to how secret the key remains.
  3. Length of key: In terms of encryption and decryption formula application, the key length is determined in bits. Adding a bit to the length of the key does not increase its possibilities by two but, rather, doubles them.
Note: For the most reliable security, rely on industry-standard algorithms that have been tested and tried over time by cryptography experts. Any new or proprietary formula should be viewed with significant distrust until it has been verified in the commercial realm.
In the next lesson, you will learn about authentication.

SEMrush Software 6 SEMrush Banner 6