电子商务中信息安全问题的探讨-毕业论文-外文翻译

E-commerceInformationSecurityProblemsⅠ.IntroductionE-commerce(E-Business)isinopennetworks,includingbetweenenterprises(B2B),businessandconsumers(B2C)commercialtransactions,comparedwiththetraditionalbusinessmodel,e-commercewithefficient,convenient,coveredwiderangeofcharacteristicsandbenefits.However,e-commerceopenthisInternet-baseddataexchangeisgreatitssecurityvulnerabilities,securityisacoree-commercedevelopmentconstraintsandkeyissues.Inthispaper,thebasicideasandprinciplesofsystemsengineering,analyzesthecurrentsecuritythreatsfacinge-commerce,inthisbasedonsecuritytechnologyfromtheperspectiveofdevelopmenttrendofe-commerce.Ⅱ.E-commercemodelModerne-commercetechnologyhasfocusedontheestablishmentandoperationofthenetworkofstores.Networkinthedepartmentstoresandrealstoresnodistinctionbetweenstructureandfunction,differencesintheirfunctionandstructuretoachievethesemethodsandthewaybusinessoperate.WebstorefromthefrontviewisaspecialkindofWEBserver.WEBsiteofmodernmultimediasupportandagoodinteractivefeatureasthebasisfortheestablishmentofthisvirtualstore,socustomerscan,asinarealsupermarketpushingashoppingcarttoselectgoods,andfinallyinthecheckoutcheckout.Theseonlinestoresalsoconstitutethethreepillarsofsoftware:catalog,shoppingcartandcustomercheckout.Customersuseanelectroniccurrencyandtransactionmuststorecustomersandstoresaresafeandreliable.Behindthestoreinthenetwork,enterprisesmustfirsthaveaproductstoragewarehouseandadministration;secondnetworktosellproductsbymailorotherdeliverychannelstocustomershands;Third,enterprisesshouldalsoberesponsibleforproductafter-salesservice,Thisservicemaybethroughnetworks,maynot.InternettransactionsareusuallyafirstPaythebillandgettinggoodsshopping.Forcustomers,convenienceisthatthegoodspurchasedwillbedirectlydeliveredtotheirhome,buthardtofeelassuredthatthegoodscannotbeconfirmeduntilthehandsreachintotheirownhands,whatitis.Therefore,thecredibilityofthestorenetworkandservicequalityisactuallythekeytothesuccessofe-commerce.Ⅲ.thekeytodevelopmentofelectroniccommerceE-commerceinthetelecommunicationsnetworktodevelop.Therefore,theadvancedcomputernetworkinfrastructureandtelecommunicationspolicyeasingthedevelopmentofelectroniccommercehasbecomeaprerequisite.Currently,telecomservices,highprices,limitedbandwidth,theserviceisnottimelyornotreliableandsothedevelopmentofe-commercehasbecomeaconstraint.Speeduptheconstructionoftelecommunicationsinfrastructure,tobreakthetelecommunicationsmarketmonopoly,introducecompetitionmechanismtoensurefaircompetitioninthetelecommunicationsbusiness,topromotenetworking,ensuretoprovideuserswithlow-cost,high-speed,reliablecommunicationsservicesisagoodconstructiontargetnetworkenvironment,butalsoalloftheworldcommontask.E-commercethemostprominentproblemistosolvetheon-lineshopping,tradingandclearingofsecurityissues,includingtheestablishmentofe-commercetrustbetweenallthemainissues,namelytheestablishmentofsafetycertificationsystem(CA)issues;choosesafetystandards(suchasSET,SSL,PKI,etc.)problems;usingencryptionanddecryptionmethodandencryptionstrengthproblems.Establishmentofsecurityauthenticationsystemwhichisthekey.Onlinetradingandtraditionalfacetofaceorwrittentransactionsindifferentways,itistransmittedthroughthenetworkbusinessinformationandtradeactivities.Thesecurityofonlinetransactionsmeans:Validity:thevalidityofthecontracttoensureonlinetransactions,topreventsystemfailure,computerviruses,hackerattacks.Confidentiality:thecontentofthetransaction,bothtransactionsaccount,thepasswordisnotrecognizedbyothersandstealing.Integrity:topreventtheformationofunilateraltransactioninformationandmodify.Therefore,thee-commercesecuritysystemshouldinclude:secureandreliablecommunicationsnetworktoensurereliabledatatransmissionintegrity,preventviruses,hackers;electronicsignaturesandotherauthenticationsystems;completedataencryptionsystemandsoon.Ⅳ.e-commercesecurityissuesfacingAse-commercenetworkisthecomputer-based,itinevitablyfacesanumberofsecurityissues.(1)InformationleakPerformanceine-commercefortheleakageofbusinesssecrets,includingtwoaspects:thepartiesaredealingtransactionsbythirdpartiestostealthecontents;transactiontotheotherpartytoprovidedocumentsusedillegalusebythirdparties.(2)AlteredE-commerceinformationforbusinessperformanceintheauthenticityandintegrityissues.Electronictransactioninformationinthenetworktransmissionprocessmaybeotherstoillegallymodify,deleteorre-changed,sothatinformationaboutitsauthenticityandintegrity.(3)IdentificationWithoutidentification,third-partytransactionsislikelytofaketheidentityofpartiestoadealbreaker,damagethereputationofbeingcounterfeitorstolenbyonepartytothetransactionfakeresultsandsoon,foridentification,thetransactionbetweenthetwosidescanpreventsuspicionsituation.(4)ComputervirusesComputervirusappeared10years,avarietyofnewvirusanditsvariantsrapidlyincreasing,theemergenceoftheInternetforthespreadofthevirushasprovidedthebestmedium.Manynewvirusesdirectlyusingthenetworkasitstransmission,aswellasmanyvirusesspreadfasterthroughdriednetworks,frequentlycausingbillionsofdollarsineconomiclosses.(5)HackerWiththespreadofavarietyofapplicationtools,hackershavebeenpopular,andarenotinthepast;non-computerexpertcannotbeahacker.HavekickedYahoo'smafiaboydidnotreceiveanyspecialtraining,onlyafewattackstotheuserstodownloadsoftwareandlearnhowtousetheInternetonabigdry.Ⅴ.e-commercesecurityandsafetyfactorsEnterpriseapplicationsecurityisthemostworriedaboute-commerce,andhowtoprotectthesecurityofe-commerceactivities,willremainthecoreofe-commerceresearch.Asasecuree-commercesystem,wemustfirsthaveasafe,reliablecommunicationnetwork,toensurethattransactioninformationsecureandrapidtransmission;seconddatabaseservertoensureabsolutesecurityagainsthackersbreakintonetworkstostealinformation.E-commercesecuritytechnologiesincludeencryption,authenticationtechnologyande-commercesecurityprotocols,firewalltechnology.(A),encryptiontechnologyToensurethesecurityofdataandtransactionstopreventfraud,toconfirmthetrueidentityoftransactionparties,e-commercetoadoptencryptiontechnology,encryptiontechnologyisthroughtheuseofcodeorpasswordtoprotectdatasecurity.Forencrypteddataiscalledplaintext,specificallythroughtheroleofaencryptionalgorithm,theconversionintociphertext,wewillexpressthischangeastheciphertextiscalledencryption,theciphertextbythedecryptionalgorithmtoformaclearroleintheoutputofthisaprocessknownasdecryption.Encryptionalgorithmknownasthekeyparametersused.Thelongerthekey,thekeyspaceislarge,traversethekeyspacethemoretimespent,thelesslikelycracked.Encryptiontechnologycanbedividedintotwocategories:symmetricencryptionandasymmetricencryption.SymmetricencryptiontothedataencryptionstandardDES(DataEncryptionStandard)algorithmisrepresented.AsymmetricencryptionisusuallyRSA(RivetsShamirAleman)algorithmisrepresented.(B),authenticationCommonlyusedsecurityauthenticationtechnologies:digitalsignatures,digitalcertificates,digitaltimestamp,CAsecurityauthenticationtechnology.(C),hackerprotectiontechnologyCurrently,hackershavebecomethebiggeste-commercesecuritythreats,thuspreventinghackingnetworksecuritytechnologyhasbecomethemaincontent,bygovernmentsandindustryarehighlyvalued.Hackingtechniquesincludebufferoverflowattacks,Trojans,portscans,IPfraud,networkmonitoring,passwordattacks,anddenialofserviceDosattacks.Atpresent,peoplehavemademanyeffectiveanti-hackertechnologies,includingfirewalls,intrusiondetection,andnetworksecurityevaluationtechniques.Ⅵ.thefuturesecurityofe-commerceIncreasinglyseveresecurityproblems,aregrowingthreattonationalandglobaleconomicsecurity,governmentshavebeenbasedoneffortsinthefollowingareas:(1)Strengthenthelegislation,refertotheadvancedcountrieshaveeffectivelegislation,innovative,e-commerceandimprovetheprotectionofthelawsagainstcyber-crimesecuritysystem.(2)Establishmentofrelevantinstitutions,totakepracticalmeasurestocombatcybercrime.Developmentofthelaw,theimplementingagenciesshouldalsobeusedforitsrelevantlaws,whichmustestablishanindependentoversightbody,suchastheexecutingagencytoimplementthelaw.(3)Increaseinvestmentinnetworksecuritytechnology;improvethelevelofnetworksecuritytechnology.E-commercesecuritylawistheprerequisiteandbasisfordevelopmentandsecuree-commercesecuritytechnologyisameansofprotection.Therearemanysecurityissuesaretechnicalreasons,itshouldincreasethetechnologyresources,andcontinuouslypushforwardthedevelopmentofoldtechnologiesanddevelopingnewsecuritytechnology.(4)ToencourageenterprisestoprotectthemselvesagainstInternetcrimeagainst.Toavoidattack,companiescannotholdthingstochance,mustattachgreatimportancetosystemvulnerabilities,intimetofindsecurityholestoinstalltheoperatingsystemandserverpatches,andnetworksecuritydetectionequipmentshouldbeusedregularlyscanthenetworkmonitoring,developasetofcompletesecurityprotectionsystemtoenableenterprisestoformasystemandcombinedwiththecomprehensiveprotectionsystem.(5)Tostrengtheninternationalcooperationtostrengthenglobaleffortstocombatcybercrime.Ase-commerceknowsnoborders,nogeographical,itisacompletelyopenarea,sotheactionagainstcybercrimee-commercewillalsobeglobal.ThiswillrequireGovernmentstostrengthencooperation,cannothave"thesayingwhichgoes,regardlessofothers,creamtile"misconception.(6)Tostrengthenthenetworkofnationalsafetyeducation,payattentiontothecultivationofoutstandingcomputer.Ⅶ.ConclusionE-commerceinChinahasdevelopedrapidlyinrecentyears,butthesecurityhasnotyetestablished.Thishasanimpactonthedevelopmentofelectroniccommerceasabarrier.Tothisend,wemustacceleratetheconstructionofthee-commercesecuritysystems.Thiswillbeacomprehensive,systematicprojectinvolvingthewholesociety.Specifically,wewantlegalrecognitionofelectroniccommunicationsrecordsoftheeffectivenessoflegalprotectionforelectroniccommerce;weshouldstrengthentheresearchonelectronicsignatures,toprotecte-commercetechnology;weneedtobuilde-commerceauthenticationsystemassoonaspossible,toorganizeprotectionforelectroniccommerce.Moreover,fore-commercefeatureswithoutborders,weshouldalsostrengtheninternationalcooperation,sothate-commercetrulyplaysitsrole.Onlyinthisway,wecanadapttothetimesPromotingChina'seconomicdevelopment;alsotheonlywaywecanintheeconomicglobalizationtoday,toparticipateininternationalcompetition,andthusgainacompetitiveadvantage.Source:MichaelHecker,TharamS.Dillon,andElizabethChangIEEEInternetComputingprenticehallpublishing,2002电子商务中的信息安全问题一、引言电子商务（E-Business）是发生在开放网络上的包括企业之间（B2B）、企业和消费者之间（B2C）的商业交易，与传统商务模式相比，电子商务具有高效、便捷、覆盖范围广等特点和优点。然而，电子商务这种基于Internet的开放式的数据交换是的其安全具有很大的脆弱性，安全问题是制约电子商务发展的一个核心和关键问题。本文从系统工程的基本观点和原理出发，分析了目前电子商务面临的各种安全威胁，在此基础上，从安全技术角度，探讨电子商务的发展趋势和方向二、电子商务模式现代电子商务技术已经集中于网络商店的建立和运作。网络商店和真实商店在部门结构和功能上没有区别，不同点在于其实现这些功能和结构的方法以与商务运作的方式。网络商店从前台看是一种特殊的WEB服务器。现代WEB网站的多媒体支持和良好的交互性功能成为建立这种虚拟商店的基础，使得顾客可以像在真实的超级市场一样推着购物车挑选商品，并最后在付款台结账。这也就构成网上商店软件的三大支柱：商品目录、顾客购物车和付款台。顾客运用某种电子货币和商店进行交易必须对顾客和商店都是安全可靠的。而在网络商店的背后，企业首先要具备商品的存储仓库和管理机构；其次要将网络上销售的产品通过邮政或其他渠道投递到顾客手里；第三，企业同样要负责产品的售后服务，这种服务可能是通过网络的，也可能不是。网络交易通常是一种先交钱后拿货的购物方式。对客户而言，其方便处在于购得的商品会直接投递到自己家里，而难以放心的是在商品到达手中之前并不能确认到自己手中的究竟是什么。因此网络商店的信誉和服务质量实际上是电子商务成功与否的关键。三、电子商务发展的关键环节电子商务是在电信网络上发展起来的。因此，先进的计算机网络基础设施和宽松的电信政策就成为发展电子商务的前提。目前，电信服务价格过高，带宽有限，服务不与时或不可靠等因素已经成为发展电子商务的制约因素。加快电信基础设施建设，打破电信市场的垄断，引进竞争机制，保证电信业务公平竞争，促进网络互联，确保为用户提供廉价，高速，可靠的通信服务是良好网络环境的建设目标，也是世界各国面临的共同课题。开展电子商务最突出的问题是要解决网上购物、交易和结算中的安全问题，其中包括建立电子商务各主体之间的信任问题，即建立安全认证体系（CA）问题；选择安全标准（如SET、SSL、PKI等）问题；采用加、解密方法和加密强度问题。其中建立安全认证体系是关键。网上交易与传统的面对面或书面的交易方式不同，它是通过网络传输商务信息和进行贸易活动的。网上交易的安全问题意味着：有效性:保证网上交易合同的有效性，防止系统故障、计算机病毒、黑客攻击。保密性:对交易的内容、交易双方账号、密码不被他人识别和盗取。完整性:防止单方面对交易信息的生成和修改。所以，电子商务的安全体系应包括：安全可靠的通信网络，保证数据传输的可靠完整，防止病毒、黑客入侵；电子签名和其他身份认证系统；完备的数据加密系统等等。四、电子商务面临的安全问题由于电子商务是以计算机网络为基础的，因此它不可避免面临着一系列的安全问题。(1)信息泄漏在电子商务中表现为商业机密的泄漏，主要包括两个方面：交易双方进行交易的内容被第三方窃取；交易一方提供给另一方使用的文件被第三方非法使用。(2)窜改电子商务中表现为商业信息的真实性和完整性的问题。电子的交易信息在网络上传输的过程中，可能被他人非法修改、删除或重改，这样就使信息失去了真实性和完整性。(3)身份识别如果不进行身份识别，第三方就有可能假冒交易一方的身份，以破坏交易、破坏被假冒一方的信誉或盗取被假冒一方的交易成果等，进行身份识别后，交易双方就可防止相互猜疑的情况。(4)电脑病毒问题电脑病毒问世十几年来，各种新型病毒与其变种迅速增加，互联网的出现又为病毒的传播提供了最好的媒介。不少新病毒直接利用网络作为自己的传播途径，还有众多病毒借助干网络传播得更快，动辄造成数百亿美元的经济损失。(5)黑客问题随着各种应用工具的传播，黑客己经大众化了,不像过去那样非电脑高手不能成为黑客。曾经大闹雅虎网站的黑手党男孩就没有受过什么专门训练，只是向网友下载了几个攻击软件并学会了如何使用，就在互联网上大干了一场。五、电子商务安全因素与安全技术安全问题是企业应用电子商务最担心的问题，而如何保障电子商务活动的安全，将一直是电子商务的核心研究领域。作为一个安全的电子商务系统，首先必须具有一