Copyright © 2003 T. Trappenberg Overview E 1 E1. Security Module 1 Technology: GR01E - Electronic Commerce Overview.

Slides:



Advertisements
Similar presentations
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Web Security for Network and System Administrators1 Chapter 4 Encryption.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Chapter 8 Web Security.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.
1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Secure Socket Layer (SSL)
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Network Security David Lazăr.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
ECMM 6000, Fall 2004 net 1 Cryptography (the art of scrambling)
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Chapter 8 Network Security.
The Secure Sockets Layer (SSL) Protocol
Presentation transcript:

Copyright © 2003 T. Trappenberg Overview E 1 E1. Security Module 1 Technology: GR01E - Electronic Commerce Overview

Copyright © 2003 T. Trappenberg Overview E 2 Data security Hacker resistance Fault Tolerance Intrusion control and detection SSL Policies …

Copyright © 2003 T. Trappenberg Overview E 3 What is SSL/TSL? Secure Socket Layer/Transport Layer Security Runs commonly on top of TCP/IP A protocol that implements - privacy against eavesdroppers through encryption of messages - message integrity trough hash function - authentication through digital signatures e.g., connect to https, ssmtp, spop3 (each has a unique port number)

Copyright © 2003 T. Trappenberg Overview E 4 Netscape SSL Secure Socket Layer Microsoft PCT Private Communication Technology IETF: TLS Internet Engineering Task force Based on SSL 3.0 January 1999: Draft version 1.0 ( New standard for secure communication over the internet Goals: `Cryptographic security’ (including privacy and authentication Interoperability Extensibility Relative efficiency

Copyright © 2003 T. Trappenberg Overview E 5 TLS Protocols: TLS handshake protocol : TLS record protocol: Negotiation of - Session identifier packaging of data to be transported - Compression method - Cipher specification - Master key - Peer certificate

Copyright © 2003 T. Trappenberg Overview E 6 Authetication: either - both parties - server authentication - no authentication

Copyright © 2003 T. Trappenberg Overview E 7 Security Analysis

Copyright © 2003 T. Trappenberg Overview E 8 However: - How secure is the cryptographic protocol? (e.g. key length, …) - How is authentication handled (e.g. switched on?, signature verification, …) - Implementation errors

Copyright © 2003 T. Trappenberg Overview E 9 E2. Cryptography Module 1 Technology: GR01E - Electronic Commerce Overview

Copyright © 2003 T. Trappenberg Overview E 10 Dear Jean, I love you George This is $1000 Dollar (US!!)

Copyright © 2003 T. Trappenberg Overview E 11 Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures Trust networks Cryptography Basics

Copyright © 2003 T. Trappenberg Overview E 12 Confidentiality (how can I make sure that an eavesdropper can not read my message) Message integrity (how do I know that the message has not been modified on its travel?) Authentication (how do I know that the message is from a particular person?)

Copyright © 2003 T. Trappenberg Overview E 13 guvf zrffntr vf frperg __is __ss___ is s_____

Copyright © 2003 T. Trappenberg Overview E 14 Relative frequency of letters in English text

Copyright © 2003 T. Trappenberg Overview E 15 this message is secret guvf zrffntr vf frperg __is _ess__e is se__e_ __is __ss___ is s_____ this _ess__e is se__et abcdefghijklmnopqrstuvwxyz nopqrstuvwxyzabcdefghijklm ROT13 algorithm (cipher):

Copyright © 2003 T. Trappenberg Overview E 16 Definitions (Encryption, Decryption, Plaintext, Ciphertext) EncryptionDecryption PlaintextCiphertext Original Plaintext Types of cipher: Stream cipher –Each bit (or byte) is encrypted or decrypted individually –Simple substitution ciphers (ROT13, XOR) Block cipher –A sequence of bits (or bytes) is used at each step in the encryption and decryption process (DES, AES)

Copyright © 2003 T. Trappenberg Overview E 17 EncryptionDecryption PlaintextCiphertext Original Plaintext Key EncryptionDecryption PlaintextCiphertext Original Plaintext Encryption Key Decryption Key Symmetric Key Algorithms Public Key Cryptography

Copyright © 2003 T. Trappenberg Overview E 18 Symmetric Key Algorithms General: Substitution (ROT13, Cryptoquotes) Transposition XOR One Time Pad Specific algorithms: DES (data encryption standard, 56-bit key, Triple-DES) IDEA (international data encryption algorithm, 128-bit key, patents) RC2, RC4, RC5 (Ronald Rivest RSA, variable key length) Rijndael (AES) (advanced encryption standard adapted in 2001) } most practical algorithms use a combination of these

Copyright © 2003 T. Trappenberg Overview E 19 Rijndael: Iterated Block Cipher 10/12/14 times applying the same round function Round function: uniform and parallel, composed of 4 steps Each step has its own particular function: - ByteSub: nonlinearity - ShiftRow: inter-column diffusion - MixColumn: inter-byte diffusion within columns - Round key addition

Copyright © 2003 T. Trappenberg Overview E 20 What is an appropriate length for a key?

Copyright © 2003 T. Trappenberg Overview E 21 Comparison of cryptographic algorithms

Copyright © 2003 T. Trappenberg Overview E 22 Key distribution problem Solutions: Doubly padlocked box exchange Diffie-Hellman key exchange Public-key cryptography (RSA, elliptic curve cryptography)

Copyright © 2003 T. Trappenberg Overview E 23 AliceBob Secret part generation One-way function Swap Key generation

Copyright © 2003 T. Trappenberg Overview E 24 AliceBob Secret part generation Choose a secret number A=3 Choose a secret number B=6 One-way functionUse one-way function a=7 A (mod 11)=2 Use one-way function b=7 B (mod 11)=4 Swap b=4a=2 Key generationAnother one-way function k=b A (mod 11)=9 Another one-way function k=a B (mod 11)=9

Copyright © 2003 T. Trappenberg Overview E 25 The Diffie-Hellman key exchange was the first widely recognized solution to the key exchange problem Can only be used to exchange key. Symmetric key cryptographic methods can be used to exchange secret messages Fairly elaborate exchange of messages

Copyright © 2003 T. Trappenberg Overview E 26 Public Key Cryptography A public key - private key pair are used, one for encryption and the other for decryption

Copyright © 2003 T. Trappenberg Overview E 27

Copyright © 2003 T. Trappenberg Overview E 28 Public Key: n - product of two primes, p and q (p and q are secret) e - relatively prime to (p-1)(q-1) Private Key: d - e -1 mod ((p-1)(q-1)) Encrypting: c = m e mod n Decrypting: m = c d mod n Public Key Cryptography (a la RSA) A public key - private key pair are used, one for encryption and the other for decryption Let p=3, q=11 n=pq=33 e must be relatively prime to (p-1)(q-1)=20 choose e = 7, then d = 7 -1 mod 20 = 3 Plaintext is 3,4,2 (m 1 =3, m 2 =4, m 3 =2) c 1 =m 1 e mod n = 3 7 mod 33 = 9 c2 = m2 e mod n = 4 7 mod 33 = 15 c3 = m3 e mod n = 2 7 mod 33 = 29 Ciphertext is 9,15,29 m 1 =c 1 d mod n = 9 3 mod 33 = 3 m 2 =c 2 d mod n = 15 3 mod 33 = 4 m 3 =c 3 d mod n = 29 3 mod 33 = 2 Plaintext is 3,4,2 Example:

Copyright © 2003 T. Trappenberg Overview E 29 PGP: Pretty Good Privacy Philip Zimmermann Implementation of best available cryptographic algorithms for confidentiality and authentication and integration into a freely available general-purpose application Package, source code, and documentation available on the web Low-cost commercial version from Network Associates Includes AES, 3DES, CAST, IDEA; RSA DSS, Diffie-Hellman; SHA1; key management, …

Copyright © 2003 T. Trappenberg Overview E 30 Message Digests & Hash function A message digest is a one-way function which maps the information contained in a (small or large) file to a single large number, typically between 128 bits and 256 bits in length. A good message digest function should have the following properties: –Every bit of the output is influenced by every bit of the input –Changing a single bit in the input results in every output bit having a 50% chance of changing –Given an input file, its corresponding digest, and the digest function, it is computationally infeasible to produce another input file which maps to the same digest

Copyright © 2003 T. Trappenberg Overview E 31

Copyright © 2003 T. Trappenberg Overview E 32 Message Digests (continued) Standard encryption algorithm e.g. use last block in cipher feedback mode Provide good message digest code Computationally more demanding than other specialized functions MD5 One widely used message digest algorithm from a series of algorithms developed by Ronald Rivest Does not rely on a secrete key and is therefore not suitable as MAC without further provisions HMAC The Hashed Message Authentication Code uses a shared secret key in combination with a message digest function to produce a secret message authentication code Since an attacker doesn’t know the secret, the attacker cannot produce a correct authentication code if they alter the message Fast to calculate, can be used as digital signature. However, a shared secret key is used. SHA-1 Developed by the NSA for use with the Digital Signature Standard

Copyright © 2003 T. Trappenberg Overview E 33 Message Digest Algorithm Hash Block Cipher Message Authentication Code MACMessage Secret Key Operation of a message digest function to produce a message authentication code

Copyright © 2003 T. Trappenberg Overview E 34 Private Key Message Hash Function Digest Encrypt Signature Message Signature Hash Function Decrypt Public Key Message Actual Digest Expected Digest If actual and expected match, the signature is verified OriginatorRecipientTransmitted Message RSA Digital Signature

Copyright © 2003 T. Trappenberg Overview E 35 Types of authentication What you know (username and password) What you have (token, smart card) What you are (biometrics) Where you are (location security)

Copyright © 2003 T. Trappenberg Overview E 36 Digital Certificates Need a system for pairing public keys to identification information Certification authority (or trusted third party) issues a certificate which pairs identification information with a public key, signed with the certification authority’s private key User must trust the certification authority, and have a valid copy of the certification authority’s public key

Copyright © 2003 T. Trappenberg Overview E 37 Digital Certificates (continued) Subject Identification Information Certification Authority Name Certification Authority’s Digital Signature Subject Public Key Value Certificate Certificate Authority’s Private Key Generate Digital Signature

Copyright © 2003 T. Trappenberg Overview E 38 Certification Paths More than one Certification Authority will be required If CAs trust one another, they can issue certificates for each other’s public keys This leads to a recursively defined path from a user under one CA to a user under another CA

Copyright © 2003 T. Trappenberg Overview E 39 Certification Paths (continued) Root Public Key (Certification Authority A) Subject = Certification Authority B Subject Public Key Issuer = Certification Authority A Public – Private Key Pair Bob Certificate 1 Subject = Certification Authority C Subject Public Key Issuer = Certification Authority B Certificate 2 Subject = Bob Subject Public Key Issuer = Certification Authority C Certificate 3 Public Key user

Copyright © 2003 T. Trappenberg Overview E 40 X.509 Certificate Format Versions 1 and 2 Version (of certificate format) Certification Authority’s Digital Signature Certificate Certificate Authority’s Private Key Generate Digital Signature Certificate Serial Number Signature Algorithm Identifier Issuer’s X.500 Name Validity Period Subject’s X.500 Name Subject’s Public Key Information Algorithm Identifier Public Key Value Issuer Unique Identifier Subject Unique Identifier Not in Version 1

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.