Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Similar presentations


Presentation on theme: "Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with."— Presentation transcript:

1 Lesson 12 Cryptography for E-Commerce

2 Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with Core Protocols--IPsec Parallel Security Protocol--Kerberos

3 Protocol and Security: SSL HTTP TCP IP NOT SECURE SSL TCP IP HTTPFTPSMTP SECURE

4 The TCP connection (“3-way Handshake”) client Server SYN Client sends connection request, Specifying a port to connect to On the server. client Server SYN/ACK Server responds with both an acknowledgement and a queue for the connection. client Server ACK Client returns an acknowledgement and the circuit is opened.

5 SSL in Action CLIENT SERVER 1 ClientHello 2 ServerHello 3 ServerKey Exchange 4 ServerHelloDone 5 ClientKey Exchange 6 ChangeCiperSpec 7 Finished

6 SSL in Action CLIENT SERVER 4 ServerHelloDone 5 ClientKey Exchange 6 ChangeCiperSpec 7 Finished 8 ChangeCipherSpec 9 Finished

7 Protocol and Security: SHTTP HTTP TCP IP NOT SECURE SECURE HTTP TCP IP Security

8 Protocol and Security: IPSEC HTTP TCP IP NOT SECURESECURE HTTP TCP IPSEC

9 Protocol and Security: Parallel HTTP TCP IP NOT SECURE SECURE HTTP TCP IP Kerberos

10 PROTOCL COMPARISONS Separate Protocol Application Protocol Integrated with Core Parallel Protocol ABCDE A - Full security B - Multiple Applications C - Tailored Services D - Transparent to Applications E - Easy to Deploy

11 What is Cryptography Protecting information by transforming it into an unreadable format Encryption is the process that transforms the data into the unreadable format, Decryption restores it to its original format. Used to prevent information from “falling into the wrong hands” Data is only available to the people that are supposed to see it

12 Uses of Cryptography Use Keeping Secrets Providing Identity Verifying Info Service Confidentiality Authentication Message Integrity Protects Against Eavesdropping Forgery & Masquerade Alteration

13 Cryptography in Use Today SSL -- Secure Socket Layer TLS -- Transport Layer Security protocol IPsec -- Internet Protocol Security SET -- Secure Electronic Transactions Smart Cards VPN -- Virtual Private Network File or Disk Encryption Tools Remote access: SSH -- Secure Shell Digital Signature Algorithm -- DSA EMAIL: PGP -- Pretty Good Privacy PKI -- Public Key Infrastructure

14 Cryptographic Classifications Secret Key Cryptography –Symmetric Encryption –All Parties have same key Public Key Cryptography –Asymmetric Encryption –Different Keys: public and private

15 Secret Key Cryptography Symmetric Encryption Professor Student Step 4- Decipher with secret key Step 3 - Send Encrypted Message Step 2-Encipher with secret key Step 1- Secret Key Exchange occurs

16 Secret Key Cryptography PROs: – Very Secret – Key Size Determines how hard to break CONs: –Key Management is a Burden –Cryptography can be slow

17 Symmetirc Encrpytion Algorithms DESData Encryption Standard 3DESTriple-Strength DES RC2Rivest Cipher 2 RC4Rivest Cipher 4 All commonly used with SSL

18 Public Key Cryptography Digital Signatures and Public Key Encryption –Message encrypted or signed with private key of sender and public key of recipient –Recipient decrypts with own private key and sender’s public key –Only sender has the right private key so if it decrypts it must have come from the sender –NOTE: Assumes keys have not been compromised

19 Public Key Cryptography Asymmetric Encryption Step 1- Create Public and Private Keys Professor Student Step 3- Encipher with public Key Step 2 - Send Public Key to Student Step 4 -Send Encrypted Message Step 5- Decipher with private key

20 Public Key Cryptography PROs: –As Shown this Proves Identity –This Results in a Digital Signature Used to authenticate digital material Prove identity and validity of action or material CONs: –Burdensome if you need widespread use

21 Combining the Best of Both Professor Student Step 1- Create Public and Private Keys Step 1- Generate a Secret Key Step 2 - Send Public Key to Student Step 4 -Send Encrypted Message Step 5- Decipher with private key and retrieve secret key Step 3- Encipher Secret Key with Public Key

22 Uses of Public Key Cryptography Digital Signatures –Used to authenticate digital material –Prove identity and validity of action or material Transmission of symmetric key (public key encryption is generally slower)

23 Public Key Infrastructure The Mainstream method (using public key cryptography ) by which to ensure key management and reliable authentication and encryption between two objects that are communicating over a single open network

24 Public Key Infrastructure Purpose: provide an environment that addresses today’s business, legal, network, and security demands for trust and confidentiality Environment: policies, protocols, services and standards that support public key cryptogrpahy

25 Public Key Infrastructure Provides: –Strong user identification –Cryptographic Services –Evidence for non-repudiation among strangers

26 Technology Components of PKI Keys: public and private Certificate Authority (CA) –Responsible trusted 3rd party that issues, revokes, and manages digital certificates Registration Authority (RA) –Optional entity implicity trusted by a CA to validate another entity’s indentity prior to the CA issuing a digital certificate –Usually needed in large PKI deployments

27 Technology Components of PKI Digital Certificates –Fundamental to PKI –Credentials issued to an entity that uniquely identifies the entity for all others –The credentials act like a “passport” –Digital Certificates contain the entity’s public key

28 Technology Components of PKI Repository –The workhorse of PKI –Stores certificates and entity information –Provides lookup and retrieval services to an enterprise –Also handles certificate revocation list (CRL) checking

29 Other Components of PKI Policy Management Authority (PMA) –Policy Approval Authority Develops governing policy for PKI –Policy Creation Authority (PCA) Implements PKI policy through CA establishment

30 PKI Policy Primary PKI Policies –Certificate Policy (CP) What the PKI environment does Publicly available document Policy Approval Authority –Certification of Practice Statement(CPS) How the PKI environment does it Details the functions of the PKI Internal document

31 PKI in Action Certificate Authority Certificate Repository ME YOU Generate Keys Register with CA Digital Certificates Returned

32 PKI in Action Certificate Authority Certificate Repository ME YOU Encrypt With Private Key Decrypt With Public Key Send Encrypted Message Request/Get Digital Certificate

33 Summary Cryptography ensures CIA Public Key Cryptography ensures Authentication Public Key Cryptography ensures non-repudiation


Download ppt "Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with."

Similar presentations


Ads by Google