Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure.

Slides:

Advertisements

Similar presentations

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Advertisements

GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |

CP3397 ECommerce.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

Cryptography and Network Security

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure.

Principles of Information Security, 2nd edition1 Cryptography.

Electronic Transaction Security (E-Commerce)

Cryptography and Network Security Chapter 17

FIT3105 Smart card based authentication and identity management Lecture 4.

Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology Lecture 10 Micropayments I.

1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.

Idongesit Ebong (1-1) Jenna Fu (1-2) Bowei Gai (1-3) Syed Hussain (1-4) Jonathan Lee (1-5) Design Manager: Myron Kwai Overall Project Objective: Design.

E-Voting Machine - Design Presentation Group M1 Bohyun Jessica Kim Jonathan Chiang Chi Ho Yoon Donald Cober Mon. Sept 29 System Hardware Component Diagram.

Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure.

Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure.

Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure.

Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure.

Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

Team W1 Design Manager: Rebecca Miller 1. Bobby Colyer (W11) 2. Jeffrey Kuo (W12) 3. Myron Kwai (W13) 4. Shirlene Lim (W14) Stage II: February 4 th 2004.

Team W1 Design Manager: Rebecca Miller 1. Bobby Colyer (W11) 2. Jeffrey Kuo (W12) 3. Myron Kwai (W13) 4. Shirlene Lim (W14) Stage II: 26 th January 2004.

Team W1 Design Manager: Rebecca Miller 1. Bobby Colyer (W11) 2. Jeffrey Kuo (W12) 3. Myron Kwai (W13) 4. Shirlene Lim (W14) Stage III: February 9 h 2004.

Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure.

Team W1 1. Bobby Colyer (W11) 2. Jeffrey Kuo (W12) 3. Myron Kwai (W13) 4. Shirlene Lim (W14) Stage I: 21 st January 2004 DESIGN PROPOSAL Presentation #1:

Chapter 8 Web Security.

Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure.

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.

E-Voting Machine - Design Presentation Group M1 Jessica Kim Chi Ho Yoon Jonathan Chiang Donald Cober Mon. Sept 8 Initial Design Secure Electronic Voting.

Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.

Electronic Payment Systems In any commercial transaction payment is an integral part for goods supplied. Four types of payments may be made in e-commerce.

Supporting Technologies III: Security 11/16 Lecture Notes.

Secure Electronic Transaction (SET)

Epayment System using Java April, Computer Security and Electronic Payment System Cho won chul Kim Hee Dae Lee Jung Hwan Yoon Won Jung.

Linux Networking and Security Chapter 8 Making Data Secure.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Cryptography By, Anthony Lonigro & Valentine Mbah.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

Chapter 20 Symmetric Encryption and Message Confidentiality.

Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.

Lecture 2: Introduction to Cryptography

Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Encrypted Transaction with Triple DES

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

1 Example security systems n Kerberos n Secure shell.

1 Original Message Scrambled Message Public Key receiver Internet Scrambled+Signed Message Original Message Private Key receiver The Process of Sending.

Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.

WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.

Cryptography and Network Security

ATM using fingerprint

Cryptography and Network Security

Cryptography and Network Security

Presentation transcript:

Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure credit card transaction using 3DES encryption using Kerberos-style authentication. Current Stage: Design Proposal 01/21/2004 Team Manager: Rebecca Miller

What’s Wrong with Credit Purchases? Point-of-sale terminals transmit your name, credit card number, and expiration dates ‘in the clear’ (unencrypted). Using Kerberos-style authentication, we can transmit encrypted information that can be verified by the card authorizer without actually containing sensitive information.

Triple Data Encryption Standard Difficult to decipher for large encryption keys Symmetric Key Cipher – encryption & decryption use same key Based on DES – a very trusted cipher Encryption utilized in new ATMs Free to use Accepted as the new standard for federal agencies in 1999

Kerberos-style Authentication Encrypt card expiration date using credit card number and secret PIN as encryption key. The data payload is arbitrary. Only the cardholder and card acquirer have the key. Provides authentication without transmitting sensitive information.

How It Works Transmit: name, merchant, price, encrypted expiration date Card company has cc# and PIN to decrypt packet If expiration date matches, purchase is approved CC# and PIN are never transmitted, but essential to authenticate

Security In Making Purchases Identity theft is a growing problem Sensitive information never transmitted Uses existing cards and phone network Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each year

Design Diagram Name Reg b’100 CC# Reg b’54 PIN Reg b’14 ExpDate Reg b’11 MerchID b’25 MerchPrice b’12 Concatenate Pin+CC# = Encryption Key 3DES encryption of Expiration Date using PIN+CC# Key Package Packager MerchID-Name-Payload- Price Output Input

Current Status Block Diagram breakdown of functions  Decisions on packet encryption(100%)  Analysis of 3DES algorithm(10%) C Language software implementation of encryption and decryption(0%) Verilog HDL(0%) Verilog Gate-level design(0%) Schematic Representation(0%) Chip Layout(0%) SPICE Simulation(0%)

Design Decisions Cardholder’s name encoded in shortened ASCII, only 32 letters (4 bytes). Merchant ID shortened to 5 letters. Merchandise Cost capped at $4,096 (12 bits) Credit Card number and PIN concatenated as key. Longer key -> Stronger encryption. Transmitted data  Unencrypted: Cardholder’s name, Merchant’s ID, purchase amount  Encrypted: expiration date

Design Alternatives Rijndael (AES) encryption algorithm  Does not comply with standard for ATMs  Larger silicon area Clock-synchronized random number key  Incompatible with current credit cards  Difficult to keep smart chip in card synchronized with server

Problems and Questions Should sensitive data (PIN and CC#) be the encrypted data or the encryption key? Less secure to encrypt purchase price, creating variable encrypted messages using the same key? Need a rough transistor count. Is this encryption difficult to crack but still manageable to realize in hardware?