Analysis of e-commerce strategy for security issues and solutions

Abstract: Electronic commerce is the Internet as a trading platform to trade, security issues have become major issues e-commerce Development. This paper discusses the Development of electronic commerce exist in today's security threats and the corresponding technical solutions.

Paper Keywords: electronic commerce, security, security Technology
2, the main requirements of e-commerce security
2.1. Confidentiality
E-commerce as a means of trade, the Information directly on behalf of the individuals, businesses or state trade secrets. Traditional paper-based trade is a letter or package by mail through a reliable communication channel to send commercial messages to achieve to maintain confidentiality purpose. E-commerce is built on an open network environment, the maintenance of trade secrets is important to promote the use of comprehensive e-commerce security.

2.2. Integrity
Simplifies the process of e-commerce trade, reducing human intervention, but also bring business Information to maintain the integrity of trading parties, unified. Since the time of accident data input error or fraud, may lead to trade Information between the parties. In addition, the data is lost during transmission of Information, duplication of Information or information transmitted in the order information between trading partners will lead to different. to prevent the random information generation, modify, and delete the same time to prevent data loss during transmission of information information transfer and duplication and to ensure the order of unity.

2.3. Reliability
In the traditional paper-based trade, the trading parties in the transaction by the contract, lease or trade documents such as handwritten signatures on paper documents or stamps to identify trading partners to determine contracts, deeds, documents the reliability and prevent the occurrence of acts of repudiation. This is commonly known as "black and white." paperless e-commerce in the way, through handwritten signatures and seals for the identification of trading parties have not, therefore, to transfer the information in the transaction involved in the transaction process for individuals, businesses or country to provide reliable identification.

2.4 Effectiveness
E-commerce in electronic form instead of paper, then how to ensure that the effectiveness of trade information in electronic form is a prerequisite for e-commerce.

2.5 Reliability
The traditional face to face trading is relatively easy to ensure the establishment of trust between parties to the transaction process and transaction security. And e-commerce activities in the trade is conducted through the network, the parties do not meet each other, and thus a lack of trust in traditional transactions sense of security. University of Michigan conducted a survey of 23,000 institutions through a survey of Internet users, more than 60% of people have been reluctant to security issues of e-commerce online shopping. any individual, business or commercial institutions and banks not through a secure network for business transactions, this will lead to commercial secrets or personal privacy information disclosure, resulting in huge loss of profits. According to China Internet Network Information Center (CNNIC) released the "China Internet Development Statistics report "in e-commerce, 52.26% of the users are most concerned about is safety and reliability of transactions. This shows that e-commerce network security and transaction security is the key to achieving e-commerce.

3, causing insecurity of e-commerce
Business information storage depending on the computer database Technology to achieve, the main way information transmission is the Internet. So also is the insecurity of e-commerce to a computer database and network communication Technology as the main objective of the security vulnerability, a threat the main reason for e-commerce activities, as the main way lawless invasion.

3.1. Database security problems facing the
E-business enterprises, most of the establishment used to store and manage the core database business data. For most legitimate users, this core database critical information is stored as a very convenient way, and from the perspective of the attacker Look, these myths are the benefits of this database in the network sniffer data than the benefits of playing more. through the crack database, you can access at one point only to the accurate data. attackers to steal the once access to the database to the database query command can easily access the desired information, such as credit card numbers, customer information, quotations, price lists and other confidential business information. E-commerce in the database security problems faced by the performance of illegal intruder attack on the database, electronic transaction information transmitted over the network in the process, and may be unlawful modification, deletion or replay (that can only be used once the information is used multiple times), so that information is lost the true and integrity.

3.2. network communication security problems facing the
E-communication in the network security problems facing in the following areas: transactions by a third party to steal the contents of the electronic transaction information in the online transfer process, and may be unlawful to modify, delete, or replay. Network transmission reliability of the hardware or software subject to restrictions on the defect, so that information can not be guaranteed during transmission, storage and transmission of information by the threat of vandalism (such as threats), and information destruction. including network hardware and software problems caused by information transmission loss and fallacy, and a number of malicious programs which led to the destruction of the destruction of e-commerce information.

4, e-commerce security Technology in the
To meet the security requirements of e-commerce, e-commerce system must use secure Technology to provide reliable e-commerce security services participants, specific techniques can be used as follows:
4.1. Digital Signature Technology
"Digital signature" technology through electronic transaction security code image argument, is the main form of electronic signatures. It seeks to address some of the fundamental Internet trading faces problems: data confidentiality, data is not tampered with, the transaction can only verify the identity of each , the transaction originator can not deny their own data. "digital signature" is the e-commerce, e-government is the most common, most mature technology, the most feasible method for an electronic signature. It uses standardized procedures and scientific methods used to identify the identity of the signer and the recognition of an electronic data content. It can also verify the original document whether changes in the transmission process, to ensure the integrity of electronic document transmission, authenticity and non- repudiation.

4.2. Firewall technology
A firewall is a recently developed computer network security and technical protection measures, it is a network to prevent hackers to access a network of institutions, the barrier can also be called the control in / out threshold of communication in both directions. boundary in the network set up by the corresponding network traffic monitoring system to isolate the internal and external networks to prevent their invasion of the external network. now there are three main types of firewalls: packet filtering firewall, proxy firewall, dual-homed host firewall.


4.3. Intrusion Detection System
Intrusion detection system to monitor and track system, events, safety records and system logs, as well as network data packets, identify any undesirable activities in the intruder before damage occurred on the system to detect intrusion attacks, and use of alarm alarm and protection systems, block and other responses. reposted elsewhere in the Research Papers Download http://www.hi138.com 4.4. information encryption technology
The purpose of information encryption is to protect the data within the network, files, password, and control information to protect data transmitted over the Internet. Network encryption methods commonly used link encryption, endpoint encryption and encrypted three nodes. Link encryption to protect network the link between nodes of information security, end - the purpose is to end encryption source to the destination user to protect user data, the purpose encryption node is the source node to the destination transmission link between nodes to provide protection. Users can be selected according to the network as appropriate, the encryption method.

4.5 Security Authentication
The main role of the safety certification of information certification, information for authentication purposes is to confirm the identity of the sender to verify the integrity of information that confirm the information in the transmission or storage process has not been tampered with.

4.6 anti-virus system
Virus in the network, storage, transmission, infection means more speed, different forms, great harm on the site. Therefore, we should use all-round anti-virus products, the implementation of "defense in depth, centralized control, to prevent the main , anti-killing combination of "anti-virus strategy, build a comprehensive anti-virus system.

5. The main security technology
5.1 Virtual Private Network (VPN
This is a special deal for the Internet network, it can establish security between the two systems the channel (or tunnel, for electronic data interchange (EDI. it to send credit card transactions and customer order transaction is different, because the VPN , the two sides of the data traffic is much greater, and the communication between the parties are familiar with each other. This means you can use sophisticated encryption and authentication technology-specific, as long as the communication between the parties can default, no need to be unified for all the VPN encryption and authentication. existing or under Development data VPN tunnel system can further increase security, so it can ensure data confidentiality and availability.

5.2 Digital Certificates
Digital certificate information available electronically prove the identity of the sender and recipient, file integrity (such as an invoice has not been modified, and even the validity of the data media (such as audio, photos and so on. As more and more businesses in the e-commerce more use of encryption technology, people want to have a trusted third party to the relevant data for digital certification. At present, the digital certificate is generally achieved through one-way Hash function, which can verify the integrity of the parties to the transaction data, Java JDK1.1 can support several one-way Hash algorithm. In addition, S / MIME protocol has made great progress, can be integrated into the product so that users can send the information via Email signature and certification. Meanwhile, businesses can also use PGP (Pretty Good Privacy technology, which allows the use of trusted third party key control. can be seen, the digital authentication technology will have broad application prospects, it will directly affect the Development of electronic commerce.

5.3 Encryption
To ensure the safety of the most important e-commerce is the use of encryption technology that sensitive information is encrypted. Now, some private key encryption (eg 3DES, IDEA, RC4 and RC5, and public key encryption (eg RSA, SEEK, PGP and the EU can e-commerce to ensure the confidentiality, integrity, authenticity and non-repudiation services. However, the widespread use of these technologies is not an easy thing. password, academics have a famous saying: encryption technology itself is very good, but they realize it often far from ideal. now, although there are a variety of encryption standards, but people really need is the development of standards for the enterprise environment encryption system. encryption technology to allow for more diverse choices, but also bring a compatibility problem, different businesses may use different standards. In addition, encryption technology has always been controlled by the state, such as SSL exports by the United States National Security Agency (NSA limit. Currently, the U.S. businesses can generally use 128 bit SSL, but the U.S. only allows 40-bit encryption key for the export of the following algorithm. Although 40-bit encryption SSL also has some strength, but it is clear that the safety factor of more than 128-bit SSL is much lower. According to newspaper reports recently, California has been successfully cracked the 40-bit SSL, which has aroused extensive attention. outside the United States can not really take full advantage of e-commerce SSL, say that this is a regret. Shanghai Electronic Certificate Management Centre launched a 128-bit SSL algorithm, to make up the domestic vacancy, and the use of digital signature technology to ensure the security of e-commerce.

6, Prospect
Safety is the lifeline of survival and development of e-commerce, with the network information technology, security technology platform and safety management strategy for improving and will continue to develop and. E-commerce website designers must be careful security analysis, risk assessment, business needs efficiency analysis and Web site based on the analysis in order to develop an overall security solution.

Of personal information must remain confidential, must also be recognized entity with whom they deal are not counterfeit. To win the trust of consumers, security solutions must ensure strict confidentiality of personal information, whether in storage, transmission and use . In addition, security solutions must also ensure the integrity of transactions with consumers.

For businesses, the main two problems. First, confirm the identity of the user to define user permissions, ensuring users can only act within the competence of execution, and second, protect corporate assets from malicious attacks, such as viruses, denial of service attacks and data from theft and damage. reposted elsewhere in the Research Papers Download http://www.hi138.com