1、E-commerce Information Security Problems. IntroductionE-commerce (E-Business) is in open networks, including between enterprises (B2B), business and consumers (B2C) commercial transactions, compared with the traditional business model, e-commerce with efficient, convenient, covered wide range of cha
2、racteristics and benefits. However, e-commerce open this Internet-based data exchange is great its security vulnerabilities, security is a core e-commerce development constraints and key issues.In this paper, the basic ideas and principles of systems engineering, analyzes the current security threat
3、s facing e-commerce, in this based on security technology from the perspective of development trend of e-commerce. E-commerce modelModern e-commerce technology has focused on the establishment and operation of the network of stores. Network in the department stores and real stores no distinction bet
4、ween structure and function, differences in their function and structure to achieve these methods and the way business operate.Web store from the front view is a special kind of WEB server. WEB site of modern multimedia support and a good interactive feature as the basis for the establishment of thi
5、s virtual store, so customers can, as in a real supermarket pushing a shopping cart to select goods, and finally in the checkout check out. These online stores also constitute the three pillars of software: catalog, shopping cart and customer checkout. Customers use an electronic currency and transa
6、ction must store customers and stores are safe and reliable.Behind the store in the network, enterprises must first have a product storage warehouse and administration; second network to sell products by mail or other delivery channels to customers hands; Third, enterprises should also be responsibl
7、e for product after-sales service, This service may be through networks, may not. Internet transactions are usually a first Pay the bill and getting goods shopping. For customers, convenience is that the goods purchased will be directly delivered to their home, but hard to feel assured that the good
8、s can not be confirmed until the hands reach into their own hands, what it is.Therefore, the credibility of the store network and service quality is actually the key to the success of e-commerce.the key to development of electronic commerceE-commerce in the telecommunications network to develop. The
9、refore, the advanced computer network infrastructure and telecommunications policy easing the development of electronic commerce has become a prerequisite. Currently, telecom services, high prices, limited bandwidth, the service is not timely or not reliable and so the development of e-commerce has
10、become a constraint. Speed up the construction of telecommunications infrastructure, to break the telecommunications market monopoly, introduce competition mechanism to ensure fair competition in the telecommunications business, to promote networking, ensure to provide users with low-cost, high-spee
11、d, reliable communications services is a good construction target network environment, but also all of the world common task.E-commerce the most prominent problem is to solve the on-line shopping, trading and clearing of security issues, including the establishment of e-commerce trust between all th
12、e main issues, namely the establishment of safety certification system (CA) issues; choose safety standards (such as SET , SSL, PKI, etc.) problems; using encryption and decryption method and encryption strength problems. Establishment of security authentication system which is the key.Online tradin
13、g and traditional face to face or written transactions in different ways, it is transmitted through the network business information and trade activities. The security of online transactions means:Validity: the validity of the contract to ensure online transactions, to prevent system failure, comput
14、er viruses, hacker attacks.Confidentiality: the content of the transaction, both transactions account, the password is not recognized by others and stealing.Integrity: to prevent the formation of unilateral transaction information and modify.Therefore, the e-commerce security system should include:
15、secure and reliable communications network to ensure reliable data transmission integrity, prevent viruses, hackers; electronic signatures and other authentication systems; complete data encryption system and so on.e-commerce security issues facingAs e-commerce network is the computer-based, it inev
16、itably faces a number of security issues.(1) Information leakPerformance in e-commerce for the leakage of business secrets, including two aspects: the parties are dealing transactions by third parties to steal the contents; transaction to the other party to provide documents used illegal use by thir
17、d parties.(2) AlteredE-commerce information for business performance in the authenticity and integrity issues. Electronic transaction information in the network transmission process may be others to illegally modify, delete or re-changed, so that information about its authenticity and integrity.(3)
18、IdentificationWithout identification, third-party transactions is likely to fake the identity of parties to a deal breaker, damage the reputation of being counterfeit or stolen by one party to the transaction fake results and so on, for identification, the transaction between the two sides can preve
19、nt suspicion situation.(4) Computer virusesComputer virus appeared 10 years, a variety of new virus and its variants rapidly increasing, the emergence of the Internet for the spread of the virus has provided the best medium. Many new viruses directly using the network as its transmission, as well as
20、 many viruses spread faster through dried networks, frequently causing billions of dollars in economic losses.(5) HackerWith the spread of a variety of application tools, hackers have been popular, and are not in the past; non-computer expert can not be a hacker. Have kicked Yahoos mafia boy did not
21、 receive any special training, only a few attacks to the users to download software and learn how to use the Internet on a big dry.e-commerce security and safety factorsEnterprise application security is the most worried about e-commerce, and how to protect the security of e-commerce activities, wil
22、l remain the core of e-commerce research. As a secure e-commerce system, we must first have a safe, reliable communication network, to ensure that transaction information secure and rapid transmission; second database server to ensure absolute security against hackers break into networks to steal in
23、formation. E-commerce security technologies include encryption, authentication technology and e-commerce security protocols, firewall technology.(A), encryption technologyTo ensure the security of data and transactions to prevent fraud, to confirm the true identity of transaction parties, e-commerce
24、 to adopt encryption technology, encryption technology is through the use of code or password to protect data security. For encrypted data is called plaintext, specifically through the role of a encryption algorithm, the conversion into cipher text, we will express this change as the cipher text is
25、called encryption, the cipher text by the decryption algorithm to form a clear role in the output of this a process known as decryption. Encryption algorithm known as the key parameters used. The longer the key, the key space is large, traverse the key space the more time spent, the less likely crac
26、ked.Encryption technology can be divided into two categories: symmetric encryption and asymmetric encryption. Symmetric encryption to the data encryption standard DES (Data Encryption Standard) algorithm is represented. Asymmetric encryption is usually RSA (Rivets Shamir Aleman) algorithm is represe
27、nted.(B), authenticationCommonly used security authentication technologies: digital signatures, digital certificates, digital time stamp, CA security authentication technology.(C), hacker protection technologyCurrently, hackers have become the biggest e-commerce security threats, thus preventing hac
28、king network security technology has become the main content, by governments and industry are highly valued. Hacking techniques include buffer overflow attacks, Trojans, port scans, IP fraud, network monitoring, password attacks, and denial of service Dos attacks. At present, people have made many e
29、ffective anti-hacker technologies, including firewalls, intrusion detection, and network security evaluation techniques.the future security of e-commerceIncreasingly severe security problems, are growing threat to national and global economic security, governments have been based on efforts in the f
30、ollowing areas:(1) Strengthen the legislation, refer to the advanced countries have effective legislation, innovative, e-commerce and improve the protection of the laws against cyber-crime security system.(2) Establishment of relevant institutions, to take practical measures to combat cyber crime. D
31、evelopment of the law, the implementing agencies should also be used for its relevant laws, which must establish an independent oversight body, such as the executing agency to implement the law.(3) Increase investment in network security technology; improve the level of network security technology.
32、E-commerce security law is the prerequisite and basis for development and secure e-commerce security technology is a means of protection. There are many security issues are technical reasons, it should increase the technology resources, and continuously push forward the development of old technologi
33、es and developing new security technology.(4) To encourage enterprises to protect themselves against Internet crime against. To avoid attack, companies can not hold things to chance, must attach great importance to system vulnerabilities, in time to find security holes to install the operating syste
34、m and server patches, and network security detection equipment should be used regularly scan the network monitoring, develop a set of complete security protection system to enable enterprises to form a system and combined with the comprehensive protection system.(5) To strengthen international coope
35、ration to strengthen global efforts to combat cyber crime. As e-commerce knows no borders, no geographical, it is a completely open area, so the action against cyber crime e-commerce will also be global. This will require Governments to strengthen cooperation, can not have “the saying which goes, re
36、gardless of others, cream tile“ misconception.(6) To strengthen the network of national safety education, pay attention to the cultivation of outstanding computer. ConclusionE-commerce in China has developed rapidly in recent years, but the security has not yet established. This has an impact on the
37、 development of electronic commerce as a barrier.To this end, we must accelerate the construction of the e-commerce security systems. This will be a comprehensive, systematic project involving the whole society. Specifically, we want legal recognition of electronic communications records of the effe
38、ctiveness of legal protection for electronic commerce; we should strengthen the research on electronic signatures, to protect e-commerce technology; we need to build e-commerce authentication system as soon as possible, to organize protection for electronic commerce. Moreover, for e-commerce feature
39、s without borders, we should also strengthen international cooperation, so that e-commerce truly plays its role. Only in this way, we can adapt to the times Promoting Chinas economic development; also the only way we can in the economic globalization today, to participate in international competitio
40、n, and thus gain a competitive advantage.电子商务中的信息安全问题一 、引言电子商务(E-Business)是发生在开放网络上的包括企业之间(B2B) 、企业和消费者之间(B2C )的商业交易,与传统商务模式相比,电子商务具有高效、便捷、覆盖范围广等特点和优点。然而,电子商务这种基于 Internet 的开放式的数据交换是的其安全具有很大的脆弱性,安全问题是制约电子商务发展的一个核心和关键问题。本文从系统工程的基本观点和原理出发,分析了目前电子商务面临的各种安全威胁,在此基础上,从安全技术角度,探讨电子商务的发展趋势和方向二 、电子商务模式现代电子商务技
41、术已经集中于网络商店的建立和运作。网络商店和真实商店在部门结构和功能上没有区别,不同点在于其实现这些功能和结构的方法以及商务运作的方式。 网络商店从前台看是一种特殊的 WEB 服务器。现代 WEB 网站的多媒体支持和良好的交互性功能成为建立这种虚拟商店的基础,使得顾客可以像在真实的超级市场一样推着购物车挑选商品,并最后在付款台结账。这也就构成网上商店软件的三大支柱:商品目录、顾客购物车和付款台。顾客运用某种电子货币和商店进行交易必须对顾客和商店都是安全可靠的。而在网络商店的背后,企业首先要具备商品的存储仓库和管理机构;其次要将网络上销售的产品通过邮政或其他渠道投递到顾客手里;第三,企业同样要负
42、责产品的售后服务,这种服务可能是通过网络的,也可能不是。网络交易通常是一种先交钱后拿货的购物方式。对客户而言,其方便处在于购得的商品会直接投递到自己家里,而难以放心的是在商品到达手中之前并不能确认到自己手中的究竟是什么。因此网络商店的信誉和服务质量实际上是电子商务成功与否的关键。三 、电子商务发展的关键环节电子商务是在电信网络上发展起来的。因此,先进的计算机网络基础设施和宽松的电信政策就成为发展电子商务的前提。目前,电信服务价格过高,带宽有限,服务不及时或不可靠等因素已经成为发展电子商务的制约因素。加快电信基础设施建设,打破电信市场的垄断,引进竞争机制,保证电信业务公平竞争,促进网络互联,确保
43、为用户提供廉价,高速,可靠的通信服务是良好网络环境的建设目标,也是世界各国面临的共同课题。开展电子商务最突出的问题是要解决网上购物、交易和结算中的安全问题,其中包括建立电子商务各主体之间的信任问题,即建立安全认证体系(CA)问题;选择安全标准(如SET、SSL、PKI 等)问题;采用加、解密方法和加密强度问题。其中建立安全认证体系是关键。网上交易与传统的面对面或书面的交易方式不同,它是通过网络传输商务信息和进行贸易活动的。网上交易的安全问题意味着:有效性:保证网上交易合同的有效性,防止系统故障、计算机病毒、黑客攻击。保密性:对交易的内容、交易双方账号、密码不被他人识别和盗取。完整性:防止单方面
44、对交易信息的生成和修改。 所以,电子商务的安全体系应包括:安全可靠的通信网络,保证数据传输的可靠完整,防止病毒、黑客入侵;电子签名和其他身份认证系统;完备的数据加密系统等等。四 、电子商务面临的安全问题由于电子商务是以计算机网络为基础的,因此它不可避免面临着一系列的安全问题。(1)信息泄漏在电子商务中表现为商业机密的泄漏,主要包括两个方面:交易双方进行交易的内容被第三方窃取;交易一方提供给另一方使用的文件被第三方非法使用。(2)窜改电子商务中表现为商业信息的真实性和完整性的问题。电子的交易信息在网络上传输的过程中,可能被他人非法修改、删除或重改,这样就使信息失去了真实性和完整性。(3)身份识别
45、如果不进行身份识别,第三方就有可能假冒交易一方的身份,以破坏交易、破坏被假冒一方的信誉或盗取被假冒一方的交易成果等,进行身份识别后,交易双方就可防止相互猜疑的情况。(4)电脑病毒问题电脑病毒问世十几年来,各种新型病毒及其变种迅速增加,互联网的出现又为病毒的传播提供了最好的媒介。不少新病毒直接利用网络作为自己的传播途径,还有众多病毒借助干网络传播得更快,动辄造成数百亿美元的经济损失。(5) 黑客问题随着各种应用工具的传播,黑客己经大众化了,不像过去那样非电脑高手不能成为黑客。曾经大闹雅虎网站的黑手党男孩就没有受过什么专门训练,只是向网友下载了几个攻击软件并学会了如何使用,就在互联网上大干了一场。
46、五 、电子商务安全因素与安全技术安全问题是企业应用电子商务最担心的问题,而如何保障电子商务活动的安全,将一直是电子商务的核心研究领域。作为一个安全的电子商务系统,首先必须具有一个安全、可靠的通信网络,以保证交易信息安全、迅速地传递;其次必须保证数据库服务器绝对安全,防止黑客闯入网络盗取信息。电子商务安全的技术主要包括加密技术、认证技术和电子商务安全协议,防火墙技术等。(一)、加密技术为保证数据和交易的安全、防止欺骗,确认交易双方的真实身份,电子商务须采用加密技术,加密技术是指通过使用代码或密码来保障数据的安全性。欲加密的数据称为明文,明文经过某种加密算法作用后,转换成密文,我们将明文换为密文的
47、这一过程称为加密,将密文经解密算法作用后形成明文输出的这一程称为解密。加密算法中使用的参数称为密钥。密钥长度越长,密钥的空间就大,遍历密钥空间所花的时间就越多,破译的可能性就越小。加密技术可以分为两类:对称加密技术和非对称加密技术。对称加密技术以数据加密标准 DES (Data Encryption Standard)算法为典型代表。非对称加密技术通常以 RSA 算法为代表。(二) 、认证技术常用的安全认证技术有:数字签名、数字证书、数字时间戳、CA 安全认证技术。(三) 、黑客防范技术目前,黑客攻击已成为电子商务安全所面临的最大威胁,于是黑客防范技术也成为了网络安全的主要内容,受到了各国政府
48、和业界人士的高度重视。黑客入侵技术主要包括缓冲区溢出攻击、特洛伊木马、端口扫描、IP 欺骗、网络监听、口令攻击、拒绝服务 Dos 攻击等。目前,人们已提出了许多有效的反黑客技术,主要包括防火墙技术、入侵检测技术、网络安全评估技术等。六 、未来电子商务的安全工作日益严峻的安全问题,正越来越严重的威胁着各国及全球的经济安全,各国政府在已有的基础上,已在以下几个方面努力:(1)加强立法,参照先进国家已有的有效法律,不断创新,完善保护电子商务和打击网络犯罪的法律保障体系。(2)建立相关机构,采取实际措施打击网络犯罪。制定了法律,还应该有执行机构将相关的法律用到实处,这就必须建立独立的监督机构、执行机构
49、等来落实法律。 (3)加大对网络安全技术的投入,提高网络安全技术的水平。法律是电子商务安全问题发展的前提和基础,而安全技术则是电子商务安全的保障手段。很多安全问题都存在技术的原因,所以更应该加大技术研究的资金,不断推进旧技术的发展,并研究新的安全技术。 (4)鼓励企业加强自我保护,防范网络犯罪侵害。为避免遭受攻击,企业不能抱着侥幸心理,必须高度重视系统漏洞问题,及时给发现安全漏洞的操作系统和服务器等安装补丁程序,并应使用网络安全检测设备经常对网络进行扫描监控,制定一套完整的安全保护制度,使企业形成一个制度与技术结合的综合性保护体系。 (5)加强国际合作,增强全球范围内打击网络犯罪的力度。由于电子商务是没有国界,没有地域的,它是一个完全开放的领域,所以打击电子商务网络犯罪的行动也将是全球性的。这就要求各国政府加强合作,不能有“各扫门前雪,不管他人瓦上霜”的错误想法。 (6)加强对国民的网络安全教育,注意对优秀计算机人才的培养。七、 结束语我国的电子商务近年来发展很快,但是有关的安全保障还未建立起来。这已经成为影响我国电子商务发展的一个障碍。为此,我们必须加快建设有关的电子商务安全系统。这将是一个综合性的、涉及全社会的系统工程。具体而言,我们要从法律上承认电子通讯记录的效力,给电子商务以法律保障;我们要加强对电子签名等的研究,给电子商务以技术保障;我们还要
