Master's Dissertation
DOI
https://doi.org/10.11606/D.3.2006.tde-05092006-175654
Document
Author
Full name
Arthur Wongtschowski
E-mail
Institute/School/College
Knowledge Area
Date of Defense
Published
São Paulo, 2005
Supervisor
Committee
Ruggiero, Wilson Vicente (President)
Barreto, Paulo Sergio Licciardi Messeder
Fernandes, Clovis Torres
Barreto, Paulo Sergio Licciardi Messeder
Fernandes, Clovis Torres
Title in Portuguese
Segurança em aplicações transacionais na internet: o elo mais fraco.
Keywords in Portuguese
internet
redes de computadores
segurança
redes de computadores
segurança
Abstract in Portuguese
O problema das fraudes virtuais em serviços de Internet Banking e comércio eletrônico vem crescendo a cada dia. Em 2005, as fraudes virtuais representaram, no Brasil, uma perda de 300 milhões de reais. Neste trabalho, apresentamos inicialmente o cenário atual das fraudes, especificando quais ataques elas utilizam, como são hoje executadas e quais vulnerabilidades exploram. Cada ataque é classificado conforme uma nova taxonomia criada. São também apresentadas possíveis defesas contra esses ataques, indicando a efetividade de cada uma. Analisamos também o ponto de vista da privacidade do usuário para cada uma dessas soluções. Como contribuição original, esse trabalho apresenta uma solução de curto prazo, que opera sobre a infra-estrutura já existente, que visa reduzir o problema das fraudes. São feitas também considerações sobre possíveis soluções de longo prazo de maior efetividade e que promovam uma defesa mais estrutural.
Title in English
Security in financial applications on the internet: the weakest link.
Keywords in English
computer network
internet
security
internet
security
Abstract in English
The problem of virtual frauds in Internet Banking and electronic commerce services is growing each day. In 2005, the virtual frauds represented a damage of 300 million reais in Brazil. In this work, we present initially the current scenario of virtual frauds, specifying what attacks are used, how they are executed and which vulnerabilities they exploit. Each attack will be classified in accordance to a new methodology. We also present defenses against these attacks, indicating the effectiveness and intrusion of each one of them. In the end, a short term and defensive solution is presented to reduce the problem of virtual frauds. We also consider long term solutions that could be used in the future to accomplish structural defenses.
WARNING - Viewing this document is conditioned on your acceptance of the following terms of use:
This document is only for private use for research and teaching activities. Reproduction for commercial use is forbidden. This rights cover the whole data about this document as well as its contents. Any uses or copies of this document in whole or in part must include the author's name.
This document is only for private use for research and teaching activities. Reproduction for commercial use is forbidden. This rights cover the whole data about this document as well as its contents. Any uses or copies of this document in whole or in part must include the author's name.
ArthurWongtschowski.pdf (923.04 Kbytes)
Publishing Date
2006-09-14
WARNING: Learn what derived works are clicking here.
All rights of the thesis/dissertation are from the authors
CeTI-SC/STI
Digital Library of Theses and Dissertations of USP. Copyright © 2001-2024. All rights reserved.
CeTI-SC/STI
Digital Library of Theses and Dissertations of USP. Copyright © 2001-2024. All rights reserved.