CIS 243 Stratford Univesrsity Usability Factor in E Commerce Chapter Summary

Question Description

I’m working on a Economics question and need guidance to help me study.

# Reviewing  the section of chapter assigned 
Write a summary document in Word Format for about 1.5 – 2 pages long, on importance of Usability Factor in E-Commerce and factors involved in it.

2 attachmentsSlide 1 of 2attachment_1attachment_1attachment_2attachment_2.slider-slide > img { width: 100%; display: block; }
.slider-slide > img:focus { margin: auto; }

Unformatted Attachment Preview

CHAPTER 10
Electronic
Commerce
Security
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a. publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
Learning Objectives
In this chapter, you will learn:
• What security risks arise in online business and how
to manage them
• How to create a security policy
• How to implement security on Web client computers
• How to implement security in the communication
channels between computers
• How to implement security on Web server computers
• What organizations promote computer, network, and
Internet security
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
2
Introduction
• Proper use of password protection is an important
element in maintaining security
– Most people unwilling to remember numerous
complex passwords and change them often
• Password management tools are popular solutions
for maintaining multiple complex passwords
– Requires a single, master password for access
– Weak link when hackers access master passwords
• Encryption is an important safeguard to help address
attacks
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
3
Online Security Issues Overview
• Individuals and businesses have had concerns
about security since Internet became a business
communications tool
– Increasing with steady increase in sales and all types
of financial transactions
• Chapter topics
– Key security problems
– Solutions to those problems
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
4
Origins of Security on Interconnected
Computer Systems
• Modern computer security techniques developed by
US Department of Defense
• “Orange Book”: rules for mandatory access control
• Business computers initially adopted military’s
security methods
– Networks and other factors have increased number of
users accessing computers
– Computers now transmit valuable information
• Changes have made the need for comprehensive
security risk controls more important than ever
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
5
Computer Security and Risk Management
• Asset protection from unauthorized access, use,
alteration, and destruction
– Physical security includes tangible protection devices
• Alarms, guards, fireproof doors, security fences, safes
or vaults, and bombproof buildings
– Logical security is protection using nonphysical means
• Threat is anything posing danger to computer assets
– Countermeasures are procedures (physical or logical)
that recognizes, reduces, and eliminates threats
• Extent and expense depends on importance of asset at
risk
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
6
Computer Security and Risk Management
(cont’d.)
• Risk management model: four general actions based
on impact (cost) & probability of physical threat
– Also applicable for protecting Internet and electronic
commerce assets from physical and electronic threats
– Eavesdropper (person or device) that listens in on and
copies Internet transmissions
– Crackers or hackers obtain unauthorized access to
computers and networks
• White hat (good) and black hat (bad) hackers
• Companies must identify risks, determine how to
protect assets, and calculate how much to spend
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
7
© Cengage Learning 2017
FIGURE 10-1 Risk management model
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
8
Elements of Computer Security
• Secrecy refers to protecting against unauthorized
data disclosure and ensuring data source
authenticity
• Integrity is preventing unauthorized data modification
– Integrity violation occurs when an e-mail message is
intercepted and changed before reaching destination
• Man-in-the-middle exploit
• Necessity refers to preventing data delays or denials
(removal)
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
9
Establishing a Security Policy
• Written statement of: assets to protect and why, who
is responsible for protection and acceptable and
unacceptable behaviors
– Addresses physical and network security, access
authorizations, virus protection, disaster recovery
• Steps to create security policy
–
–
–
–
Determine which assets to protect from which threats
Determine access needs to various system parts
Identify resources to protect assets
Develop written security policy
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
10
Establishing a Security Policy (cont’d.)
• Once policy is written and approved resources are
committed to implement the policy
• Comprehensive security plan protects system’s
privacy, integrity, availability and authenticates users
– Selected to satisfy Figure 10-2 requirements
– Provides a minimum level of acceptable security
• All security measures must work together to prevent
unauthorized disclosure, destruction, or modification
of assets
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
11
© Cengage Learning 2017
FIGURE 10-2 Requirements for secure electronic commerce
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
12
Establishing a Security Policy (cont’d.)
• Security policy points
– Authentication: Who is trying to access site?
– Access control: Who is allowed to log on to and
access site?
– Secrecy: Who is permitted to view selected
information?
– Data integrity: Who is allowed to change data?
– Audit: Who or what causes specific events to occur,
and when?
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
13
Security for Client Devices
• Threats to computers, smartphones, and tablets
– Originate in software and downloaded Internet data
– Malevolent server site masquerades as legitimate
Web site
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
14
Cookies and Web Bugs
• Internet connection between Web clients and servers
accomplished by multiple independent transmissions
– No continuous connection (open session) maintained
between any client and server
• Cookies are small text files Web servers place on
Web client to identify returning visitors
– Allow shopping cart and payment processing functions
without creating an open session
– Session cookies exist until client connection ends
– Persistent cookies remain indefinitely
– Electronic commerce sites use both
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
15
Cookies and Web Bugs (cont’d.)
• Cookies may be categorized by their source
– First-party cookies are placed on client computer by
the Web server site
– Third-party cookies originate on a Web site other than
the site being visited
• Disable cookies entirely for complete protection
– Useful cookies blocked (along with others) so that
information is not stored
– Full site resources not available if cookies are not
allowed
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
16
Cookies and Web Bugs (cont’d.)
• Web browser cookie management functions refuse
only third-party cookies or review each cookie
before allowing
– Settings available with most Web browsers
• Web bug or Web beacon is a tiny graphic that thirdparty Web site places on another site’s Web page
– Provides method for third-party site to place cookie on
visitor’s computer
– Also called “clear GIFs” or “1-by-1 GIFs” because
graphics created in GIF format with a color value of
“transparent” and as small as 1 pixel by 1 pixel
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
17
© Cengage Learning 2017
FIGURE 10-3 Mozilla Firefox dialog box for managing stored cookies
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
18
Active Content
• Active content programs run when client device
loads Web page
– Example actions: play audio, display moving
graphics, place items into shopping cart
– Moves processing work from server to client device
but can pose a threat to client device
• Methods to deliver active content
– Cookies, Java applets, JavaScript, VBScript, ActiveX
controls, graphics, Web browser plug-ins,
e-mail attachments
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
19
Active Content (cont’d.)
• Scripting languages provide executable script
– Examples: JavaScript and VBScript
• Applets are small application programs that typically
runs within Web browser
• Most browsers include tools limiting applets’ and
scripting language actions by running in a sandbox
• ActiveX controls are objects containing programs or
properties placed on Web pages to perform tasks
– Run only on Windows operating systems
– Give full access to client system resources
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
20
Active Content (cont’d.)
• Crackers can embed malicious active content
– Trojan horse is a program hidden inside another
program or Web page that masks its true purpose
– May result in secrecy and integrity violations
– Zombie secretly takes over another computer to
launch attacks on other computers
• Botnet (robotic network, zombie farm) is all controlled
computers act as an attacking unit
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
21
Graphics and Plug-Ins
• Graphics, browser plug-ins, and e-mail attachments
can harbor executable content
– Embedded code can harm client computer
• Browser plug-ins (programs) enhance browser
capabilities bit can pose security threats
– Plug-ins executing commands buried within media
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
22
Viruses, Worms, and Antivirus Software
• Programs automatically execute associated
programs to display e-mail attachments
– Macro viruses in attached files can cause damage
• Virus is software that attaches itself to host program
and causes damage when program is activated
– Worm is a virus that replicates itself on computers it
infects and spreads quickly through the Internet
– Macro virus is a small program embedded in file
• First major virus was I LOVE YOU in 2000
– Spread to 40 million computers in 20 countries and
caused estimated $9 billion in damages
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
23
© Cengage Learning 2017
FIGURE 10-4
Early computer
viruses, worms,
and Trojan
horses
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
24
Viruses, Worms, and Antivirus Software
(cont’d.)
• 2001 Code Red and Nimda: multivector virus-worm
– Entered computer system in several different ways
and caused billions in damages
– 2003: New version of Code Red (Bugbear) checked
for antivirus software
• Antivirus software detects viruses and worms
– Deletes or isolates them on client computer
• 2008: Conficker virus which continues to be a
concern because it can reinstall itself after removal
• 2010 & 2011: New and more Trojan combinations
– Some targeted bank accounts
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
25
© Cengage Learning 2017
FIGURE 10-5
Computer
viruses, worms,
and Trojan
horses: 20002007
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
26
© Cengage Learning 2017
FIGURE 10-5 Computer viruses, worms, and Trojan horses: 2000-2007
(cont’d)
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
27
Viruses, Worms, and Antivirus Software
(cont’d.)
• 2013: Ransomware (Cryptolocker) encrypted files
and demanded payment for keys to unlock
– Perpetrators got away with more than $3 million
– 2015: New version attached itself to games
• Companies such as Symantec and McAfee track
viruses and sell antivirus software
– Data files must be updated regularly so that newest
viruses are recognized and eliminated
• Some Web e-mail systems such as Yahoo! Mail and
Gmail automatically scan attachments before
downloading
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
28
© Cengage Learning 2017
FIGURE 10-6
Computer
viruses, worms,
and Trojan
horses: 2008 2015
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
29
Digital Certificates
• Digital certificate is an e-mail attachment or program
embedded in Web page that verifies identity
– Contains a means to send encrypted communication
– Used to execute online transactions, send encrypted
email and make electronic funds transfers
• Certification authority (CA) issues digital certificates
to organizations, individuals with six elements
– Owner’s identification and public key, validity dates,
serial number, issuer name and digital signature
• Key is a long binary number used with encryption
algorithm to “Lock” protected message characters
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
30
Digital Certificates (cont’d.)
• Identification requirements vary between CAs
– Driver’s license, notarized form, fingerprints
• More stringent rules adopted in 2008 after hackers
obtained falsified digital certificates
– Secure Sockets Layer-Extended Validation (SSL-EV)
requires extensive confirmations
• Annual fees range from $100 to more than $1000
• Digital certificates expire after period of time
– Provides protection by requiring credentials be
resubmitted for evaluation
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
31
Steganography
• Process of hiding information within another piece of
information whcih can be used for malicious
purposes
• Provides a way for hiding an encrypted file within
another file
– Casual observer cannot detect anything important in
container file
– Two-step process where encrypting file protects it
from being read and steganography makes it invisible
• Al Qaeda used steganography to hide attack orders
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
32
Physical Security for Client Devices and
Client Security for Mobile Devices
• Client computers require physical security
– Fingerprint readers: more protection than passwords
– Biometric security devices use an element of a
person’s biological makeup to provide identification
• Signature recognition, eye or palm scanners, veins
• Access passwords help secure mobile devices
– Remote wipe clears all personal data and can be
added as a app or done through e-mail
• Many users install antivirus software
– Rogue apps contain malware or collect information
and forward to perpetrators
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
33
Communication Channel Security and
Secrecy Threats
• Internet was designed to provide redundancy, not to
be secure
– Remains unchanged from original insecure state
• Secrecy is the prevention of unauthorized
information disclosure
– Technical issue requiring sophisticated physical and
logical mechanisms such as encryption of emails
• Privacy is the protection of individual rights to
nondisclosure which is a legal matter
– Should supervisors be allowed to randomly read
employee emails?
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
34
Secrecy Threats (cont’d.)
• Theft of sensitive or personal information is a
significant electronic commerce threat
– Sniffer programs record information passing through
computer or router handling Internet traffic
– Backdoor allows users to run a program without going
through the normal authentication procedures
• May be left by programmers accidently or intentionally
– Stolen corporate info (Eavesdropper example)
• Several companies offer anonymous Web services
that hide personal information from sites visited
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
35
Integrity Threats
• Active wiretapping when an unauthorized party alters
message information stream
– Cybervandalism is electronic defacing of a Web site
– Masquerading (spoofing) is pretending to be someone
else or a fake Web site representing itself as original
• Domain name servers (DNSs) are Internet
computers that link domain names to IP addresses
– Perpetrators substitute their Web site address in place
of real one
• Phishing expeditions trick victims into disclosing
confidential info (banking and payment systems)
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom
use.
36
Necessity Threats
• Delay, denial, and denial-of-service (DoS) attacks
that disrupt or deny normal computer processing
– Intolerably slow-speed computer processing
– Renders service unusable or unattractive
– Distributed denial-of-service (DDoS) attack uses
botnets to launch simultaneous attack on a Web site
• DoS attacks can remove information from a
transmission or file
– Quicken accounting program diverted money to
perpetrator’s bank account
– Overwhelmed servers and stopped customers access
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
37
Threats to the Physical Security of Internet
Communications Channels
• Internet’s packet-based network design precludes it
from being shut down by attack on single
communications link
• Individual user’s Internet service can be interrupted
– Destruction of user’s Internet link
• Larger companies, organizations use more than one
link to main Internet backbone
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
38
Threats to Wireless Networks
• Wireless Encryption Protocol (WEP) is a set of rules
for encrypting transmissions from the wireless
devices to the wireless access points (WAPs)
• Wardrivers attackers drive around in cars and
search for accessible networks
– Warchalking is placing a chalk mark on buildings
when open networks are found
• Companies can avoid attacks by turning on WEP
and changing default login and password settings
– Best Buy wireless point-of-sale (POS) failed to enable
WEP and customer intercepted data
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
39
Encryption Solutions and Encryption
Algorithms
• Encryption is coding information using mathematically
based program and a secret key
– Cryptography is the science of studying encryption
• Converts text that is visible but has no apparent meaning
• Encryption programs transforms normal text (plain
text) into cipher text (unintelligible characters string)
– Encryption algorithm is the logic behind the program
– Includes mathematics to do transformation
• Decryption program is an encryption-reversing
procedure that decodes or decrypts messages
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
40
Encryption Algorithms and Hash Coding
• In the U.S. the National Security Agency controls
dissemination which banned publication of details
– Illegal for U.S. companies to export
• Encryption algorithm property is that message
cannot be deciphered without key used to encrypt it
• Hash coding uses a hash algorithm to calculate a
number (hash value) from a message
– Unique message fingerprint
– Can determine if message was altered during transit
• Mismatch between original hash value and receiver
computed value
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
41
Asymmetric Encryption
• Public-key encryption encodes messages using two
mathematically related numeric keys
– Public key is freely distributed and encrypts
messages using encryption algorithm
– Private key is secret and belongs to key owner
• Decrypts all messages received
• Pretty Good Privacy (PGP) is a popular public-key
encryption technology
– Uses several different encryption algorithms
– Free for individuals and sold to businesses
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
42
Symmetric Encryption
• Private-key encryption that encodes message with a
single numeric key to encode and decode data
– Both sender and receiver must know the key
– Very fast and efficient but does not work well in large
environments because of number of keys required
• Data Encryption Standard (DES) was first U.S.
government private-key encryption system
– Triple Data Encryption Standard (Triple DES, 3DES)
was a stronger version of DES
• Advanced Encryption Standard (AES) is a more
secure standard that is commonly used today
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
43
Comparing Asymmetric and Symmetric
Encryption Systems
• Advantages of public-key (asymmetric) systems
– Small combination of keys required
– No problem in key distribution
– Implementation of digital signatures possible
• Disadvantage is that public key systems are
significantly slower than private-key systems
• Public-key systems complement rather than replace
private-key systems
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
44
© Cengage Learning 2017
FIGURE 10-7
Comparison of
(a) hash coding, (b)
private-key, and (c)
public-key encryption
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-