资源描述
E-commerce Information Security Problems . Introduction E-commerce (E-Business) is in open networks, including between enterprises (B2B), business and consumers (B2C) commercial transactions, compared with the traditional business model, e-commerce with efficient, convenient, covered wide range of characteristics and benefits. However, e-commerce open this Internet-based data exchange is great its security vulnerabilities, security is a core e-commerce development constraints and key issues. In this paper, the basic ideas and principles of systems engineering, analyzes the current security threats facing e-commerce, in this based on security technology from the perspective of development trend of e-commerce. . E-commerce model Modern e-commerce technology has focused on the establishment and operation of the network of stores. Network in the department stores and real stores no distinction between structure and function, differences in their function and structure to achieve these methods and the way business operate. Web store from the front view is a special kind of WEB server. WEB site of modern multimedia support and a good interactive feature as the basis for the establishment of this virtual store, so customers can, as in a real supermarket pushing a shopping cart to select goods, and finally in the checkout check out. These online stores also constitute the three pillars of software: catalog, shopping cart and customer checkout. Customers use an electronic currency and transaction must store customers and stores are safe and reliable. Behind the store in the network, enterprises must first have a product storage warehouse and administration; second network to sell products by mail or other delivery channels to customers hands; Third, enterprises should also be responsible for product after-sales service, This service may be through networks, may not. Internet transactions are usually a first Pay the bill and getting goods shopping. For customers, convenience is that the goods purchased will be directly delivered to their home, but hard to feel assured that the goods can not be confirmed until the hands reach into their own hands, what it is. Therefore, the credibility of the store network and service quality is actually the key to the success of e-commerce. .the key to development of electronic commerce E-commerce in the telecommunications network to develop. Therefore, the advanced computer network infrastructure and telecommunications policy easing the development of electronic commerce has become a prerequisite. Currently, telecom services, high prices, limited bandwidth, the service is not timely or not reliable and so the development of e-commerce has become a constraint. Speed up the construction of telecommunications infrastructure, to break the telecommunications market monopoly, introduce competition mechanism to ensure fair competition in the telecommunications business, to promote networking, ensure to provide users with low-cost, high-speed, reliable communications services is a good construction target network environment, but also all of the world common task. E-commerce the most prominent problem is to solve the on-line shopping, trading and clearing of security issues, including the establishment of e-commerce trust between all the main issues, namely the establishment of safety certification system (CA) issues; choose safety standards (such as SET , SSL, PKI, etc.) problems; using encryption and decryption method and encryption strength problems. Establishment of security authentication system which is the key. Online trading and traditional face to face or written transactions in different ways, it is transmitted through the network business information and trade activities. The security of online transactions means: Validity: the validity of the contract to ensure online transactions, to prevent system failure, computer viruses, hacker attacks. Confidentiality: the content of the transaction, both transactions account, the password is not recognized by others and stealing. Integrity: to prevent the formation of unilateral transaction information and modify. Therefore, the e-commerce security system should include: secure and reliable communications network to ensure reliable data transmission integrity, prevent viruses, hackers; electronic signatures and other authentication systems; complete data encryption system and so on. .e-commerce security issues facing As e-commerce network is the computer-based, it inevitably faces a number of security issues. (1) Information leak Performance in e-commerce for the leakage of business secrets, including two aspects: the parties are dealing transactions by third parties to steal the contents; transaction to the other party to provide documents used illegal use by third parties. (2) Altered E-commerce information for business performance in the authenticity and integrity issues. Electronic transaction information in the network transmission process may be others to illegally modify, delete or re-changed, so that information about its authenticity and integrity. (3) Identification Without identification, third-party transactions is likely to fake the identity of parties to a deal breaker, damage the reputation of being counterfeit or stolen by one party to the transaction fake results and so on, for identification, the transaction between the two sides can prevent suspicion situation. (4) Computer viruses Computer virus appeared 10 years, a variety of new virus and its variants rapidly increasing, the emergence of the Internet for the spread of the virus has provided the best medium. Many new viruses directly using the network as its transmission, as well as many viruses spread faster through dried networks, frequently causing billions of dollars in economic losses. (5) Hacker With the spread of a variety of application tools, hackers have been popular, and are not in the past; non-computer expert can not be a hacker. Have kicked Yahoos mafia boy did not receive any special training, only a few attacks to the users to download software and learn how to use the Internet on a big dry. .e-commerce security and safety factors Enterprise application security is the most worried about e-commerce, and how to protect the security of e-commerce activities, will remain the core of e-commerce research. As a secure e-commerce system, we must first have a safe, reliable communication network, to ensure that transaction information secure and rapid transmission; second database server to ensure absolute security against hackers break into networks to steal information. E-commerce security technologies include encryption, authentication technology and e-commerce security protocols, firewall technology. (1)encryption technology To ensure the security of data and transactions to prevent fraud, to confirm the true identity of transaction parties, e-commerce to adopt encryption technology, encryption technology is through the use of code or password to protect data security. For encrypted data is called plaintext, specifically through the role of a encryption algorithm, the conversion into cipher text, we will express this change as the cipher text is called encryption, the cipher text by the decryption algorithm to form a clear role in the output of this a process known as decryption. Encryption algorithm known as the key parameters used. The longer the key, the key space is large, traverse the key space the more time spent, the less likely cracked. Encryption technology can be divided into two categories: symmetric encryption and asymmetric encryption. Symmetric encryption to the data encryption standard DES (Data Encryption Standard) algorithm is represented. Asymmetric encryption is usually RSA (Rivets Shamir Aleman) algorithm is represented. (2) authentication Commonly used security authentication technologies: digital signatures, digital certificates, digital time stamp, CA security authentication technology. (3) hacker protection technology Currently, hackers have become the biggest e-commerce security threats, thus preventing hacking network security technology has become the main content, by governments and industry are highly valued. Hacking techniques include buffer overflow attacks, Trojans, port scans, IP fraud, network monitoring, password attacks, and denial of service Dos attacks. At present, people have made many effective anti-hacker technologies, including firewalls, intrusion detection, and network security evaluation techniques. .the future security of e-commerce Increasingly severe security problems, are growing threat to national and global economic security, governments have been based on efforts in the following areas: (1) Strengthen the legislation, refer to the advanced countries have effective legislation, innovative, e-commerce and improve the protection of the laws against cyber-crime security system. (2) Establishment of relevant institutions, to take practical measures to combat cyber crime. Development of the law, the implementing agencies should also be used for its relevant laws, which must establish an independent oversight body, such as the executing agency to implement the law. (3) Increase investment in network security technology; improve the level of network security technology. E-commerce security law is the prerequisite and basis for development and secure e-commerce security technology is a means of protection. There are many security issues are technical reasons, it should increase the technology resources, and continuously push forward the development of old technologies and developing new security technology. (4) To encourage enterprises to protect themselves against Internet crime against. To avoid attack, companies can not hold things to chance, must attach great importance to system vulnerabilities, in time to find security holes to install the operating system and server patches, and network security detection equipment should be used regularly scan the network monitoring, develop a set of complete security protection system to enable enterprises to form a system and combined with the comprehensive protection system. (5) To strengthen international cooperation to strengthen global efforts to combat cyber crime. As e-commerce knows no borders, no geographical, it is a completely open area, so the action against cyber crime e-commerce will also be global. This will require Governments to strengthen cooperation, can not have the saying which goes, regardless of others, cream tile misconception. (6) To strengthen the network of national safety education, pay attention to the cultivation of outstanding computer. . Conclusion E-commerce in China has developed rapidly in recent years, but the security has not yet established. This has an impact on the development of electronic commerce as a barrier. To this end, we must accelerate the construction of the e-commerce security systems. This will be a comprehensive, systematic project involving the whole society. Specifically, we want legal recognition of electronic communications records of the effectiveness of legal protection for electronic commerce; we should strengthen the research on electronic signatures, to protect e-commerce technology; we need to build e-commerce authentication system as soon as possible, to organize protection for electronic commerce. Moreover, for e-commerce features without borders, we should also strengthen international cooperation, so that e-commerce truly plays its role. Only in this way, we can adapt to the times Promoting Chinas economic development; also the only way we can in the economic globalization today, to participate in international competition, and thus gain a competitive advantage. 电子商务中的信息安全问题 一 、引言 电子商务(E-Business)是建立在开放的网络环境上,包括企业(B2B)之间,企业和消费者(B2C)之间的商业交易,与传统商业模式相比,电子商务具有高效、便捷、覆盖范围广的特点和好处。无论如何,这种基于互联网进行开放式数据交换的电子商务存在很大的安全漏洞,安全问题是约束电子商务发展的核心和关键。本篇文章,从系统工程的基本观点和原理出发,分析了当前电子商务所面临的安全威胁,在此基础上从安全技术角度分析电子商务的发展趋势。二、电子商务模式 现代电子商务技术都集中于网络商店的建立和运作。真正在百货商店和网络商店在结构和功能上没有区别,不同点在于它们这些功能、结构的实现方法和商业运作的模式。网上商店从前面看是一种特殊的Web服务器。现代多媒体网站的支持和良好的交互性作为虚拟商店的建立基础,这样客户就可以像在一个真正的超市中推着购物车选择商品,并最后(在收银台)计价付款。这些构成了网上商店的三大软件支柱:商品目录、购物车和客户付款。客户使用电子货币和商店进行交易时必须确保对客户和商店都是是安全可靠的。 而网上商店的背后,企业首先必须拥有产品的存储仓库和管理机构;其次是将网络上销售的产品通过邮寄或其他交付渠道寄送到客户手中;第三,企业也应负责产品的售后服务,这个服务可以通过网络,也可以不通过。网络交易通常是先付款再拿货的交易方式,对顾客而言,其方便之处在于能把购买的商品直接送到自己家里,但难以放心的是,在货物到达顾客手中之前他们不能确认自己手中的究竟是什么。因此,网络商店的信誉和服务质量是影响电子商务成功与否的关键因素。三 、电子商务发展的关键 电子商务是在电信网络上发展起来的。因此,先进的计算机网络基础设施和宽松的电信政策成为电子商务发展的先决条件。目前,电信服务价格高、有限的带宽、服务不及时或不可靠已经成为电子商务发展的制约因素。加快电信基础设施的建设,打破电信市场的垄断机制,引入竞争机制以确保电信业务市场的公平竞争,促进网络联动,确保为用户提供低成本、高速、可靠的通信服务是良好网络环境的建设目标,而且也是全球面临的任务。电子商务最突出的问题是解决网上购物、交易和结算的安全问题,其中包括建立电子商务所有主体间的信任问题。即建立安全认证系统(CA)问题;选择安全标准(例如SET、SSL、PKI等)问题;使用加密和解密方法及加密强度问题。建立安全认证系统是关键。网上交易和传统的面对面或书面交易方式不同,它是通过网络传输商业信息和进行交易活动的。网上交易的安全包问题含:有效性:确保在线交易合同的有效性,防止系统故障、计算机病毒、黑客攻击。机密性:事务的内容,交易账户、密码不被他人识别和盗窃。完整性:防止单边交易信息形成和修改。因此,电子商务安全体系应该包括:安全可靠的通讯网络,以确保数据传输的可靠完整性,防止病毒、黑客入侵;电子签名和其他身份验证系统,完整的数据加密系统等等。 四 、电子商务面临的安全问题 由于电子商务网络是基于计算机基础之上的,所以它不可避免的面临一系列的安全问题。 (1)信息泄露在电子商务中商业机秘的泄露主要包括两个方面:交易双方的交易内容被第三方窃取,交易一方提供给另一方的文件被第三方非法利用。 (2) 窜改电子商务中表现为商业信息的真实性和完整性问题。电子交易信息在网络上进行传递的过程中可能会被他人非法修改,删除或重改,因此威胁到信息的真实性和完整性。(3) 身份认证没有身份认证,第三方可能会伪造交易一方的身份去破坏交易,损害被假冒的声誉或者窃取被假冒方的交易成果等等,进行身份认证,可以防止交易双方互相怀疑的情况。(4)计算机病毒在计算机病毒出现的10年里,各种各样的新病毒及其变体迅速增加,互联网的出现对病毒的传播提供了最好的媒介,许多新病毒直接把网络作为它的传播媒介,也有许多病毒通过干网络快速传播,经常造成数十亿美元的经济损失。 (5)黑客随着各种应用程序工具的传播,黑客已经很流行,而不是过去那样了,非计算机专家就不能成为黑客。入侵雅虎的黑手党男孩没有接受过任何特殊训练,只是向少数攻击用户下载了软件并学习如何使用,就在互联网上大干一场。五、电子商务安全与安全因素 企业应用电子商务中的安全问题是令人最担心的,如何保护电子商务活动的安全,仍将是电子商务研究的核心。作为一个安全的电子商务系统,我们首先必须有一个安全、可靠的通信网络,以保证交易信息安全、快速的传播;第二是数据库服务器,以确保绝对安全防止黑客入侵网络盗取信息。电子商务安全技术包括加密、认证技术和电子商务安全协议,防火墙技术。 (1)加密技术为了确保数据和交易的安全,防止欺诈,确认交易当事人身份的真实性,电子商务采用了加密技术。加密技术是通过使用代码或密码来保护数据的安全。要加密的数据称为明文,明文通过某种加密算法加密,转换成密文,我们把明文转化成密文的这种过程叫做加密。将密文通过解密算法转化成明文并输出的过程就是解密。使用加密算法的关键参数。密钥越长,密钥空间越大,遍历密钥空间花费的时间越多,就越有可能破裂。加密技术可以分为两类:对称加密和非对称加密。对称加密的数据加密标准算法DES(数据加密标准)表示。非对称加密通常是RSA(铆钉沙米尔Aleman)算法为代表。 (2)认证技术常用的安全认证技术:数字签名、数字证书、数字时间戳、CA安全认证技术。(3)黑客保护技术目前,黑客已经成为电子商务最大的安全威胁,因此防止黑客攻击技术已成为网络安全主要的内容,需要政府和业界的高度重视。黑客技术包括缓冲区溢出攻击、木马、端口扫描、IP欺诈、网络监控、密码攻击和拒绝服务Dos攻击。目前,人们有许多有效的反对黑客的技术,包括防火墙、入侵检测和网络安全评估技术。六、未来电子商务的安全日益严重的安全问题,越来越威胁着国家和全球的经济安全,政府在一些基础上在以下领域作出努力:(1)加强立法,参考发达国家已经的有效立法,加强创新,提高保护电子商务和对抗网络犯罪的法律保障体系。(2)成立相关机构,采取切实可行的措施打击网络犯罪行为。制定了法律,就要有实施机构将其相关法律实施,我们必须建立独立的监督机构,例如执行机构去实施法律。(3)增加对网络安全技术的投资,提高网络安全技术水平。电子商务安全相关法律是电子商务发展的前提和基础,而安全技术是保护电子商务安全的的一种手段。有许多安全问题存在技术原因,它应该增加技术资源,不断推动旧技术向前发展并开发新的安全技术。 (4)鼓励企业进行自身保护,防范网络犯罪侵害。为了避免攻击,公司不能抱有侥幸心理,必须高度重视系统漏洞,及时给发现有安全漏洞的操作系统及服务器安装补丁程序,网络安全检测设备应经常被用来对网络进行扫描监控,开发一套完整的安全保护系统,确保企业形成一个制度与技术结合的综合性保护系统。(5)加强国际合作,加强全球打击网络犯罪力度。电子商务是没有国界的,没有地域的,这是一个完全开放的领域,所以反对电子商务网络犯罪也将是全球性的。这就需要政府之间加强合作,不能有如谚语“各扫门前雪,不管他人瓦上霜”所说的错误想法。 (6)要加强国家的网络安全教育,注意培养杰出的计算机人才。七、结论 近年来电子商务在中国发展迅速,但安全性尚未建立,这将成为影响电子商务发展的一个障碍。 为此,我们必须加快电子商务安全系统的建设。这将是一个全面的、涉及整个社会的系统工程。具体地说,我们想要法律认可电子通讯记录的的法律效力,用法律保护电子商务;我们应该加强对电子签名的研究,从而来保护电子商务技术,我们需要尽快建立电子商务认证系统,组织对电子商务的保护。此外,对于电子商务无国界的特点,我们还应该加强国际合作,那样电子商务才能真正发挥其作用。只有这样,我们才能适应时代促进中国的经济发展,也只有这样,我们才能在经济全球化的今天,参与国际竞争,从而获得竞争优势。
展开阅读全文