E-Commerce and Cyber warfare

The Term "E-commerce"

The term "e-commerce" refers to the practice of conducting business over the internet. These activities include the purchase and sale of goods and services to and from potential buyers and sellers, as well as the promotion and distribution of business products and information. In addition, after the sale of a product, help is provided to manage any concerns and criticism. E-commerce payment conditions include online payments such as wire transfer or cash payment upon delivery (Schneiderjans et al. 2013).

Advantages of E-commerce

The advantages of E-commerce include reduced cost of keeping inventories and maintaining warehouses, automation of business transaction procedures, fast purchase, and delivery of goods and services, gathers new markets and customers easily, making market, product and customer analysis much easier, variety of goods and services at a cheaper price, and quick inter-personal communiqué and info access (Sathyadevi and Nisha 2017).

Elements Facilitating E-commerce

There are various elements that facilitate E-commerce and operation of online stores possible. The products and services, including their prices and any available offers, are contained in an electronic catalog. Sometimes the amount of stock available is indicated beside the price of the commodity (Leeflang et al. 2014). A search criterion is usually provided to enable customers to locate the products they need easily depending on the categories. A virtual cart makes it possible for a client to modify the type and volume of bought products. If the mode of payment is online, it is made secure by a trustworthy third party.

Challenges of E-commerce

Similar to other businesses, E-commerce has its challenges. Consumers use diverse technological devices to purchase goods, and therefore there is need to make client information actionable. An increased number of friendly frauds has been noted, and that scares some potential clients from the online transactions due complication of the chargeback process (Andam 2014). Cyber shoplifting is still a threat to the E-commerce fraternity.

Recommendations for Block Cipher Modes of Operation

The various recommendations provided in the Special Publication 800-38A

Morris Dworkin's Recommendations

Morris Dworkin provides various recommendations on the methods of operation that are used together with symmetric key block cipher procedures. In his book "Recommendation for Block Cipher Modes of Operation: Methods and Techniques," he explores the five modes which include the Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). The various modes can ensure data confidentiality, although the effectiveness varies from one mode to another (Dworkin 2011).

Key Elements in Block Cipher Algorithm

The key elements in block cipher algorithm are plain text, cipher text, and the use of a secret and public keys. These keys are used to either decrypt or encrypt the message, and without them, it is not possible to access the encrypted information. The party sending the data uses his/her private key to encrypt the message. The person receiving the information should have a public key provided by the sender of the data before the communication. The specific public key is used to decrypt and access the sent information (Dworkin 2011).

Effective Realization of Symmetric Block Cipher

Effective realization of symmetric block cipher depends on certain parameters and design features. A large block size ensures greater security although the speed of encryption/decryption reduces. A large key size guarantees security at a reduced speed of encryption and decryption. A Higher number of rounds, such as 16, provides adequate resistance to cryptanalysis compared to a single round during encryption or decryption. The sub-key generation algorithm should be complex to make cryptanalysis difficult. Dworkin recommends the used Counter (CTR) mode of operation due to the higher level of security compared to other modes. The CTR is simple to use, provided provable security, and uses random access technique making cryptanalysis difficult. Besides, preprocessing is done in CTR to enhance throughput. Also, hardware and software efficiencies are achieved in CTR mode of symmetrical block cipher modes of operation (Dworkin 2011).

Cyber Warfare

Cyber Warfare

Laws and Ethics in Curbing Cyber Warfare

Laws and ethics play an important role in curbing cyber warfare. Without limits, numerous damages can result due to cyber-attacks. There are rules and limits that have been developed in the Tallin Manual to contain cyber warfare. The manual describes how the international humanitarian law (IHL) should play out in the cyber-attacks. At times, cyber warfare is deemed necessary when it is carried out to protect and preserve civilian lives. A country may hire a hacker to penetrate the systems of a terrorist organization and reveal possible planned attacks. Through information obtained through hacking, a nation may thwart terrorist attacks or other cyber-crimes and prevent loss of living or/and property. Provision of laws and ethics governing cyber-attacks seeks to prevent loss of human lives and compromise of necessary services such as flights and flight services (Hathaway 2012).

Means and Methods of Cyber Warfare

The means and methods of cyber warfare are dynamic and are not covered by the 1949 Geneva Conventions. The presence of International Humanitarian Law (IHL) is crucial for the protection of the civilian population. Those cyber-crimes that fall out of an armed conflict are not covered by the IHL law, and therefore, there is need to establish ethical laws to govern other cyber-attacks. The ethical law requires that hacking experts should respect human lives, and therefore they should not commit cyber-crimes that put the lives of civilians in danger. The ethical law condemns any attempt to cause death or inflict injuries through cyber-attacks. Besides, the law and ethics focus on preventing all forms of activities that result in negative effects such as cyber espionage and cyber-crimes (Schmitt 2013). It is important to keep on drafting laws that govern all activities in the cyberspace besides the use of Tallinn Manual, International Humanitarian Law (IHL), and the 1949 Geneva Conventions due to the dynamic nature of cyber-attacks.

Phases of a Well-organized Cyber Operation

There are several phases of a well-organized cyber operation. Each phase plays an important role in making the cyber operation successful. The first phase is referred to as reconnaissance. The major aim of the first phase is to gather substantial information about the target object. The objective of the hackers is to source any information concerning the target organization and create a pattern that can reveal the weak spots of attack. The techniques used to do reconnaissance include social engineering, digging the internet for information, dumpster diving, and non-intrusive scanning of the organization network (Raiyn 2014).

Scanning

Scanning is the second phase of cyber operation. The key aim of the attacker is to check the target organization network devices to find weaknesses. The attacker targets to find open ports, free services, vulnerable computer and phone applications that have access to the network, and the type of make and model of the equipment used in each section of the network (Pasqualetti et al. 2013).

Gaining Access

The third phase is to gain access to the network and utilize the available resources. The principal aim is to obtain valuable information or use the network as a channel to launch attacks against other target organizations. The attacker seeks to access one or more equipment in the network.

Maintaining Access

The fourth phase is to maintain access to the network to allow successful completion of the planned cyber activities. This phase is dangerous as it increases the probability of the attacker to be detected. The objective of the attacker is to evade detection while using the network resources.

Covering Tracks

The final phase is covering tracks. The core aim of the attacker is to avoid being identified once they exit the network. The objective is to prevent sealing of the network loopholes once the attack has been noted. Besides, the attacker may avoid being identified so that he/she may not face the law, and the cyber activities undid (Pasqualetti et al. 2013).

Works Cited

Andam, Zorayda Ruth. "E-Commerce and e-Business." (2014).

Dworkin, Morris. Recommendation for Block Cipher Modes of Operation: Methods and Techniques. NIST Special Publication 800-38A, 2011.

Hathaway, Oona A., et al. "The law of cyber-attack." California Law Review (2012): 817-885.

Leeflang, Peter SH, et al. "Challenges and solutions for marketing in a digital era." European management journal 32.1 (2014): 1-12.

Pasqualetti, Fabio, Florian Dörfler, and Francesco Bullo. "Attack detection and identification in cyber-physical systems." IEEE Transactions on Automatic Control 58.11 (2013): 2715-2729.

Raiyn, Jamal. "A survey of cyber-attack detection strategies." International Journal of Security and Its Applications 8.1 (2014): 247-256.

Sathyadevi, R., and P. B. Nisha. "E-Commerce-Challenges and Solutions." PARIPEX-Indian Journal of Research 5.11 (2017).

Schniederjans, Marc J., Qing Cao, and Jason H. Triche. E-commerce operations management. World Scientific Publishing Co Inc, 2013.

Schmitt, Michael N. Tallinn manual on the international law applicable to cyber warfare. Cambridge University Press, 2013.