Security challenges and solutions for e-business

The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyber attacks. This paper outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are: (1) biometrics for authentication; parallel processing to increase power and speed of defenses; (2) data mining and machine learning to identify attacks; (3) peer-to-peer security using blockchains; 4) enterprise security modelling and security as a service; and (5) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated

Network Security Concepts, Dangers, and Defense Best Practical

In today's highly interconnected world, network security has become a critical aspect of protecting organizations from cyber-attacks. The increasing sophistication of attackers and their ability to exploit software and firmware vulnerabilities pose significant dangers to the security of networks. However, many organizations often neglect the essential steps required to secure their networks, leading to an increased risk of security breaches. In this research article, we aim to address this issue by investigating network security concepts, potential dangers, and practical defense strategies. We begin by exploring the different types of cyber-attacks and their sources, highlighting the various ways attackers exploit network vulnerabilities. We also examine the reasons why organizations often overlook network security and the consequences of not prioritizing it. To better understand the complexity of network security, we categorize the different security concerns using the CIA (confidentiality, integrity, and availability) triangle. This approach allows us to identify the various areas of vulnerability and their potential impact on network security. Next, we focus on the most crucial basic concepts and steps involved in various network security operations. We outline the best practices and practical approaches organizations can take to improve their network security, including implementing security policies and procedures, using encryption and authentication methods, and conducting regular security assessments. By highlighting the importance of network security and providing practical guidance on how organizations can defend against cyber-attacks, we hope to raise awareness and help prevent security breaches. Keywords: Network, Internet, Security, Security Threats, IP Address, Network Attack, Attackers DOI: 10.7176/CEIS/14-2-03 Publication date:March 31st 202

A Comprehensive Exploration of Privacy and Security Mechanisms in E-commerce

This research is all about making online shopping, or e-commerce, safer. We know that buying and selling things on the internet is easy, but we need to make sure our information stays safe. The study looks at the problems we face, like attacks that try to make websites stop working, unauthorized access to our information, and stealing or fraud. It talks about how important it is to have strong security measures to deal with these risks. It suggests different safety measures like improving how websites talk to each other using SSL/TLS, using strong encryption to protect user information, adding an extra layer of verification (Two-Factor Authentication), and making sure online transactions are secure. It also looks at protecting against specific types of attacks like SQL injection, which is when unauthorized individuals try to mess with a website's database. The study talks about how important it is for online stores to have clear privacy rules, let people shop without giving away too much personal information, and make sure payments are safe. It wants to give practical advice to online stores to make their privacy and security better. The research knows that security problems keep changing, so it says online stores should keep updating how they protect themselves. The primary inquiry it seeks to address is how to make the e-commerce experience safer for all users

Current Cyber Security Challenges

We have experienced exponential technical improvement during the last ten years. Cybersecurity issues are a result of the cyber world\u27s increasing growth. Due to the way cybercriminals have adjusted their tactics to the new environment, there are now significant CS challenges. More than 20 years later, the quantity and severity of cybercrimes have skyrocketed in just a few years as a result of previously unheard-of occurrences like the COVID-19 epidemic, contested elections, and rising geopolitical upheaval. Over time, it is likely that security risks will advance in sophistication and cost us more money: according to analysts, the worldwide cost of cybercrime will rise from $3 trillion in 2015 to$10.5 trillion in 2025, a 15% increase. The secret to averting a CS assault is proactive protection. Discover the top CS risks that, according to experts, the globe will face in 2022, along with what you can do to prevent yourself and your company from becoming a target. As a result, the sector is seeing an increase in demand for specialists who can decisively address security issues, creating the foundation for a safer cyberspace. If you are interested in developing a career in this field, you might think about checking out these CS courses. You could also look at the premium selection of CS courses

CROO: A universal infrastructure and protocol to detect identity fraud

Identity fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. We propose CROO, a universal (i.e. generic) infrastructure and protocol to either prevent IDF (by detecting attempts thereof), or limit its consequences (by identifying cases of previously undetected IDF). CROO is a capture resilient one-time password scheme, whereby each user must carry a personal trusted device used to generate one-time passwords (OTPs) verified by online trusted parties. Multiple trusted parties may be used for increased scalability. OTPs can be used regardless of a transaction’s purpose (e.g. user authentication or financial payment), associated credentials, and online or on-site nature; this makes CROO a universal scheme. OTPs are not sent in cleartext; they are used as keys to compute MACs of hashed transaction information, in a manner allowing OTP-verifying parties to confirm that given user credentials (i.e. OTP-keyed MACs) correspond to claimed hashed transaction details. Hashing transaction details increases user privacy. Each OTP is generated from a PIN-encrypted non-verifiable key; this makes users’ devices resilient to off-line PIN-guessing attacks. CROO’s credentials can be formatted as existing user credentials (e.g. credit cards or driver’s licenses)

Enhancing User Authentication with Facial Recognition and Feature-Based Credentials

This research proposes a novel and trustworthy user authentication method that creates individualized and trusted credentials based on distinctive facial traits using facial recognition technology. The ability to easily validate user identification across various login methods is provided by this feature. The fundamental elements of this system are face recognition, feature extraction, and the hashing of characteristics to produce usernames and passwords. This method makes use of the OpenCV library, which is free software for computer vision. Additionally, it employs Hashlib for secure hashing and Image-based Deep Learning for Identification (IDLI) technology to extract facial tags. For increased security and dependability, the system mandates a maximum of ten characters for users and passwords. By imposing this restriction, the system increases its resilience by reducing any possible weaknesses in its defense. The policy also generates certificates that are neatly arranged in an Excel file for easy access and management. To improve user data and provide reliable biometric authentication, this study intends to create and implement a recognition system that incorporates cutting-edge approaches such as face feature extraction, feature hashing, and password creation. Additionally, the system has robust security features using face recognition

Methods and techniques to protect against shoulder surfing and phishing attacks

Identity theft refers to the preparatory stage of acquiring and collecting someone else's personal information for criminal purposes. During the past few years, a very large number of people suffered adverse consequences of identity theft crimes. In this thesis, we investigate different methods and techniques that can be used to provide better protection against identity theft techniques that have some hi-tech relevance such as shoulder surfing of user's passwords and personal identification numbers (PINs), phishing and keylogging attacks. To address the shoulder surfing threat to traditional PIN entry schemes, two new PIN entry schemes are proposed. Both schemes achieve a good balance between security and usability. In addition, our analysis shows that these two schemes are resilient to shoulder surfing, given that the attacker has a limited capability in recording the login process. We also propose a click-based graphical password authentication scheme. This scheme aims at improving the resistance to shoulder surfing attacks while maintaining the merits of the click-based authentication solutions. It is also resilient to shoulder surfing attacks even if the attacker can record the entire login process for one time with a video device. Finally, in order to defend against online phishing attacks, we present a framework to strengthen password authentication using mobile devices and browser extensions. The proposed authentication framework produces a different password depending on the domain name of the login site. Besides defending against phishing attacks, this solution does not require any modifications at the server sid

A survey on security issues and solutions at different layers of Cloud computing

Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment

The Future of Cybercrime: AI and Emerging Technologies Are Creating a Cybercrime Tsunami

This paper reviews the impact of AI and emerging technologies on the future of cybercrime and the necessary strategies to combat it effectively. Society faces a pressing challenge as cybercrime proliferates through AI and emerging technologies. At the same time, law enforcement and regulators struggle to keep it up. Our primary challenge is raising awareness as cybercrime operates within a distinct criminal ecosystem. We explore the hijacking of emerging technologies by criminals (CrimeTech) and their use in illicit activities, along with the tools and processes (InfoSec) to protect against future cybercrime. We also explore the role of AI and emerging technologies (DeepTech) in supporting law enforcement, regulation, and legal services (LawTech)

Enhancing Web Browsing Security

Web browsing has become an integral part of our lives, and we use browsers to perform many important activities almost everyday and everywhere. However, due to the vulnerabilities in Web browsers and Web applications and also due to Web users\u27 lack of security knowledge, browser-based attacks are rampant over the Internet and have caused substantial damage to both Web users and service providers. Enhancing Web browsing security is therefore of great need and importance.;This dissertation concentrates on enhancing the Web browsing security through exploring and experimenting with new approaches and software systems. Specifically, we have systematically studied four challenging Web browsing security problems: HTTP cookie management, phishing, insecure JavaScript practices, and browsing on untrusted public computers. We have proposed new approaches to address these problems, and built unique systems to validate our approaches.;To manage HTTP cookies, we have proposed an approach to automatically validate the usefulness of HTTP cookies at the client-side on behalf of users. By automatically removing useless cookies, our approach helps a user to strike an appropriate balance between maximizing usability and minimizing security risks. to protect against phishing attacks, we have proposed an approach to transparently feed a relatively large number of bogus credentials into a suspected phishing site. Using those bogus credentials, our approach conceals victims\u27 real credentials and enables a legitimate website to identify stolen credentials in a timely manner. to identify insecure JavaScript practices, we have proposed an execution-based measurement approach and performed a large-scale measurement study. Our work sheds light on the insecure JavaScript practices and especially reveals the severity and nature of insecure JavaScript inclusion and dynamic generation practices on the Web. to achieve secure and convenient Web browsing on untrusted public computers, we have proposed a simple approach that enables an extended browser on a mobile device and a regular browser on a public computer to collaboratively support a Web session. A user can securely perform sensitive interactions on the mobile device and conveniently perform other browsing interactions on the public computer