Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Crytography Chapter 8.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Cryptography and Network Security Chapter 17
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 24.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
ELC 200 Day 24. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Day 24 Agenda Student Evaluations Should be progressing on Framework –Scheduling.
ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 8 Web Security.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment ELC 200 Day 24.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Supporting Technologies III: Security 11/16 Lecture Notes.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Introduction Cryptography: process of making and using codes to secure transmission of information Encryption: converting original message into a form.
Linux Networking and Security Chapter 8 Making Data Secure.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Types of Electronic Infection
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
ELC 200 Day 11. Agenda Questions? Assignment 3 is Not Corrected  Missing assignments Assignment 4 is posted  Due March 9:30 AM  Assignment4.pdf.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Digital Signatures and Digital Certificates Monil Adhikari.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
ELC 200 Day 11. Agenda Questions? Assignment 3 Due Assignment 4 posted (3 more to go)  Due Oct 19  Assignment4.pdf Assignment4.pdf Quiz 2  Oct 15 
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
IS3230 Access Security Unit 9 PKI and Encryption
CompTIA Security+ Study Guide (SY0-501)
Cryptography and Network Security
Fluency with Information Technology Lawrence Snyder
Cryptography and Network Security
Presentation transcript:

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22

13-2 © 2007 Prentice-Hall, Inc End of days? (subject to change) Dec 3 –Chap 14 Encryption –Assignment 8 Due Dec 6 –Chap 14 Encryption –Student Course Evaluations –Assignment 9 posted –CyberProtect Simulation Dec 10 –Chap 15 Getting the Money Dec 13 –Quiz 4 –Optional assignment 9 due Dec 18 (Tuesday) –10 AM eCommerce frameworks due –Student presentations 5 Mins each

13-3 © 2007 Prentice-Hall, Inc Agenda Assignment 8 Due Assignment 9 –Will be posted Dec 6 and Due Dec 13 –Optional  replace lowest assignment grade. Ecommerce Initiative Frameworks –GuidelinesGuidelines –Due DEC 10 AM Discussion on Encryption

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-4© 2007 Prentice-Hall, Inc Encryption: A Matter of Trust

13-5 © 2007 Prentice-Hall, Inc The focus of this chapter is on several learning objectives Understanding the basic algorithm used in encryption Issues in public-key cryptography Tools used for authentication and trust Brief coverage of the main Internet security protocols and standards Implications and future of encryption in e- commerce

13-6 © 2007 Prentice-Hall, Inc What Is Encryption? A way to transform a message so that only the sender and recipient can read, see, or understand it Plaintext (cleartext): the message that is being protected Encrypt (encipher): transform a plaintext into ciphertext Encryption: a mathematical procedure that scrambles data so that it is extremely difficult for anyone other than authorized recipients to recover the original message Key: a series of electronic signals stored on a PC’s hard disk or transmitted as blips of data over transmission lines –Plaintext + key = ciphertext –Ciphertext – key = Plaintext

13-7 © 2007 Prentice-Hall, Inc Symmetric Key Encryption Message “Hello” Encryption Method & Key Symmetric Key Party A Party B Interceptor Network Encrypted Message Encryption uses a non-secret encryption method and a secret key

13-8 © 2007 Prentice-Hall, Inc Simple example (encrypt) Every letter is converted to a two digit number –A=1, Z = 26 –ANTHONY  –Produce any 4 digit key  3654 –Add together in blocks of 4 digits – = 3768 – = 5662 – = 5168 – = 6154 (pad with 00 to make even) Send to fellow Spy

13-9 © 2007 Prentice-Hall, Inc Simple example (Decrypt) Received from fellow Spy –Break down in 4 digits –Get right Key  3654 –Subtract key from blocks of 4 digits – = 114 – = 2008 – = 1514 – = 2500 –If result is negative add Break down to 2 digits and decode –01 = A, 14 =N, 20 = T, 08 = H BuckRogers.xls

13-10 © 2007 Prentice-Hall, Inc Public-Key Infrastructure (PKI) Creates the ability to authenticate users, maintain privacy, ensure data integrity, and process transactions without the risk of repudiation PKI satisfies four security needs –Authentication - identifies or verifies that the senders of messages are, in fact, who they claim to be –Integrity - verifies that neither the purchase amount not the goods bought are changed or lost during transmission –Nonrepudiation - prevents sender and vendor in a transaction of communication activity from later falsely denying that the transaction occurred –Privacy - shields communications from unauthorized viewing or access

13-11 © 2007 Prentice-Hall, Inc Basic Encryption Algorithm Both sender and receiver have to know the rules used to transform the original message or transaction into its coded form A set of rules for encoding and decoding messages is called a cipher (or cyper) A message can be decrypted only if the decryption key matches the encryption key A 6-bit key allows for only 64 possible numeric combinations(2 6 ) The standard 56-bit DES encryption code can be cracked on a high-speed computer in a few hours 100 bit key has possible keys

13-12 © 2007 Prentice-Hall, Inc Classes of Algorithms Secret-key (symmetric) encryption : encryption system in which sender and receiver possess the same key; the key used to encrypt a message also can be used to decrypt it Stream cipher : a symmetric algorithm that encrypts a single bit of plaintext at a time Block cipher : a symmetric algorithm that encrypts a number of bits as a single unit Public-key (asymmetric) encryption : encoding/decoding using two mathematically related keys or key-pairs; one public key and one private key Key-pairs can be used in two ways: –To provide message confidentiality –To prove the authenticity of the message originator

13-13 © 2007 Prentice-Hall, Inc Message Confidentiality Using a Key-Pair

13-14 © 2007 Prentice-Hall, Inc Public Key Encryption Public Key Encryption for Confidentiality Encrypted Message Encrypted Message Party A Party B Encrypt with Party B’s Public Key Decrypt with Party B’s Private Key Decrypt with Party A’s Private Key Encrypt with Party A’s Public Key Note: Four keys are used to encrypt and decrypt in both directions

13-15 © 2007 Prentice-Hall, Inc Common Cryptosystems RSA Algorithm is the most commonly used public-key algorithm, although it is vulnerable to attack Data Encryption Standards (DES) is a popular secret-key encryption system; the first to be widely adopted commercially Triple DES (3DES) is a stronger version of DES that uses three 56-bit keys to encrypt each block of plaintext RC4 is a variable-length cipher widely used on the Internet as a bulk encryption cipher in SSL protocol IDEA is a strong encryption algorithm using a 128-bit key to encrypt 64-bit blocks; resistant to brute-force attack

13-16 © 2007 Prentice-Hall, Inc Major Attacks on Cryptosystems Chosen-plaintext attack Known-plaintext attack Ciphertext-only attack Third-party attack

13-17 © 2007 Prentice-Hall, Inc Authentication and Trust Digital Signature is a special signature for signing electronic correspondence, produced by encrypting the message digest with the sender’s private key Authentication is verifying that a message or document, in fact, comes from the claimed sender Hash function is a formula that converts a message of a given length into a string of digits called a message digest Cryptographic hash functions are generally used to construct the message digest

13-18 © 2007 Prentice-Hall, Inc The Digital Signature Process

13-19 © 2007 Prentice-Hall, Inc Digital Certificates Digital certificates are the heart of secure online transactions A digital certificate is a software program that can be installed in a browser Your digital certificate identifies you to Web sites equipped to check it automatically Digital certificate is an electronic document issued by a certificate authority to establish a merchant’s identity Certificate authority (CA) is a trusted entity that issues and revokes public-key certificates and manages key-pairs

13-20 © 2007 Prentice-Hall, Inc Verifying a Digital Signature

13-21 © 2007 Prentice-Hall, Inc Four Classes of Digital Certificates Class 1 certificates contain minimum checks on the user’s background Class 2 certificates check for information like real name, Social Security number, and the date of birth Class 3 certificates are the strongest type Class 4 certificates are the most thorough

13-22 © 2007 Prentice-Hall, Inc Managing Cryptographic Keys Key management is the process of making keys known to the systems that need them and making sure keys are protected against disclosure or substitution Key Life Cycle –Key generation and registration –Key distribution –Key backup and recovery Key escrow : location where keys held in trust by a third party reside Notary service : company that provides encryption-oriented services including key escrow, key recovery, time stamping, trusted intermediary, and archiving –Key revocation and destruction

13-23 © 2007 Prentice-Hall, Inc Third-Party Services Certificate authority verifies certificates intended for use by other distinct legal entities Certificate policy is a set of rules that identifies how, when, and for what reasons certificates are used within the assigned organization Directory service is a repository that distributes certificates as requested by message originators

13-24 © 2007 Prentice-Hall, Inc Internet Security Protocols Two key protocols for secure World Wide Web transactions are: –Secure Socket Layer (SSL) is a portocol for secure Web transactions, secures data packets at the network layer –Secure HTTP (S-HTTP) is a protocol that secures Web transactions and nothing else Secure Electronic Transaction (SET) is a protocol used for handling funds transfers from credit card issuers to a merchant’s bank account –A digital certificate customers can request from their issuing bank by filling out a form on the bank’s Web site –A digital wallet is an online shopping device that seals personal information in a free plug-in that can be invoked when making a purchase

13-25 © 2007 Prentice-Hall, Inc Secure Pretty Good Privacy (PGP) is a protocol that encrypts the data with a one-time algorithm and then encrypts the key to the algorithm using public-key cryptography S/MIME (Multipurpose Internet Mail Extension) is a powerful protocol that provides security for different data types and attachments to s Message Security Protocol (MSP) is a protocol that secures attachments across multiple platforms

13-26 © 2007 Prentice-Hall, Inc Implications for E-Commerce Developing high-powered and reliable encryption methods is a top priority for many organizations Most encryption systems have prevention as the sole means of defense Merchants face a number of choices when considering encryption methods A major concern is the cost associated with different encryption methods Government regulations present considerable problems for businesses

13-27 © 2007 Prentice-Hall, Inc Chapter Summary Encryption addresses message transmission security requirements Encryption satisfies requirements for authentication, integrity, and nonrepudiation There are two classes of key-based algorithms –Secret key –Public key Cryptanalysis is the science of deciphering encrypted messages without knowing the right key

13-28 © 2007 Prentice-Hall, Inc Chapter Summary (Cont’d) One way to implement public-key authentication is to send a digital signature with each message A digital certificate is an electronic document issued by a certificate authority (CA) to establish a merchant’s identity by verifying its name and public key Security measures installed to minimize vulnerability to the exchange of information includes –SSL –SHTTP –SET –S/MIME

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.