Students can Download Computer Applications Chapter 17 E-Commerce Security Systems Questions and Answers, Notes Pdf, Samacheer Kalvi 12th Computer Applications Book Solutions Guide Pdf helps you to revise the complete Tamilnadu State Board New Syllabus and score more marks in your examinations.
Tamilnadu Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems
Samacheer Kalvi 12th Computer Applications E-Commerce Security Systems Text Book Back Questions and Answers
PART – I
I. Choose The Correct Answer
Question 1.
In E-Commerce, when a stolen credit card is used to make a purchase it is termed as ………………………
(a) Friendly fraud
(b) Clean fraud
(c) Triangulation fraud
(d) Cyber squatting
Answer:
(b) Clean fraud
Question 2.
Which of the following is not a security element involved in E-Commerce?
(a) Authenticity
(b) Confidentiality
(c) Fishing
(d) Privacy
Answer:
(c) Fishing
Question 3.
Asymmetric encryption is also called as ……………………..
(a) Secure Electronic Transaction
(b) Certification Authority
(c) RSA algorithm
(d) Payment Information
Answer:
(c) RSA algorithm
Question 4.
The security authentication technology does not include
(i) Digital Signatures
(ii) Digital Time Stamps
(iii) Digital Technology
(iv) Digital Certificates
(a) (i), (ii) & (iv)
(b) (ii) & (iii)
(c) (i), (ii) & (iii)
(d) all the above
Answer:
(b) (ii) & (iii)
Question 5.
PGP stands for
(a) Pretty Good Privacy
(b)Pretty Good Person
(c) Private Good Privacy
(d) Private Good Person
Answer:
(a) Pretty Good Privacy
Question 6.
…………………… protocol is used for securing credit cards transactions via the Internet
(a) Secure Electronic Transaction (SET)
(b) Credit Card Verification
(c) Symmetric Key Encryption
(d) Public Key Encryption
Answer:
(a) Secure Electronic Transaction (SET)
Question 7.
Secure Electronic Transaction (SET) was developed in
(a) 1999
(b) 1996
(c) 1969
(d) 1997
Answer:
(b) 1996
Question 8.
The websites secured by Secure Socket Layer protocols can be identified using
(a) html://
(b) http://
(c) htmls://
(d) https://
Answer:
(d) https://
Question 9.
3-D Secure, a protocol was developed by
(a) Visa
(b) Master
(c) Rupay
(d) PayTM
Answer:
(a) Visa
Question 10.
Which of the following is true about Ransomware
(a) Ransomware is not a subset of malware
(b) Ransomware deletes the file instantly
(c) Typopiracy is a form of ransomware
(d) Hackers demand ransom from the victim
Answer:
(d) Hackers demand ransom from the victim
II. Short Answers
Question 1.
Write about information leakage in E-Commerce?
Answer:
The leakage of trade secrets in E-Commerce mainly includes two aspects:
- The content of the transaction between the vendor and customer is stolen by a third party.
- The documents provided by the merchant to the customer or vice versa are illegally used by another.
This intercepting and stealing of online documents is called information leakage.
Question 2.
Write a short note on typo piracy?
Answer:
Typopiracy:
- Typopiracy is a variant of Cyber Squatting. Some fake websites try to take advantage of users’ common typographical errors in typing a website address and direct users to a different website.
- Such people try to take advantage of some popular websites to generate accidental traffic for their websites, e.g. www.goggle.com,www.faceblook.com
Question 3.
Define non-repudiation?
Answer:
- It gives Prevention against violation agreement after the deal.
- It ensures that the signer who digitally signed the document cannot deny having signed it.
Question 4.
List the different types of security technologies in E-Commerce?
Answer:
- Encryption technology is an effective information security protection.
- It is defined as converting a Plaintext into meaningless Ciphertext using an encryption algorithm thus ensuring the confidentiality of the data.
- The encryption or decryption process uses a key to encrypt or decrypt the data.
Question 5.
Write about digital signature?
Answer:
A digital signature is a mechanism that is used to verify that a particular digital document, message or transaction is authentic.
PART – III
III. Explain in Brief Answer
Question 1.
Write a note on certification authorities (CA)?
Answer:
Digital certificates are issued by recognized Certification Authorities (CA). When someone requests a digital certificate, the authority verifies the identity of the requester, and if the requester fulfills all requirements, the authority issues it. When the sender uses a certificate to sign a document digitally, the receiver can trust the digital signature because he trusts that CA has done their part verifying the sender’s identity.
Question 2.
List some E-Commerce Security Threats?
Answer:
- Information leakage
- Tampering
- Payment frauds:
- Malicious code threats:
- Distributed Denial of Service (DDoS) Attacks
- Cyber Squatting
- Typopiracy
Question 3.
Differentiate asymmetric and symmetric algorithms?
Answer:
Symmetric Key Encryption:
- The same key is used for both encryption and decryption
- Speed of encryption or decryption is very fast
- Plain text and ciphertext are of the same size
- Algorithms like DES, AES, RC4 uses symmetric key encryption
- Provides confidentiality
- The number of key used grows exponentially with the number of users
Asymmetric Key Encryption:
- Different keys are used for encryption and decryption
- Speed of encryption or decryption is comparatively slow
- The size of ciphertext is always greater than plain text.
- Algorithms like RSA, ECC, DSA use asymmetric key encryption
- Provides confidentiality, authenticity, and non-repudiation
- The number of key used grows linearly with the number of users
Question 4.
Write a note on PGP?
Answer:
- Pretty Good Privacy (PGP):
- Phil Zimmermann developed PGP in1991.
- It is a decentralized encryption program that provides cryptographic privacy and authentication for data communication.
- PGP encryption uses a serial combination of hashing,, data compression, symmetric-key cryptography, and asymmetric-key cryptography and works on the concept of “web of trust”.
Question 5.
Explain 3D secure payment protocols?
Answer:
3-D Secure is a secure payment protocol on the Internet. It was developed by Visa to increase the level of transaction security, and it has been adopted by MasterCard. It gives a better authentication of the holder of the payment card, during purchases made on websites. The basic concept of this (XML-based) protocol is to link the financial authorization process with an online authentication system. This authentication model comprises 3 domains (hence the name 3D) which are:
- The Acquirer Domain
- The Issuer Domain
- The interoperability domain.
PART – IV
IV. Explain in detail
Question 1.
Write about dimensions of E-Commerce Security?
Answer:
- As the security issue is the most worrying issue for E-Business, ensuring the security of E-Commerce activities has become the core research field of E-Commerce.
The following are some of the security elements involved in E-Commerce.
- Authenticity: Conforming genuineness of data shared.
- Avaílability: Prevention against data delay or removal.
- Completeness: Unification of all business information.
- Confidentiality: Protecting data against unauthorized disclosure.
- Effectiveness: Effective handling of hardware, software, and data.
- Integrity: Prevention of the data being unaltered or modified.
- Non-repudiation: Prevention against violation agreement after the deal.
- Privacy: Prevention of customers’ personal data being used by others.
- Reliability: Providing a reliable identification of individuals or businesses.
- Review ability: Capability of monitoring activities to audit and track the operations.
Question 2.
Explain encryption technology?
Answer:
Encryption technology:
Encryption technology is an effective information security protection. It is defined as converting a Plaintext into meaningless Ciphertext using an encryption algorithm thus ensuring the confidentiality of the data. The encryption or decryption process use a key to encrypt or decrypt the data. At present, two encryption technologies are widely used. They are a symmetric key encryption system and an asymmetric key encryption system.
Symmetric key encryption:
The Data Encryption Standard (DES) is a Symmetric-key data encryption method. It was introduced in America in the year 1976, by Federal Information Processing Standard (FIPS).
DES is the typical block algorithm that takes a string of bits of cleartext (plaintext) with a fixed length and, through a series of complicated operations, transforms it into another encrypted text of the same length. DES also uses a key to customize the transformation, so that, in theory, the algorithm can only be deciphered by people who know the exact key that has been used for encryption. The DES key is apparently 64 bits, but in fact the algorithm uses only 56. The other eight bits are only used to verify the parity and then it is discarded.
Today, it is considered that DES is not safe for many applications, mainly because of its relatively smaller key size (56-bit). But the key length can be easily increased by multiple use of the DES, described as Triple-DES, also known as TDES, 3DES or DESede.
Asymmetric or Public key encryption:
Asymmetric encryption also called as RSA (Rivest-Shamir-Adleman) algorithm. It uses public-key authentication and digital signatures. Until 1970s, there were only symmetric cryptosystems in which transmitter and receiver must have the same key. This raises the problem of key exchange andJcey management.
Unlike a symmetric encryption, the communicating parties need not know other’s private- key in asymmetric encryption. Each user generates their own key pair, which consists of a private key and a public key. A public-key encryption method is a method for converting a plaintext with a public key into a ciphertext from which the plaintext can be retrieved with a private key.
Question 3.
Differentiate digital signatures and digital certificates?
Answer:
Digital signature:
- A digital signature is a mechanism that is used to verify that a particular digital document, message or transaction is authentic.
- Digital signatures are used to verify the trustworthiness of the data being sent
- Digital signature is to ensure that data remains secure from the point it was issued and it was not modified by a third party.
- It provides authentication, non-repudiation, and integrity
- A digital signature is created using a Digital Signature Standard (DSS). It uses an SHA- 1 or SHA-2 algorithm for encrypting and decrypting the message.
- The document is encrypted at the sending end and decrypted at the receiving end using asymmetric keys.
Digital certificate:
- A digital certificate is a computer file which officially approves the relation between the holder of the certificate and a particular public key.
- Digital certificates are used to verify the trustworthiness of the sender.
- A digital certificate binds a digital signature to an entity
- It provides authentication and security.
- A digital certificate works on the principles of public-key cryptography standards (PKCS). It creates a certificate in the X.509 or PGP format.
- A digital certificate consists of the certificate’s owner name and public key, expiration date, a Certificate Authority‘s name, a Certificate Authority’s digital signature.
Question 4.
Define Secure Electronic Transaction (SET) and its features?
Answer:
- Secure Electronic Transaction (SET) is a security protocol for electronic payments with credit cards, in particular via the Internet.
- The implementation of SET is based on the use of digital signatures
- It is also based on the encryption of transmitted data with asymmetric and symmetric encryption algorithms.
- SET also use dual signatures to ensure privacy.
The SET purchase involves three major participants:
- The customer
- The seller
- The payment gateway
The SET protocol guarantees the security of online shopping using credit cards on the open network.
Advantages:
- Ensuring the integrity of transaction data and the non-repudiation of transactions.
- Internationally recognized standard for credit card online transactions.
Features:
- Using public-key encryption and private key encryption ensure data confidentiality.
- Use information digest technology to ensure the integrity of information.
- Dual signature technology to ensure the identity of both parties in the transaction.
Question 5.
Briefly explain SSL?
Answer:
Secure Sockets Layers:
The most common Cryptographic protocol is Secure Sockets Layers (SSL). SSL is a hybrid encryption protocol for securing transactions over the Internet. The SSL standard was developed by Netscape in collaboration with MasterCard, Bank of America, MCI and Silicon Graphics.
It is based on a public key cryptography process to ensure the security of data transmission over the internet. Its principle is to establish a secure communication channel (encrypted) between a client and a server after an authentication step.
The SSL system acts as an additional layer, to ensure the security of data, located between the application layer and the transport layer in TCP.
For example, a user using an internet browser to connect to an SSL secured E-Commerce site will send encrypted data without any more necessary manipulations. Secure Sockets Layers (SSL) was renamed as Transport Layer Security (TLS) in 2001. But still, it is popularly known under the name SSL. TLS differs from SSL in the generation of symmetric keys.
Today, all browsers in the market support SSL, and most of secure communications proceed through this protocol. SSL works completely hidden for the user, who does not have to intervene in the protocol. The only thing the user has to do is make sure the URL starts with https:// instead of http:// where the “s” obviously means secured. It is also preceded by a green padlock.
Samacheer Kalvi 12th Computer Applications E-Commerce Security Systems Additional Questions and Answers
I. Choose The Correct Answer
Question 1.
…………………… has become the critical factor and core issue in any E-business.
Answer:
Security
Question 2.
…………………… cause harm to the computers.
Answer:
Viruses
Question 3.
……………. is the illegal practice of registering an Internet
a) Tampering
b) Cybersquatting
c) Typopiracy
d) All of the above
Answer:
b) Cybersquatting
Question 4.
Destroying the authenticity and integrity of the business information is ……………………….
(a) Information leakage
(b) Tampering
(c) Squatting
(d) Phishing
Answer:
(b) Tampering
Question 5.
………….. is a set of protocols that safely guide E-Commerce transactions through the Internet.
a) E-Commerce security
b) Tampering
c) Payment Frauds
d) Cybersquatting
Answer:
a) E-Commerce security
Question 6.
When the customer demands free reclaim or refund then it is …………………….
(a) Friendly Fraud
(b) Clean Fraud
(c) Triangular Fraud
(d) Unclean Fraud
Answer:
(a) Friendly Fraud
Question 7.
Which are the fake online shops offering the cheapest price and collecting credit card data?
(a) Friendly Fraud
(b) Clean Fraud
(c) Triangulation Fraud
(d) Square Fraud
Answer:
(c) Triangulation Fraud
Question 8.
The credit card information can be extracted using ……………………….
(a) malware
(b) cross-site scripting
(c) SQL injection
(d) all of these
Answer:
(d) all of these
Question 9.
DDoS means ……………………..
Answer:
Distributed Denial of Service
Question 10.
What is the other name for DDoS attacks?
(a) Nature Flood
(b) Network Flood
(c) Cyber Flood
(d) Virus Flood
Answer:
(b) Network Flood
Question 11.
Which is true about information leakage?
Answer:
(I) The contents of the transaction between the vendor and customer is stolen by the third party
(II) The documents provided by the merchant to the customer or vice versa are illegally used by another.
(a) I, II-both True
(b) I, II-False
(c) I-True, II-False
(d) I-False, II-True
Answer:
(a) I, II-both True
Question 12.
…………………… is the illegal practice of registering an Intranet domain names.
(a) Cybersquatting
(b) DDoS
(c) Malicious code
(d) Tampering
Answer:
(a) Cybersquatting
Question 13.
Directing users to a different website by taking advantage of user’s common type graphical errors in typing and direct users to a different website is ………………………
(a) Cyber Squatting
(b) Typopiracy
(c) DDoS
(d) Tampering
Answer:
(b) Typopiracy
Question 14.
Identify the typography.
(a) google.com
(b) facebook.com
(c) goggle.com
(d) gmail.com
Answer:
(c) goggle.com
Question 15.
Which refers to unauthorized intrusion into a computer or a network?
(a) Cracking
(b) Hacking
(c) Tampering
(d) DDoS
Answer:
(b) Hacking
Question 16.
Unification of all business information is
(a) Authenticity
(b) Availability
(c) Completeness
(d) Integrity
Answer:
(c) Completeness
Question 17.
Match the following
(i) Authencity – 1. preventing data to be altered
(ii) Integrity – 2. Conforming genuineness of data shared
(iii) Reliability – 3. prevention against violation agreement after the deal
(iv) Non-Repudiation – 4. reliable identification of ‘individual’
(a) (i)-2 (ii)-1 (iii)-4 (iv)-3
(b) (i)-1 (ii)-2 (iii)-3 (iv)-4
(c) (i)-4 (ii)-3 (iii)-2 (iv)-1
(d) (i)-4 (ii)-2 (iii)-1 (iv)-3
Answer:
(a) (i)-2 (ii)-1 (iii)-4 (iv)-3
Question 18.
Review ability is the capability of …………………………
(a) monitoring activities to audit and track the operations
(b) prevention of customer data used by others
(c) effective handling of hardware, software
(d) preventing data delay or removal
Answer:
(a) monitoring activities to audit and track the operations
Question 19.
An identity which is not a security technology in E-commerce transactions.
(a) Encryption
(b) Authentication technology
(c) Authentication protocol
(d) Integrity
Answer:
(d) Integrity
Question 20.
How many types of encryption technologies are there?
(a) 2
(b) 3
(c) 4
(d) 5
Answer:
(a) 2
Question 21.
The conversion of plaintext into meaningless ciphertext is done by ………………………..
Answer:
encryption algorithm
Question 22.
DES is ………………………
Answer:
Data Encryption Standard
Question 23.
Which one is the symmetric key data encryption method?
(a) DAS
(b) DES
(c) SED
(d) EDS
Answer:
(b) DES
Question 24.
FIPS means
(a) Finance Insurance Private Sector
(b) Finance Insurance Public Sector
(c) Federal Information Processing Standard
(d) None of these
Answer:
(c) Federal Information Processing Standard
Question 25.
Data Encryption Standard was introduced in ………………………..
(a) America
(b) Africa
(c) India
(d) Russia
Answer:
(a) America
Question 26.
DES was introduced in the year
(a) 1972
(b) 1975
(c) 1976
(d) 1978
Answer:
(c) 1976
Question 27.
DES was introduced by ………………………..
(a) FEPS
(b) FIPS
(c) FPS
(d) FPSE
Answer:
(b) FIPS
Question 28.
The DES key is apparently ……………………….. bits.
(a) 16
(b) 32
(c) 64
(d) 128
Answer:
(c) 64
Question 29.
How many bits are used for parity checks?
(a) 2
(b) 4
(c) 8
(d) 16
Answer:
(c) 8
Question 30.
How many bits are used by the DES algorithm?
(a) 8
(b) 1
(c) 56
(d) 64
Answer:
(c) 56
Question 31.
Triple – DES are also known as
(a) IDES
(b) 3DES
(c) DESede
(d) all of these
Answer:
(d) all of these
Question 32.
RSA means …………………….. algorithm.
Answer:
Rivest-Shamir-Adleman
Question 33.
What is the other name for Asymmetric key encryption?
(a) Symmetric
(b) DES
(c) Public
(d) Private
Answer:
(c) Public
Question 34.
A ……………………. method is used for converting a plain text with a public key into a ciphertext.
Answer:
public-key encryption
Question 35.
Find the correct statement about symmetric key encryption.
(a) plain text and ciphertext are of the same size
(b) The size of ciphertext is always greater than plain text.
Answer:
(a) plain text and ciphertext are of the same size
Question 36.
The number of key used grows linearly with the number of users in ……………………….
Answer:
asymmetric key Encryption
Question 37.
Pick the odd one out.
(a) DES
(b) AES
(c) RC4
(d) DSA
Answer:
(d) DSA
Question 38.
Pick the odd one out.
(a) RSA
(b) RC4
(c) ECC
(d) DSA
Answer:
(b) RC4
Question 39.
Find the statement which is not true?
(a) Different keys are used for encryption and decryption
(b) Speed of encryption is Fast
(c) Speed of decryption is Slow
(d) The number of key used grows linearly
Answer:
(b) Speed of encryption is Fast
Question 40.
Public key encryption is devised by
(i) Whitfield Diffie
(ii) Mastin E. Heilman
(iii) Robert John
(a) (i)
(b) (ii), (iii)
(c) (i), (iii)
(d) (i), (ii)
Answer:
(d) (i),(ii)
Question 41.
Public key encryption was devised in the year ………………………
(a) 1972
(b) 1974
(c) 1976
(d) 1978
Answer:
(c) 1976
Question 42.
A …………………….. is also known as a public-key certificate.
Answer:
digital certificate
Question 43.
Which one of the following is not present in the digital certificates?
(a) Sender’s identity
(b) digital signature
(c) Sender Name
(d) Public key
Answer:
(c) Sender Name
Question 44.
Digital certificates are issued by recognized
(a) CA
(b) MA
(c) DA
(d) DC
Answer:
(a) CA
Question 45.
CA stands for ……………………..
Answer:
Certification Authority
Question 46.
Common digital certificate systems are ……………………. and ………………………..
Answer:
X.509 and PGP
Question 47.
PGP was developed by ………………………
(a) Whitfield Diffie
(b) Martin E. Heilman
(c) Phil Zimmermann
(d) all the three
Answer:
(c) Phil Zimmermann
Question 48.
PGP was developed in the year …………………….
(a) 1988
(b) 1981
(c) 1973
(d) 1991
Answer:
(d) 1991
Question 49.
PGP works on the concept of ………………………
Answer:
“Web of trust”
Question 50.
Which One of the following is the decentralized encryption program?
(a) PGP
(b) X.509
(c) MGP
(d) X.511
Answer:
(a) PGP
Question 51.
The X.509 system is a centralized system digital certificate.
Answer:
X.509
Question 52.
Pick the odd one out.
(a) TCS
(b) CTS
(c) MTNL
(d) e-mudhra
Answer:
(b) CTS
Question 53.
A …………………….. is a mechanism that is used to verify that the particular digital document, message, or transaction is authentic
Answer:
digital signature
Question 54.
PKI means
(a) Public Key Instruction
(b) Public Key Infrastructure
(c) Public Key Interface
(d) Public Key Interrupt
Answer:
(b) Public Key Infrastructure
Question 55.
A …………………….. is a hardware component that is used to identify and authenticate users.
Answer:
Security token
Question 56.
DSS means ………………………
Answer:
Digital Signature Standard
Question 57.
PKCS means …………………………
Answer:
Public key cryptography standards
Question 58.
A digital signature is created using
(a) HSS
(b) DSS
(c) PKCS
(d) PGP
Answer:
(b) DSS
Question 59.
A digital signature has ……………………. algorithm for encrypting and decrypting the message.
(i) SHA-1
(ii) SHA-2
(iii) PGP
(iv) X.509
(a) (i), (ii)
(b) (ii), (iii)
(c) (iii), (iv)
(d) (i), (iv)
Answer:
(a) (i), (ii)
Question 60.
A digital certificate binds a ……………………… to an entity.
Answer:
(a) 2
Question 61.
There are …………………… kinds of security authentication protocols widely used in E-commerce.
(a) 2
(b) 3
(c) 4
(d) 5
Answer:
(a) 2
Question 62.
SET means
(a) Secure Electronic Transaction
(b) Safe Encryption Time
(c) Signature Ensure Transaction
(d) Socket Electronic Transaction
Answer:
(a) Secure Electronic Transaction
Question 63.
SSL means ……………………..
Answer:
Secure Sockets Layer
Question 64.
SET was developed with the participation of
(a) GTE
(b) IBM
(c) Microsoft
(d) all of these
Answer:
(d) all of these
Question 65.
Find the wrong statement.
(a) SET uses dual signatures to ensure privacy.
(b) The SET protocol guarantees the security of online shopping using credit cards.
(c) SET is a security protocol.
(d) It ensures the non-integrity of information.
Answer:
(d) It ensures the non-integrity of information.
Question 66.
SSL means ……………………
Answer:
Secure Socket Layers
Question 67.
Which is a hybrid encryption protocol for securing transactions over the Internet?
(a) DSL
(b) SSL
(c) IP
(d) HTTP
Answer:
(b) SSL
Question 68.
TLS means ……………………
Answer:
Transport Layer Security
Question 69.
SSL was renamed as TLS in the year ……………………..
(a) 1999
(b) 2000
(c) 2001
(d) 2002
Answer:
(c) 2001
Question 70.
Where is SSL located?
(i) Transport layer
(ii) Application layer
(iii) Session layer
(iv) Physical layer
(v) Presenation layer
(a) (i) and (ii)
(b) (ii) and (iii)
(c) (iii) and (iv)
(d) (iv) and (v)
Answer:
(a) (i) and (ii)
Question 71.
The SSL standard was developed by ……………………..
(a) Mozilla
(b) google
(c) Netscape
(d) Internet
Answer:
(c) Netscape
Question 72.
The most common cryptographic protocol is …………………….
Answer:
Secure Socket Layer
Question 73.
In https://, ‘s’ stands for …………………….
(a) safe
(b) secure
(c) socket
(d) squatting
Answer:
(b) secure
Question 74.
…………………… is a secure payment protocol on the Internet.
Answer:
3D secure
Question 75.
3D secure is adapted by ……………………
(a) Visa
(b) Master card
(c) Smart card
(d) Gift cards
Answer:
(b) Master card
Question 76.
How many domains are there in the 3-D secure protocol?
(a) 2
(b) 3
(c) 4
(d) 5
Answer:
(b) 3
Question 77.
Pick the odd one out.
(a) The Acquirer Domain
(b) The bearer domain
(c) The Issuer Domain
(d) The interoperability domain
Answer:
(b) The bearer domain
II. Short Answer Questions
Question 1.
Define E-commerce security.
Answer:
E-Commerce security is a set of protocols that safely guide E-Commerce transactions through the Internet,
Question 2.
What is a virus?
Answer:
Viruses cause harm to the computers thereby harms the efficient and smooth functioning of E-Commerce. Some viruses destroy all the information stored in a computer and cause huge loss of revenue and time.
Question 3.
What is the use of digital signature?
Answer:
A digital signature is a mechanism that is used to verify that a particular digital document, message, or transaction is authentic.
Question 4.
What is a security token?
Answer:
A security token is a hardware component that is used to identify and authenticate users.
Question 5.
Define Hacking?
Answer:
Hacking refers to unauthorized intrusion into a computer or a network. That is to say, breaking security to gain access to a website illegally and intercept confidential information.
Question 6.
What is Ransomware?
Answer:
Ransomware:
Ransomware is a type of malware that usually encrypts all the files in a target’s computer and threatens to publish the critical data unless a ransom (money) is paid.
Question 7.
List some common digital certificate systems?
Answer:
Common digital certificate systems are X.509 and PGR
- Pretty Good Privacy (PGP):
- The X.509
Question 8.
What is SSL?
Answer:
The most common Cryptographic protocol is Secure Sockets Layers (SSL). SSL is a hybrid encryption protocol for securing transactions over the Internet. It is based on a public key cryptography process.
Question 9.
Define OTP?
Answer:
One-Time Password (OTP):
A dynamic password that is valid for one login session or transaction provides potential security for an e-payment transaction.
Question 10.
Define Brute-Force attack?
Answer:
Brute-force attacks are the simplest attack method for breaking any encryption; that is, trying all the possible keys one by one.
III. Explain in Brief Answer
Question 1.
Write a short note on Tampering.
Answer:
- Tampering intentional modification of products in a way that would make them harmful to the consumer.
- E-Commerce has the problem of the authenticity and integrity of business information.
- When hackers grasp the data transmitted on the network, it can be falsified in the middle through various technical means, and then sent to the destination, thereby destroying the authenticity and integrity of the data.
Question 2.
What is meant by Tampering?
Answer:
Tampering:
E-Commerce has the problem of the authenticity and integrity of business information. When hackers grasp the data transmitted on the network, it can be falsified in the middle through various technical means, and then sent to the destination, thereby destroying the authenticity and integrity of the data.
Question 3.
Write a short note on Malicious code threats
Answer:
- Within an E-Commerce site, there are multiple vulnerable areas that can serve as an intrusion point for a hacker to gain payment and user information.
- Using malware, Cross-Site Scripting, or SQL Injection, an attacker will extract the credit card information and sell the acquired data on black markets.
- Fraud is then committed to extracting the greatest value possible through E-Commerce transactions or ATM withdrawals, etc.
Question 4.
What is DDoS?
Answer:
Distributed Denial of Service (DDoS) Attacks: It is a process of taking down an E-Commerce site by sending a continuous overwhelming request to its server. This attack will be conducted from numerous unidentified computers using a botnet. This attack will slow down and make the server inoperative. DDoS attacks are also called network flooding.
Question 5.
What is DES?
Answer:
The Data Encryption Standard (DES) is a Symmetric-key data encryption method. DES is the typical block algorithm that takes a string of bits of cleartext (plaintext) with a fixed length and, through a series of complicated operations, transforms it into another encrypted text of the same length.
Question 6.
Explain the key features of SET?
Answer:
SET system incorporates the following key features:
- Using public key encryption and private key encryption ensures data confidentiality.
- Use information digest technology to ensure the integrity of information.
- Dual signature technology to ensure the identity of both parties in the transaction.
Question 7.
Name the 3 domains of 3D secure?
Answer:
- The Acquirer Domain
- The Issuer Domain
- The interoperability Domain
IV. Explain in detail
Question 1.
Explain various types of E-commerce threats?
Answer:
(i) Information leakage:
The leakage of trade secrets in E-Commerce mainly includes two aspects: (a) the content of the transaction between the vendor and customer is stolen by the third party; (b) the documents provided by the merchant to the customer or vice versa are illegally used by the another. This intercepting and stealing of online documents is called information leakage.
(ii) Tampering:
E-Commerce has the problem of the authenticity and integrity of business information. When hackers grasp the data transmitted on the network, it can be falsified in the middle through various technical means, and then sent to the destination, thereby destroying the authenticity and integrity of the data.
(iii) Payment frauds:
Payment frauds have subsets like Friendly fraud (when customer demands false reclaim or refund), Clean fraud (when a stolen credit card is used to make a purchase Triangulation fraud (fake online shops offering the cheapest price and collect credit card data) etc.
(iv) Malicious code threats:
Within an E-Commerce site, there are multiple vulnerable areas that can serve as an intrusion point for a hacker to gain payment and user information. Using malware, Cross-Site Scripting or SQL Injection, an attacker will extract the credit card information and sell the acquired data on black markets. Fraud is then committed to extracting the greatest value possible through E-Commerce transactions or ATM withdrawals, etc.
(v) Distributed Denial of Service (DDoS) Attacks:
It is a process of taking down an E-Commerce site by sending a continuous overwhelming request to its server. This attack will be conducted from numerous unidentified computers using a botnet. This attack will slow down and make the server inoperative. DDoS attacks are also called network flooding.
(vi) Cyber Squatting:
Cybers quatting is the illegal practice of registering an Internet domain name that might be wanted by another person in an intention to sell it later for a profit.
Question 2.
Explain common digital certificate systems?
Answer:
Common digital certificate systems are X.509 and PGP:
1. Pretty Good Privacy (PGP):
Phil Zimmermann developed PGP in 1991. It is a decentralized encryption program that provides cryptographic privacy and authentication for data communication. PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and asymmetric-key cryptography and works on the concept of “web of trust”.
2. The X.509 system is a centralized system in which the authenticity of the key is guaranteed by the hierarchy of certification authorities formally certifying the key relationship with the identity of its owner. Due to its clear responsibility, it is easier to implant in the law, X.509 is currently a worldwide accepted certification technology.