ABSTRACT
The paper discusses the topics regarding, 1) Internet Frauds ;2) to analyze user’s satisfaction on internet security by using Secure Socket Layer (SSL); and 3) to make people aware of internet fraudsters.
Six research questions were utilized in this study. This study examines whether secure socket layer and its certificate would protect online users from fraudsters while they browse websites. The six research questions are as follows:
• Are there any security breaches occurring with the usage of SSL certified website?
• Can we stop internet frauds by making people aware of it?
• Is secure socket layer used in all websites?
• Is Secure Socket Layer reliable?
• Does Secure Socket Layer protect online users from fraudsters?
• Are users satisfied with security provided by SSL authentication?

TABLE OF CONTENTS
ABSTRACT ii
INTRODUCTION 1
Statement of Purpose and Problem 2
Principle Research Questions 3
Assumption of the study 3
Limitation of the Study 3
Definition of Terms 3
REVIEW OF LITERATURE 5
Internet 5
How SSL Works? 8
What is a “certificate” in SSL certificate? 8
What is an SSL certificate? 9
METHODOLOGY 11
Selection of subjects 11
Instrumentation 11
Method 13
ANALYSIS 15
REFERENCE i INTRODUCTION
The term internet refers to prevalent network of networks connected on the Earth and the security provided to the networks in order to maintain confidentiality of the data is called Internet security. Network can be defined as a group of computers connected together and the communication between these computers is called networking. This networking is done by providing the internet to different systems.
Some of the advantages of networking include:
• Sharing of memory
• Sharing of data
• Sharing the software
• Sharing the hardware
• Sharing of processor (Knipp, 2002).
“The first software network is developed by Thompson. This is called the ARPANET (Advanced Research Project Agency Network). This was developed by the United states Department of defense in the year 1969” (Giacomello, 2005).
Internet security has become a major concern for all online users because the risk related with many online services had made security a major issue for online failure or success. Over the past few years, user magazines and security providers have well-read the market on the essentials of online security (Bit Engines, 2002).
The majority of customers are expecting online services to be confidential and vital. Users would buy their products or browse websites when they are satisfied that their details are secure and safe from fraudsters or hackers. Quality SSL Certificates used for online transaction tells customers to take their security seriously (Bit Engines, 2002).Various studies stated that SSL provides protection for customer’s transactions and provide company with a proof of your digital identity.
Statement of Purpose and Problem
The purpose of this study is to analyze user’s satisfaction on internet security by using Secure Socket Layer (SSL) and to make people aware of internet frauds. Is SSL capable of protecting the advanced technologies used in hacking the internet? The following provides the research hypothesis and relevant information pertaining to the hypothesis.
Hypothesis:
With the usage of SSL, users are unable to prevent internet security breaches. Null Hypothesis:
Users are able to prevent internet breaches using SSL.
Procedures:
The objectives of this study will be met using descriptive experimental pretest-posttest. Many online users have been selected for this study, users browse websites but they cannot differentiate a website that has a SSL certificates or not, which protects customer’s data while they make transactions online. Each user, during this study will be asked to browse similar type of websites that is unsecured, medium or highly secured, highly secured website uses SSL certificate for providing security.
There is a pretest governed to online website users. After the completion of the test, both the quality and service providers will test the website and gather information whether the data transferred is secured from fraudsters. Few days after, when the test is completed users will be given a delayed posttest to evaluate the security problems.
Data will be gathered and the required statistical analyses will me made. The null hypotheses test will be performed to determine if there is any statistical significance among online users.
Principle Research Questions
• Are there any security breaches occurring with the usage of SSL certified website?
• Can we stop internet frauds by making people aware of it?
• Is secure socket layer used in all websites?
• Is Secure Socket Layer reliable?
• Does Secure Socket Layer protect online users from fraudsters?
• Are users satisfied with security provided by SSL authentication?
Assumption of the study
It can be assumed that the subjects participating in this research will provide information truthfully and honestly. The following assumptions are made regarding the research and sample of this study
1. Users will participate voluntarily in the study.
2. The research sample has limited knowledge on Secure Socket Layer.
3. The research sample has limited knowledge on Internet frauds.
4. The instruments used in the study will accurately measure the security given to the websites.
Limitation of the Study This study will be limited to internet users, users who have experienced internet fraud and users who regularly shop online.

Definition of Terms
Web Server: A web server refers to a location on the internet that contains information in the form of web Pages.
Web Browser: It is a software application that resides on your PC and can display text, images, and multimedia data found on different Web Pages.
Certification Authority (CA): It is a center trusted by one or more entities which create and assigns certificates. REVIEW OF LITERATURE
Internet
The Internet is the transport vehicle for the information stored in files or documents on another computer. The Internet has shaped many new worldwide business opportunities for enterprises.
The Internet has developed a very strong society base where information, software and specialist advice is freely shared and mainly for this reason the users have developed a very strong protective attitude on freedom of speech, freedom from commercial interests, etiquette and unsuitable material on the web.
According to Steven C. Perkins (1999) Internet is defined as “the name given to the collective electronic network of computers and computer networks which are inter-connected throughout the world - started with the ARPA net at the US Dept. of Defense”.
In America the people who use internet, 31 percent, or approximately 35 million people, participate in online auctions, according to a Harris Interactive survey commissioned by the National Consumers League. A whopping 94 percent of respondents who have participated as bidders said they are somewhat or very confident that as the winning bidder in an online auction, they will get what they pay for from a seller. But 41 percent of online auction buyers reported having a problem. (Internet Fraud Watch, 2001)
“Consumers’ overconfidence that they will get what they paid for is one big reason why they easily fall victim to scams,” said Susan Grant, director of NCL’s Internet Fraud Watch, “Many donot know about the safe ways to pay in online auctions.”
NCL has launched a campaign for online user. The goal for their campaign was to educate the customers about how to make safe online transactions.
Morgan Stanley admitted that they are the latest online banking operation to have discovered a serious security flaw in its systems, which allowed fraudsters to access account details of customers. The latest instance is of greater concern, since fraudsters were able to enter other accounts by entering just the first digit of a credit card number.
"Security violations certainly aren't limited to Internet banks - they affect all banks which conduct transactions over the web" Chris Fedde, a senior vice-president of the enterprise division at Safe Net, an internet security company. "The worrying thing is that breaches happen on an alarmingly frequent basis."
The factors which are influenced due to the Internet Security in a nation are:
• Credit card fraud
• Website defacing
• Spam coming in
• Packet sniffing
• Hacking private information on your network
• Email relaying
• Virus attacks
These are few security threats, but most these problems can be solved using technical methods and few security threats can be covered by laws (Rhee, 2003). These security threats might be solved using Secure Socket Layer and also by making people aware of the frauds.

Secure Socket Layer
Secure Socket layer was developed by Netscape in 1994. The main goal of Netscape was to create encrypted path between client and server regardless of operating system. Netscape also designed SSL to take advantage of new encryption schemes as they become available, such as the recent adoption of the Advanced Encryption Standard, which replaced the Data Encryption Standard (Jones, 2002).
SSL uses both public-key and symmetric-key encryption technologies. Public-key technology steadily authenticates clients and servers, they also securely deal secret symmetric keys used in the encryption sessions. Symmetric-key encryption is much faster than public-key encryption technologies. So to encrypt the data symmetric key is used. SSL works with transport layer in the OSI model which supports the application layer, where both web browser and server operate (Michael, 2003)
Secure socket layer is a combination of two protocols:
• Record protocol
• Handshake protocol.
The record protocol controls the flow of data between two end points of SSL session. The handshake protocol is used to authenticate the two end points of the SSL session where it can encrypt and decrypt the data. SSL uses cryptography, certificates and SSL handshake protocol to authenticate the end SSL session (Shostack, 1995)

How SSL Works? Figure 1: Working of Secure Socket Layer (Network World, 1994)
As shown in Figure 1, first, the user sends a request to web server then the server checks for the user’s digital signature that contains public key. The server also checks for the expiration date of the certificate and issuer of the certificate with the trusted Certification Authority (CA). After conforming that, the user’s public key and signature is a valid one, the server then creates a secret key and encrypts it using the user’s public key and sends it to the user. The key which is created by the server is encrypted with the user’s key, so this can only be decrypted by the user. Then by using that key communication between web browser and web server would be done.
What is a “certificate” in SSL certificate?
It is a data structure that consist all the information about an organization which created it. It is cryptographically signed and can never be forged by fraudsters or hackers. For any website to be secure from fraudsters it should have a certification which should be purchased from the certification authority such as Verisign (Addison, 2002).
What is an SSL certificate?
Secure Socket Layer (SSL) is the normal security technology for creating an encrypted connection between a web server and web browser. SSL Certificates give a website the ability to communicate securely with its web customers. Without a certificate, any hacker and fraudsters can intercept and view the information which is send from the user’s computer.
The data between web server and browser remains private and secure. SSL is used by many websites to protect customers from hackers when they do online transactions. In order to generate a SSL link, a server requires SSL certificate. When you want to activate SSL on your browser there would be few queries about the identity of website and name of the company. Then the web browser automatically creates two keys- a Private and a Public key. It is said to be private because it can only be accessed by a key holder and very secure (Shostack, 1995).
The Public Key need not be placed secretly and is placed into a Certificate Signing Request (CSR) – a data file contains also the details when you order for SSL certificate, you need to submit the CSR to SSL. Then the Certificate Authority (CA) will view the details and issue an SSL Certificate containing your details and allowing you to use SSL. Your web server will match your issued SSL Certificate to your Private Key. Then the web browser will establish an encrypted link between the website and customers web browser (Network World, 1994)
The SSL certificate interaction with web browser and web server (see Figure 2):
• The browser checks whether the site you are connecting is real site and not intercepting by making sure that it has a certificate.
• The encryption types for the browser and website server should be easy to understand.
• Browser and Server use unique codes while the encrypted information is sent.
• The web browser and web server can now use encrypted messages to communicate with each other. The browser shows an encrypted icon in the address bar then it is conformed that the web pages are processed securely.( The Next Generation High Assurance SSL Certificate) Figure 2: Interaction of SSL certificate (The Next Generation High Assurance SSL Certificate METHODOLOGY
The Internet provides opportunities for small businesses to compete with larger business effectively and efficiently. At the same time well-organized fraudsters are targeting websites to obtain sensitive data and personal customer information via the Internet, creating security privacy concerns. The majority of the studies found were investigating the effects of security breaches on banking sectors and other global organizations. The purpose of this study is to survey and investigate user’s satisfaction on internet security by using Secure Socket Layer (SSL) and to make people aware of internet frauds.
Selection of subjects
The subjects for this study will be a sample of online user’s. The researcher will choose a sample of user’s, who use websites enabled with SSL certificate filters for transactions of personal or confidential data. The sample will transfer data through websites that have been used for the past few years. Thousand users will be selected using a random sampling method. The sample selected transacts data from the websites which use SSL certificate filters, the researcher feels confident that if sample’s data is not been hacked then the overall online users data will be secure from fraudsters.
Instrumentation
The research instruments in the proposed study will include: 1) online security survey; 2) face-to-face interviews; and 3) security breaches log sheet.
The first instrument is a survey which will be used to assess data on security of websites. Most of the items included in the survey instrument will include open-ended questions. It will attempt to discover whether they are aware of security breaches, internet frauds, and their knowledge of Secure Socket Layer (SSL) and its certificates. First, the survey will determine if there are any security breaches in the website (e.g., theft of information, web site defacement, denial-of-service attacks, and virus attacks). The survey instrument will also include questions to find out: Whether the website is secured using Secure Socket Layer Certificate or not. Another question that will be administered is how many websites use Secure Socket Layer (SSL) certificates to protect confidential data of online users from fraudsters. Current strategies used by the website to secure customer information will also be investigated and analyzed. The second instrument will be a face-to-face interview with network administrators who maintain those websites which mainly deals with security. They will be contacted and an appointment for the interview and the location for the interview are scheduled. The face-to-face interview will also include many open-ended questions similar to those administered in the initial survey instrument, including the general awareness of internet frauds and security attacks on the website.
The interview will attempt to gain an in-depth perception of what are SSL certificates? And how users are satisfied with security provided by SSL authentication? The interview will also include a discussion on the types of security breaches that cause the most problems for a website. This will also include whether they can see any difference in websites which use SSL certificates. Another question includes whether Secure Socket Layer certificate is reliable or not for a website. The third instrument is a security breaches log sheet which will be used to record the type of security breaches, when does the security breaches occur. This instrument will be handed over to the person who has been selected from a sample of online users after the survey.
Method
The complete study will be conducted over a period of twelve months. The online security survey and face-to-face interview research instruments will be used at the beginning of the study, and third instrument security breaches log sheets will be given to the subjects at beginning of the study to record security breaches using Secure Socket Layer during the twelve months period. The survey research instrument used at the beginning of the study is also used at the end of the study as well.
The purpose of this strategy is to analyze user’s satisfaction on internet security by using Secure Socket Layer (SSL) and to make people aware of internet frauds. All three instruments will be distributed online and comments of selected experts in this field are considered as a measure of validity. After validation, the survey instrument will be administered via internet and sample selected will be asked to complete and return the survey within 30 days. Other information and directions on completing the survey will be included in a cover letter.
The subjects who respond to the online survey will be contacted to conduct face-to-face interviews. At the end of the interview log sheets will be handed over to samples to record whether there are any security breaches even by using SSL and any changes that may happen during the year. The researcher will also gain permission to do an exit survey at the end of the twelve month period and request online users to maintain security breaches log sheets and return them along with exit survey. After twelve months the researcher will mail the security survey instrument through internet, and online users will be asked to complete and return the survey within 15 days along with the security breaches log sheets they maintain during the year. Other information and directions on completing the survey will be included in a cover letter. ANALYSIS
The data will be compiled and tabulated from the survey and interview instruments to answer the research questions 1, 2, 3, and 4. To answer the research question 5, the data will be divided into two groups to compare whether there is any correlation between websites which provide security by using SSL certificate against those websites that do not use SSL certificates to provide security from fraudsters. Finally to answer the research question 6, data which are gathered from all surveys will be validated and concluded whether users are satisfied with security provided by SSL authentication or not. T-tests will be used to determine whether users are satisfied by using Secure Socket Layer and its certificate to provide security to websites.
REFERENCE
Addison, R. D. (2002). Website Cookbook. Retrieved April 16, 2007, from http://books.google.com/books?vid=ISBN0596101090&id=y-HXEhZWdm8C&pg=PA206&lpg=PA206&ots=2coSy36mke&dq=define:SSL+Certificate&sig=vv_NA9ABt-0EwA8TIPpfRzY6BhE#PPA206,M1 Bangia, R. (2005). Internet and Web design. Retrieved April 17, 2007, from http://books.google.com/books?vid=ISBN8170085454&id=ExdHftLjETQC&pg=PA1&lpg=PA1&ots=VTIPnwR_qh&dq=History+of+internet&sig=YeBj4366gsH0LrBBahmQ3KPIsnc#PPA2,M1
BitEngines. (2002). Quality SSL. Retrieved March 25, 2007, from http://www.qualityssl.com/pdf/ssl_guide_intro_1.00.pdf Charles, J. (2005). Feds demand better online security by 2007. Retrieved March 25, 2007, from http://arstechnica.com/news.ars/post/20051018-5451.html
Internet Fraud Watch. (2001). Retrieved March 20, 2007, from http://www.fraud.org/internet/intalert.htm Internet Security Solutions. (2004). Retrieved April 20, 2007, from http://www.anonic.org/internet-security-solution.html Jones, A. (2002).SSL Demystified. Retrieved April 4, 2007, from http://www.windowsitpro.com/Articles/ArticleID/16047/16047.html?Ad=1
Knipp, E. (2002). Managing Cisco Network Security. Retrieved April 04, 2007, from http://books.google.com/books?id=AkogEl1gbREC&pg=PA346&ots=HRmWtLgQy3&dq=Cisco+Networking+Simplified,+Networking+and&sig=88vZDNT-jjsYYrVzXN1zglUZ6Bk Michael, H. (2003).Introducing Secure Socket Layer Protocol. Retrieved April 02, 2007, from http://diuf.unifr.ch/ds/michael.hayoz/docs/hayozm_ssl.pdf
Morgan, S. (2006). Consumers Want Better Online Banking Security.
Retrieved March 24, 2007, from http://www.consumeraffairs.com/news04/2006/04/online_banking_security.html
Network World. (1994).Retrieved March 25, 2007, from http://www.networkworld.com/details/473.html
Rhee, M. Y. (2003). Internet Security. Retrieved March 19, 2007, from http://books.google.com/books?id=bJJUVNGbrLsC&dq=internet+security Giacomello,G. (2005). National Governments and Control of the Internet. Retrieved April 02, 2007, from http://books.google.com/books?id=pLebIkWNfgMC&printsec=frontcover&dq=Warriors+%26+Hackers:+Writing+the+History+of+the+Internet
Shostack, A. (1995), An Overview of SSL. Retrieved March 20, 2007, from http://www.homeport.org/~adam/ssl.html Perkins, C.S. (1999). Internet Terminology and Definitions. Retrieved March 20, 2007, from http://www.rci.rutgers.edu/~au/workshop/int-def.htm The Next Generation High Assurance SSL Certificate. (NoDate). Retrieved April 4,
2007, from http://www.evsslcertificate.com/ssl/description-ssl.html