Tamilnadu State Board New Syllabus Samacheer Kalvi 12th Computer Applications Guide Pdf Chapter 17 E-Commerce Security Systems Text Book Back Questions and Answers, Notes.

Tamilnadu Samacheer Kalvi 12th Computer Applications Solutions Chapter 17 E-Commerce Security Systems

12th Computer Applications Guide E-Commerce Security Systems Text Book Questions and Answers

Part I

Choose The Correct Answers

Question 1.
In E-Commerce, when a stolen credit card is used to make a purchase it is termed as
a) Friendly fraud
b) Clean fraud
c) Triangulation fraud
d) Cyber squatting
Answer:
b) Clean fraud

Question 2.
Which of the following is not a security element involved in E-Commerce?
a) Authenticity
b) Confidentiality
c) Fishing
d) Privacy
Answer:
c) Fishing

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 3.
Asymmetric encryption is also called as
a) Secure Electronic Transaction
b) Certification Authority
c) RSA algorithm
d) Payment Information
Answer:
c) RSA algorithm

Question 4.
The security authentication technology does not include
i) Digital Signatures
ii) Digital Time Stamps
iii) Digital Technology
iv) Digital Certificates

a) i, ii & iv
b) ii & iii
c) i, ii & iii
d) all the above
Answer:
b) ii & iii

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 5.
PGP stands for
a) Pretty Good Privacy
b) Pretty Good Person
c) Private Good Privacy
d) Private Good Person
Answer:
a) Pretty Good Privacy

Question 6.
…………….. protocol is used for securing credit cards transactions via the Internet
a) Secure Electronic Transaction (SET)
b) Credit Card Verification
c) Symmetric Key Encryption
d) Public Key Encryption
Answer:
a) Secure Electronic Transaction (SET)

Question 7.
Secure Electronic Transaction (SET) was developed in
a) 1999
b) 1996
c) 1969
d) 1997
Answer:
b) 1996

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 8.
The websites secured by Secure Socket Layer protocols can be identified using
a) html://
b) http://
c) htmls://
d) https://
Answer:
d) https://

Question 9.
3-D Secure, a protocol was developed by
a) Visa
b) Master
c) Rupay
d) PayTM
Answer:
b) Master

Question 10.
Which of the following is true about Ransomware
a) Ransomware is not a subset of malware
b) Ransomware deletes the file instantly
c) Typo piracy is a form of ransomware
d) Hackers demand ransom from the victim
Answer:
d) Hackers demand ransom from the victim

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Part II

Short Answers

Question 1.
Write about information leakage in E-Commerce.
Answer:
Information leakage:
The leakage of trade secrets in E-Commerce mainly includes two aspects:

  1. The content of the transaction between the vendor and customer is stolen by the third party;
  2. The documents provided by the merchant to the customer or vice versa are illegally used by another.
  3. This intercepting and stealing of online documents is called information leakage.

Question 2.
Write a short note on typo piracy.
Answer:

  • Typopiracy ¡s a variant of Cyber Squatting.
  • Some fake websites try to take advantage of users’ common typographical errors in typing a websíte address and direct users to a different website.
  • Such people try to take advantage of some popular websites to generate accidental traffic for their websites.

Examples:

  • www.goggle.com,
  • www.facebook.com

Question 3.
Define non-repudiation.
Answer:
Non-repudiation: prevention against violation agreement after the deal.

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 4.
List the different types of security technologies in E-Commerce
Answer:

  • Encryption technology
  • Authentication technology
  • Authentication protocols

Question 5.
Write about digital signature.
Answer:

  1. A digital signature is a mechanism that is used to verify that a particular digital document, message, or transaction is authentic.
  2. Digital signatures are used to verify the trustworthiness of the data being sent.

Part III

Explain In Brief Answer

Question 1.
Write a note on certification authorities (CA)
Answer:

  • Digital certificates are issued by recognized Certification Authorities (CA).
  • When someone requests a digital certificate, the authority verifies the identity of the requester, and if the requester fulfills all requirements, the authority issues it.

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 2.
List some E-Commerce Security Threats?
Answer:

  • Information leakage
  • Tampering
  • Payment frauds
  • Malicious code threats
  • Distributed Denial of Service (DDoS) Attacks
  • Cyber Squatting
  • Typopiracy

Question 3.
Differentiate asymmetric and symmetric algorithms.
Answer:
Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems 1

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 4.
Write a note on PGP.
Answer:
Pretty Good Privacy (PGP): Phil Zimmermann developed PGP in 1991. It is a decentralized encryption program that provides cryptographic privacy and authentication for data communication. PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and asymmetric-key cryptography and works on the concept of “web of trust”.

Question 5.
Explain 3D secure payment protocols
Answer:

  • “3-D Secure is a secure payment protocol on the Internet.
  • It was developed by Visa to increase the level of transaction security, and it has been adopted by MasterCard.
  • It gives a better authentication of the holder of the payment card, during purchases made on websites.
  • The basic concept of this (XML-based) protocol is to link the financial authorization process with an online authentication system.

This authentication model comprises 3 domains (hence the name 3D) which are:

  1. The Acquirer Domain
  2. The Issuer Domain
  3. The interoperability’ Domain

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Part IV

Explain In Detail

Question 1.
Write about dimensions of E-Commerce Security.
Answer:
The following are some of the security elements involved in E-Commerce:

  1. Authenticity: conforming genuineness of data shared.
  2. Availability: prevention against data delay or removal.
  3. Completeness: unification of all business information.
  4. Confidentiality: protecting data against unauthorized disclosure.
  5. Effectiveness: effective handling of hardware, software and data.
  6. Integrity: prevention of the data being unaltered or modified.
  7. Non-repudiation: prevention against violation agreement after the deal.
  8. Privacy: prevention of customers’ personal data being used by others.
  9. Reliability: providing a reliable identification of the individuals or businesses.
  10. Review ability: capability of monitoring activities to audit and track the operations.

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 2.
Explain encryption technology.
Answer:

  • Encryption technology is an effective information security protection.
  • It is defined as converting a Plaintext into meaningless Ciphertext using an encryption algorithm thus ensuring the confidentiality of the data.
  • The encryption or decryption process uses a key to encrypt or decrypt the data.

Types:
At present, two encryption technologies are widely used. They are:

  • Symmetric key encryption system
  • Asymmetric key encryption system.

Symmetric key encryption – Data Encryption Standard (DES):

  • It is a Symmetric-key data encryption method.
  • It is the typical block algorithm that takes a string of bits of clear text (plaintext) with a fixed length into another encrypted text of the same length.
  • It also uses a key to customize the transformation, so that, in theory, the algorithm can only be deciphered by people who know the exact key that has been used for encryption.
  • The DES key is apparently 64 bits, but in fact, the algorithm uses only 56. The other eight bits are only used to verify the parity and then it is discarded.
  • The key length increased by multiple uses of the DES, described as Triple-DES, also known as TDES, 3DES or DESede,

Asymmetric or Public key encryption

  • It is also called as RSA (Rivest-Shamir-Adleman) algorithm.
  • It uses public-key authentication and digital signatures.
  • Each user generates their own key pair, which consists of a private key and a public key.
  • A public-key encryption method is a method for converting a plaintext with a public key into a ciphertext from which the plaintext can be retrieved with a private key.

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 3.
Differentiate digital signatures and digital certificates.
Answer:

Symmetric Key Encryption

Symmetric Key Encryption

A digital signature is a mechanism that is used to verify that a particular digital document, message, or transaction is authentic. A digital certificate is a computer file which officially ap­proves the relation between the holder of the certificate and a particular public key.
Digital signatures are used to verify the trustworthiness of the data being sent Digital certificates are used to verify the trustworthiness of the sender
A digital signature is to ensure that data remains secure from the point it was issued and it was not modified by a third party. A digital certificate binds a digital signature to an entity
It provides authentication, non-repudiation, and in­tegrity It provides authentication and security
A digital signature is created using a Digital Signa­ture Standard (DSS). I use an SHA-1 or sha-2 algo­rithm for encrypting and decrypting the message. A digital certificate works on principles of public-key cry- pyrography standards (PKCS). It creates a certificate in the X.509 or PGP format.
The document is encrypted at the sending end and decrypted at the receiving end using asymmetric keys. A digital certificate consists of the certificate’s owner name and public key, expiration date, a certificate Authority’s name, a Certificate Authority’s digital signature

Question 4.
Define Secure Electronic Transaction (SET) and its features.
Answer:
There are two kinds of security authentication protocols widely used in E-Commerce, namely Secure Electronic Transaction (SET) and Secure Sockets Layer (SSL).

Secure Electronic Transaction:
Secure Electronic Transaction (SET) is a security protocol for electronic payments with credit cards, in particular via the Internet. SET was developed in 1996 by VISA and MasterCard, with the participation of GTE, IBM, Microsoft, and Netscape.

The implementation of SET is based on the use of digital signatures and the encryption of transmitted data with asymmetric and symmetric encryption algorithms. SET also use dual signatures to ensure privacy.

The SET purchase involves three major participants: the customer, the seller, and the payment gateway. Here the customer shares the order information with the seller but not with the payment gateway. Also, the customer shares the payment information only with the payment gateway but not with the seller.

So, with the SET, the credit card number may not be known to the seller and will not be stored in the seller’s files also could not be recovered by a hacker. The SET protocol guarantees the security of online shopping using credit cards on the open network. It has the advantages of ensuring the integrity of transaction data and the non-repudiation of transactions. Therefore, it has become the internationally recognized standard for credit card online transactions.

SET system incorporates the following key features:

  • Using public-key encryption and private key encryption ensure data confidentiality.
  • Use information digest technology to ensure the integrity of information.
  • Dual signature technology to ensure the identity of both parties in the transaction.

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 5.
Briefly explain SSL.
Answer:

  • The most common Cryptographic protocol is Secure Sockets Layers (SSL).
  • SSL is a hybrid encryption protocol for securing transactions over the Internet.
  • The SSL standard was developed by Netscape in collaboration with MasterCard, Bank of America, MCI, and Silicon Graphics.
  • It is based on a public key cryptography process to ensure the security of data transmission over the internet.

Principle:

  • To establish a secure communication channel (encrypted) between a client and a server after an authentication step.
  • To ensure the security of data, located between the application layer and the transport layer in TCP.

Example:

  • A user using an internet browser to connect to an SSL secured E-Commerce site will send encrypted data without any more necessary manipulations.

Advantages:

  • Today, all browsers ¡n the market support SSL.
  • The secure communications are proceeded, through this protocol.
  • SSL works completely hidden for the user, who does not have to intervene in the protocol.
  • The URL starts with https:// instead of http:// where the “s” obviously means secured. It is also preceded by a green padlock.

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

12th Computer Applications Guide E-Commerce Security Systems Additional Important Questions and Answers

Part A

Choose The Correct Answers:

Question 1.
A digital certificate is also known as ………………
a) Public key certificate
b) Asymmetric Key
c) Symmetric Key
d) All of the above
Answer:
a) Public key certificate

Question 2.
…………… is a process of taking down an E-Commerce site by sending continuous
overwhelming request to its server.
a) RSA
b) DES
c) DDoS
d) CA
Answer:
c) DDoS

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 3.
The stealing of online documents is called …………………….
(a) phishing
(b) virus
(c) Frauds
(d) information leakage
Answer:
(d) information leakage

Question 4.
Typopiracy is a variant of ………….
a) Payment Frauds
b) Tampering
c) Cybersquatting
d) All of the above
Answer:
c) Cybersquatting

Question 5.
How many types of payment frauds are there?
(a) 2
(b) 3
(c) 4
(d) 5
Answer:
(b) 3

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Abbreviations:

  1. DDoS Distributed Denial of Service
  2. DES Data Encryption Standard
  3. RSA Rivest-Shamir-Adleman
  4. CA Certification Authorities
  5. PGP Pretty Good Privacy
  6. PKI Public Key Infrastructure
  7. SET Secure Electronic Transaction
  8. SSL Secure Sockets Layers
  9. TLS Transport Layer Security
  10. MD Message Digest
  11. PIN Personal Identification Number
  12. OTP One Time Password
  13. FIPS Federal Information Processing Standard
  14. PKCS Public-key cryptography standards

Assertion And Reason

Question 1.
Assertion (A); A digital signature is a mechanism that is used to verify that a particular digital document, message, or transaction is authentic.
Reason (R); A digital certificate is a computer file which officially approves the relation between the holder of the certificate and a particular public key.
a) Both (A) and (R) are correct and (R) is the correct explanation of (A)
b) Both (A) and (R) are correct, but (R) is not the correct explanation of (A)
c) (A) is true and (R) is false
d) (A) is false and (R) is true
Answer:
b) Both (A) and (R) are correct, but (R) is not the correct explanation of (A)

Question 2.
Assertion (A): Digital signatures are used to verify the trustworthiness of the data being sent.
Reason (R): A digital signature is a mechanism that is used to verify that a particular digital document, message, or transaction is authentic.
a) Both (A) and (R) are correct and (R) is the correct explanation of (A)
b) Both (A) and (R) are correct, but (R) is not the correct explanation of (A)
c) (A) is true and (R) is false
d) (A) is false and (R) is true
Answer:
a) Both (A) and (R) are correct and (R) is the correct explanation of (A)

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 3.
Assertion (A): A digital certificate is created using a Digital Signature Standard (DSS). It uses an SHA-1 or SHA-2 algorithm for encrypting and decrypting the message.
Reason (R); A digital certificate consists of the certificate’s owner name and public key, expiration date, a Certificate Authority’s name a Certificate Authority’s digital signature.
a) Both (A) and (R) are correct and (R) is the correct explanation of (A)
b) Both (A) and (R) are correct, but (R) is not the correct explanation of (A)
c) (A) is true and (R) is false
d) (A) is false and (R) is true
Answer:
d) (A) is false and (R) is true

Question 4.
Assertion (A); At present, there are two kinds of security authentication protocols widely used in E-Commerce.
Reason (R): SET is a Cryptographic protocol.
a) Both (A) and (R) are correct and (R) is the correct explanation of (A)
b) Both (A) and (R) are correct, but (R) is not the correct explanation of (A)
c) (A) is true and (R) is false
d) (A) is false and (R) is true
Answer:
c) (A) is true and (R) is false

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 5.
Assertion (A)s URL starts with https://instead of http:// where the “s” obviously means secured.
Reason (R): SSL works completely hidden for the user, who does not have to intervene in the protocol.
a) Both (A) and (R) are correct and (R) is the correct explanation of (A)
b) Both (A) and (R) are correct, but (R) is not the correct explanation of (A)
c) (A) is true and (R) is false
d) (A) is false and (R) is true
Answer:
b) Both (A) and (R) are correct, but (R) is not the correct explanation of (A)

Very Short Answers

Question 1.
What is DES?
Answer:
The Data Encryption Standard (DES) is a Symmetric-key data encryption method.

Question 2.
When was DES introduced?
Answer:
It was introduced in America in the year 1976

Question 3.
Who introduced DES?
Answer:
It was introduced by Federal Information Processing Standard (FIPS).

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 4
Who developed PGP? When?
Answer:
Pretty Good Privacy (PGP): Phil Zimmermann developed PGP in 1991.

Question 5.
What is the use of digital certificates?
Answer:
Digital certificates are used to verify the Trust j worthiness of the sender.

Question 6.
What is the use of digital signatures?
Answer:
Digital signatures are used to verify the trustworthiness of the data being sent

Question 7.
Who developed 3D-Secure?
Answer:
3D-Secure was developed by Visa

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 8.
What is 3D-Secure?
Answer:
3-D Secure is a secure payment protocol on the Internet.

Question 9.
What is the purpose of 3D-Secure?
Answer:
To increase the level of transaction security,

Question 10.
What is the basic concept of 3D-Secure?
Answer:
To link the financial authorization process with an online authentication system.

Question 11.
What is SET?
Answer:
Secure Electronic Transaction (SET) is a security protocol for electronic payments

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 12.
What is SSL?
Answer:
The most common Cryptographic protocol is Secure Sockets Layers (SSL).

Question 13.
What is the purpose of SSL?
Answer:
To ensure the security of data transmission over the internet.

Question 14.
What are Brute-force attacks?
Answer:
It is the simplest attack method for breaking any encryption.

Question 15.
Who developed SSL?
Answer:
The SSL standard was developed by Netscape

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 16.
What is a repository?
Answer:
The certificate authority maintains a database of public keys called a repository

Question 17.
How TLS and SSL differ?
Answer:
TLS differs from SSL in the generation of symmetric keys.

Question 18.
How many domains are in the authentication model?
Answer:
There are 3 domains in the authentications model

Question 19.
When SSL renamed as TLS?
Answer:
Secure Sockets Layers (SSL) was renamed as Transport Layer Security (TLS) in 2001.

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 20.
What is the principle of SSL?
Answer:
To establish a secure communication channel between a client and a server

Question 21.
What is public key infrastructure?
Answer:
Digital signatures use a standard, worldwide accepted format, called Public Key Infrastructure (PKI).

Question 22.
What is the purpose of PKI?
Answer:
To provide the highest levels of security and universal acceptance.

Question 23.
What is the role of security certification in authentication technology?
Answer:
To ensure Authentication, Integrity, and Non-repudiation.

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 24.
Who are the participants involve in inset purchase?
Answer:

  • The customer
  • The seller
  • The payment gateway.

Question 25.
What is another name of Asymmetric encryption?
Answer:
RSA (Rivest-Shamir-Adleman) algorithm.

Important Years To Remember:

1976 DES was introduced in America
1991 Phil Zimmermann developed PGP
1996 SET was developed by VISA and MasterCard

Find The Odd One On The Following

1. a) Authenticity
b) Availability
c) Completeness
d) Audacity
Answer:
d) Audacity

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

2. a) Confidentiality
b) Effectiveness
c) Tampering
d) Reliability
Answer:
c) Tampering

3. a) Cyber Squatting
b) Integrity
c) Non-repudiation
d) Privacy
Answer:
a) Cyber Squatting

4. a) Information leakage
b) Confidentiality
c) Payment frauds
d) Tampering
Answer:
b) Confidentiality

5. a) Malicious code threats
b) DDoS
c) Cyber Squatting
d) Confidentiality
Answer:
d) Confidentiality

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

6. a) DES
b) AES
c) ECC
d) RC4
Answer:
c) ECC

7. a) DES
b) ECC
c) DSA
d) RSA
Answer:
a) DES

8. a) TDES
b) AES
c) 3 DES
d) DESede
Answer:
b) AES

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

9. a) Authentication
b) Integrity
c) Non-repudiation
d) Plain Text
Answer:
d) Plain Text

10. a) Asymmetric encryption
b) Symmetric key encryption
c) Data Encryption Standard
d) Federal Information Processing Standard
Answer:
a) Asymmetric encryption

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Part B

Short Answer Questions

Question 1.
What is E-commerce Security?
Answer:
E-Commerce security is a set of protocols that safely guide E-Commerce transactions through the Internet.

Question 2.
What is Cyber Squatting?
Answer:
It is s the illegal practice of registering an Internet domain name that might be wanted by another person in an intention to sell it later for a profit

Question 3.
What is meant by cybersquatting?
Answer:
Cyber Squatting: Cybersquatting is the illegal practice of registering an Internet domain name that might be wanted by another person with an intention to sell it later for a profit.

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Part c

Explain In Brief Answer

Question 1.
Define Phishing?
Answer:
Phishing is also an E-Commerce threat in which a target is contacted by e-mail, telephone, or text message by someone who pretends himself as a genuine authority. They try to trap individuals to provide sensitive data such as banking and credit card details, OTP, PIN, or passwords. Once they succeed, the results would lead to devastating acts such as identity theft and financial loss.

Question 2.
What are the subsets of Payment frauds?
Answer:

  • Friendly fraud (when customer demands false reclaim or refund
  • Clean fraud (when a stolen credit card is used to make a purchase)
  • Triangulation fraud (fake online shops offering cheapest price and collect credit card data) etc.

Samacheer Kalvi 12th Computer Applications Guide Chapter 17 E-Commerce Security Systems

Question 3.
Explain various types of payment frauds?
Answer:
Payment frauds: Payment frauds have subsets like Friendly fraud (when customer demands- false reclaim or refund), Clean fraud (when a stolen credit card is used to make a purchase) Triangulation fraud (fake online shops offering the cheapest price and collect credit card data), etc.

Question 4.
What is Distributed Denial of Service (DDoS) Attacks? Or What is network flooding?
Answer:

  • It is a process of taking down an E-Commerce site by sending a continuous overwhelming request to its server.
  • This attack will be conducted from numerous unidentified computers using a botnet. This attack will slow down and make the server inoperative.
  • DDoS attacks are also called network flooding.