April 20023CSG11 Electronic Commerce Encryption John Wordsworth Department of Computer Science The University of Reading Room.

Slides:

Advertisements

Similar presentations

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Advertisements

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.

Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 20: Network Security Business Data Communications, 4e.

Diffie-Hellman Key Exchange

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Introduction to Public Key Cryptography

Public Key Model 8. Cryptography part 2.

Digital Certificates. What is a Digital Certificate? A digital certificate is the equivalent of your business card in the e-commerce world. It says who.

Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

每时每刻可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Cryptography, Authentication and Digital Signatures

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.

Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:

System Security: Cryptography Technologies CPE Operating Systems

Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Public Key Encryption.

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.

Copyright 1999 S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 41b Cryptography and Its Applications.

1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.

Overview of Cryptography & Its Applications

Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.

Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)

Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

BZUPAGES.COM Cryptography Cryptography is the technique of converting a message into unintelligible or non-understandable form such that even if some unauthorized.

Introduction to Pubic Key Encryption CSCI 5857: Encoding and Encryption.

April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.

Security. Cryptography (1) Intruders and eavesdroppers in communication.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

INCS 741: Cryptography Overview and Basic Concepts.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Cracking Encrypted Systems

Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure

Presentation transcript:

April 20023CSG11 Electronic Commerce Encryption John Wordsworth Department of Computer Science The University of Reading Room 129, Ext 6544

April 20023CSG12 Lecture objectives Understand the use of encryption for secret communication. Understand the principles of symmetric encryption systems. Understand the principles of asymmetric encryption systems and the use of public and private keys. Describe how the HTTPS protocol is used to set up secure communications between a client and a server. Explain how a challenge/response algorithm avoids the need for passwords to be transmitted. Describe some methods of cryptoanalysis.

April 20023CSG13 What is encryption? A means of making a text secret, so that only the sender and receiver can understand it. plain text encrypt cypher text plain text decrypt cypher text key

April 20023CSG14 Some simple(?) cryptographic systems Substitution cyphers Rearrangement cyphers Progressive cyphers Playfair codes etc

April 20023CSG15 Symmetric encryption The same key is used for encryption and decryption. The key is known only to the sender and receiver. The algorithm is (usually) well-known. Algorithms: DES, IDEA, RC4. The longer the key, the harder it is to break, but the longer it takes to operate the alogorithm. Key management is a problem.

April 20023CSG16 Asymmetric encryption Two keys are used, one public, one private. Alice freely distributes her public key, but keeps her private key to herself. Bob, wishing to communicate secretly with Alice, encrypts his plain text with Alice’s public key, using a well-known algorithm (probably RSA). The cypher text can only be decrypted with Alice’s private key, so only Alice can read it.

April 20023CSG17 The magic of RSA What is encrypted with the private key can be decrypted with the public key. Security depends on not being able to derive the private key from the public key. Needs long keys (say 1024 bits) to be secure. Is very slow compared with symmetric algorithms (DES, for example).

April 20023CSG18 Secure sockets layer and HTTPS client server I like RC4, DES, or none here’s my certificate; let’s use RC4 create RC4 key and encrypt with server’s public key here’s our RC4 key decrypt RC4 key with private key RC4-encrypted

April 20023CSG19 Challenge/response algorithm Alice wishes to use her workstation to log on to a remote system. The remote system and Alice both know Alice’s password p. The remote system computes: challenge c = CA(p), response r = RA(c, p) The remote system sends the challenge to the workstation. The workstation asks Alice for password q, computes RA(c,q), and sends it to the remote system. If q = r, Alice is admitted. The password was never transmitted.

April 20023CSG110 Cryptoanalysis Brute force attack Man-in-the-middle attack Known plain text attack Social engineering Implementation Replay

April 20023CSG111 Key points Encryption and decryption are important facilities for electronic commerce. Symmetric encryption is fast, and relies on a secret key known only to the two parties. Asymmetric encryption is slow, and relies on a public key know to all, and a private key known only to the recipient. HTTPS uses asymmetric and symmetric encryption. Encryption algorithms, keys, and messages are under constant attack from cryptoanalysts.