Network Security Tutorial-17 Design Fundamentals E-Commerce ET-IDA-082 17.07.2019, v13, Prof. W. Adi
Problem 1: Secure Electronic Transaction (SET) Protocol: A scenario of electronic transaction deploying the SET protocol is introduced respectively through the figures A, B and C. I. Dual Signature (figure A) All starts at the costumer side. In this first stage a dual signature should be issued. The Hash function used in the Dual Signature scheme is: H(x) = x3 mod 91 Compute the message digest of the Payment Information : PIMD Compute the message digest of the Order Information : OIMD Find the customer signing key PRc. RSA public key system is used, with a costumer’s open modulus Nc= 13 x 7 = 91 and a costumer’s public key PUc= 13. Compute the dual signature II. Purchase Request generation (Figure B) A request message is sent by the costumer to the merchant. One of the elements of this request message is the Digital Envelope (a temporary symmetric key encrypted using the customer‘s bank public key PUc). 5. Determine the bank signing key PRb . RSA public key system is used, with a bank open modulus Nb= 13 x 11 = 143 and a bank public key PUb= 17. 6. Generate the Digital Envelope . Ks=22. II. Purchase Request Validation on Merchant Side (Figure C) 7. Perform the verification mechanism done by the merchant by comparing POMD generated through the PIMD hashing with the POMD generated through the decryption of the Dual Signature.
SET: Customer Dual Signature PI= 224 ? ? OI= 13 ? RSA: setup Nc = 13 x 7= 91 PUc = 13 PRc = ? H(x) = x3 mod 91 Source: Stalling Fig. A
SET Customer’s Purchase Request to Merchant Ks= 22 RSA system setup Nb = 13 x 11= 143 PUb = 17 PRb = ? Passed on by merchant to payment gateway (Bank) ? Digital Envelope (DE) = ? ? Received by the Merchant Fig. B Source: Stalling
SET Purchase Request Validation on Merchant Side Passed on by merchant to payment gateway (Bank) H(x) = x3 mod 91 OI= 13 ? ? Fig. C Source: Stalling 5
1) H(x) = x3 mod 91, PI = 224 , PIMD =2243 mod 91 = 14 Solution φ (Nc) PUc b1 b2 q r 72 13 1 5 7 -5 6 -11 1) H(x) = x3 mod 91, PI = 224 , PIMD =2243 mod 91 = 14 2) OI = 13 , OIMD = 133 mod 91 = 13 3) RSA: setup, Nc = 13 x 7= 91 PUc = 13 PRc = PUc-1 mod φ (Nc) PRc =7-1= -11 mod 72 = 61 4) POMD = H(PIMD||OIMD)= 14133 mod 91= 27 Dual Signature DS: DS= (POMD)PRc mod Nc = (27)61 mod 91= 27 5) RSA: setup, Nb = 13 x 11= 143, PUb= 17 PRb = PUb-1 mod φ (Nb) PRb =17-1=-7 mod 120 = 113 6) Digital Envelope = E(Ks) = (Ks)PUb mod Nb = (22)17 mod 143 = 55 7) POMD = H(PIMD||OIMD)= 14133 mod 91= 27 (DS)PUc mod Nc = (27)13 mod 91 = 27 = POMD φ(Nb) PUb b1 b2 q r 120 17 1 7 -7 6
Problem 2: Blind Signature: A bank B is required to sign blindly a bill of 10€ (M=10). 1. The bank publishes his public key e=13 and his modulus as m=77, keeping both prime products p=11 and q=7 secret. Compute the banks secret key d. Bank client user A selects a random r for the blinding factor BF from the list (21,22,4) and give the reasons for a correct selection. 3. Make all necessary computations to calculate a blinded message BM sent to the bank. 4. Let the bank sign the blinded message BM and generates a blindly signed response BSR . Compute BSR. 5. Make the necessary computations by user A to extract the blind signature BS for M=10 and give the blindly signed bill in numerical form. 6. Verify the bill validity when received by other party by using the open directory. MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen?
Blindly signing a Message M of user A by user B Solution Blindly signing a Message M of user A by user B Blinding Factor Open directory Authority Public key is: e Arithmetic modulo is: m m = p q (RSA Modulus) Select a random unit r gcd(m,r) = 1 Blinding factor BF BF= re mod m Private key d D= e-1 mod φ(m) d.e = 1 mod φ(m) User A User B BM = M re mod m BMr = (BM)d BMr = Md r BMr= (BM)d mod m BS = (BMr) r-1 BS = Md 8
The bank B blindly signs a message M from user A Open directory Bank’s public key e = 13 Arithmetic modulo m= 11x 7= 77 Message/Value = M = 10 1. Bank discrete key computation: D = e-1 mod φ(m) φ(m) = φ(77)=φ(7.11)=(7-1)(11-1)=60 d = 13-1 mod 60=-23=37 Private key d = 60-23 = 37 2. Blinding factor selection: gcd(r,77)=1 => r =4 r-1 =4-1= -19 mod 77 = -19 +77= 58
BF= re mod m = 413 mod 77 = 53 BSR = Md r mod m =40 3. Bank: User B Blinding Factor BF Bank: User B BF= re mod m = 413 mod 77 = 53 BM = M. BF mod m = 10 . 53 mode 77 = 68 Y2 = (Y1)d = Md r = (68)37 mode 77 = 40 4. BSR = Md r mod m =40 4-1 mod 77 5. BS = BSR r-1 = 40.58 mod 77 = 10 BS = Md = 10 13-1 mod 60 6. Blindly Signed check: ( M, BS ) : ( 10, 10 ) Verification (BS)e = M (10)13 mod 77 = 10=M that is M is authentic
Problem 3: Full SET Transaction: SET Dual Signature scheme is to be designed with the following parameters: Hash function: H(x) = x2 mod 107 Multiplicative Cipher: EK(M) = K. M mod 127 A Certification Trusted Authority CA should certify all SET usable public keys by using RSA setup and signature scheme: For any user such as A , the public A-Information based on RSA are: Ea : Public key Na : Public value A: User IDA or User Serial Number SNA . Info of A‘s certificate: Inf-A = A || Ea || Na The cetificate of a user A is defined as folllows: Cert A =< Inf-A , { H(Inf-A) }CA> { . }CA denotes a signed message by CA by using CA’s secret key Problem requirements: Run all SET protocols needed to execute a full transaction: Use Ks= 99 If any other system parameters are necessary and missing, design your own assumptions with full reasoning.
RSA setup for CA: pCA, qCA = 11, 29 NCA= 11 x 29 = 319 , φ(NCA) = (11-1)(29-1)= 280 ECA = 33 DCA = 17 All public keys used for SET transactions are to be certified by CA. RSA setup for Bank: pb, qb = 13, 17 Nb= 13 x 17 = 221 , φ(Nb) = (13-1)(17-1)= 192 Ebank = 61 Dbank = 85 Bank Certificate: Inf-Bank = Bank SN || Eb || Nb , where, Bank SN=134 , Eb = 61, Nb= 221 H(Inf-Bank )=H(Bank SN || Eb || Nb)=H(13461221)= 134612212 mod 107=13 DCA { H (Inf-Bank ) }CA= {13} = 1317 mod 319= 51 Certb =< Inf-Bank , { H (Inf-Bank ) }CA>=< 13461221 ,51>
RSA setup for Customer: pc, qc = 19, 11 Nc= 11 x 23 = 209 , φ(Nc) = (19-1)(11-1)= 180 Ec = 47 Dc = 23 Customer Certificate: Inf- Customer = Customer SN || EC || NC , where, Customer SN=105 , EC = 47, NC= 209 H(Inf- Customer )=H(Customer SN || Ec || Nc) =H(10547209) = 105472092 mod 107=25 DCA { H (Inf- Customer ) }CA= {25}; = 2517 mod 319= 284 CertC =< Inf- Customer , {H(Inf- Customer ) }CA> = < 10547209, 284>
SET: Customer Dual Signature Payment Information PI: PI = Visa: 122 || Price:12€ PI= 122 12 H(x) = x2 mod 107 ? ? ? Ordering Information OI: OI = Name/Addre:12|| Item:771|| Price: 12€ OI= 12 771 12 Fig. (A) Source: Stalling
From Fig. A Ordering Information OI: OI = Name/Addre:12|| Item:771|| Price: 12€ = (12 771 12) Payment Information PI: PI = Visa: 122 || Price:12€ = (122 12) Dual signature: (Fig. A) PIMD= H(PI)= 122122 mod 107 = 89 OIMD= H(OI)= 12771122 mod 107 = 102 So that, POMD= H(PI || OI)= (89102)2 mod 107 = 92 Dual Signature: DS= POMDEc mod Nc = 9247 mod 209 = 104
SET Customer’s Purchase Request to Merchant Ks= 99 Passed on by merchant to payment gateway (Bank) ? Digital Envelope (DE) = ? Verify bank’s public key ? Received by the Merchant Fig. (B) Source: Stalling
Check Purchase Request to Merchant: Fig. B Verify the bank’s public key certificate in the side of the customer Certb =< Inf-Bank , { H (Inf-Bank ) }CA> = < 13461221 ,51> Step 1: Customer computes the hash of Inf-Bank H(Inf-Bank )=H(Bank SN || Eb || Nb)=H(13461221)= 134612212 mod 107=13 Step 2: Customer verifies the CA signature of the bank’s public key. 51Eca mod NCA= 5133 mod 319=13 Check The bank’s public key is authentic Digital envelope (DE): Ks= 99 DE= KsEb mod Nb = 9961 mod 221 = 73 Payment order + Dual Signature + Information Order Digest encryption: E(PI||DS||OIMD)=E(12212||104||102)= E(122) || E(12) || E(104) || E(102) = 122x99+12x99+104x99+102x99 = 13||45||9||65 We split the overall message into chucks which are smaller than the modulo in order to be able to get the same values in time of decryption. In the decryption, make sure that you use the same chunks
SET Purchase Request Validation on Merchant Side Passed on by merchant to payment gateway (Bank) OI= 12 77112 ? H(x) = x2 mod 107 ? Fig. (C)
Check: true Order Request Verification by Merchant: Fig. C: Verify the customer Public Key certificate in the side of the merchant CertC =< Info-Costumer, { H (Info-Costumer) }CA>=< 10547209 ,284> Step 1: Merchant computes the hash of Info-Costumer H(Info-Costumer)=H(10547209)= 105472092 mod 107=25 Step 2: Merchant verifies CA signature of the custome’s public key 284Eca mod NCA= 28433 mod 319=25 Check: true The costumer public key is authentic Verification of DS in the side of the merchant: H(PIMD || H(OI)) = H(89||H(1277112))= H(89||102)= 92 (DS)Dc = 10423 mod 209= 92
SET: Bank Verifies Payment Order Passed on by merchant to gateway then to Bank Bank’s Verification Process PRb = Bank‘s Private key D Ks D PRb Source: Stalling Fig. (D)
on the side of the bank (Fig. D) Customer certificate verification: The bank verifies the Public Key certificate of the costumer (like previously done by the merchant). Digital envelop decryption: (DE)Db mod Nb =(73)85mod 221=99=Ks Payment order + Dual Signature + Information Order Digest decryption : Ks-1=68 D(13||45||9||65)=13x68||45x68||9x68 ||65x68=12212 104 102 Verification process of POMD authenticity: PIMD= H(PI)= 122122 mod 107 = 89 OIMD= 102 POMD=H(PIMD||OIMD)= H(89102)=92 Decryption of the dual signature: (DS)Dc = 10423 mod 209= 92 => POMD is authentic PI DS OIMD