Download presentation
Presentation is loading. Please wait.
1
Lesson 12 Cryptography for E-Commerce
2
Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with Core Protocols--IPsec Parallel Security Protocol--Kerberos
3
Protocol and Security: SSL HTTP TCP IP NOT SECURE SSL TCP IP HTTPFTPSMTP SECURE
4
The TCP connection (“3-way Handshake”) client Server SYN Client sends connection request, Specifying a port to connect to On the server. client Server SYN/ACK Server responds with both an acknowledgement and a queue for the connection. client Server ACK Client returns an acknowledgement and the circuit is opened.
5
SSL in Action CLIENT SERVER 1 ClientHello 2 ServerHello 3 ServerKey Exchange 4 ServerHelloDone 5 ClientKey Exchange 6 ChangeCiperSpec 7 Finished
6
SSL in Action CLIENT SERVER 4 ServerHelloDone 5 ClientKey Exchange 6 ChangeCiperSpec 7 Finished 8 ChangeCipherSpec 9 Finished
7
Protocol and Security: SHTTP HTTP TCP IP NOT SECURE SECURE HTTP TCP IP Security
8
Protocol and Security: IPSEC HTTP TCP IP NOT SECURESECURE HTTP TCP IPSEC
9
Protocol and Security: Parallel HTTP TCP IP NOT SECURE SECURE HTTP TCP IP Kerberos
10
PROTOCL COMPARISONS Separate Protocol Application Protocol Integrated with Core Parallel Protocol ABCDE A - Full security B - Multiple Applications C - Tailored Services D - Transparent to Applications E - Easy to Deploy
11
What is Cryptography Protecting information by transforming it into an unreadable format Encryption is the process that transforms the data into the unreadable format, Decryption restores it to its original format. Used to prevent information from “falling into the wrong hands” Data is only available to the people that are supposed to see it
12
Uses of Cryptography Use Keeping Secrets Providing Identity Verifying Info Service Confidentiality Authentication Message Integrity Protects Against Eavesdropping Forgery & Masquerade Alteration
13
Cryptography in Use Today SSL -- Secure Socket Layer TLS -- Transport Layer Security protocol IPsec -- Internet Protocol Security SET -- Secure Electronic Transactions Smart Cards VPN -- Virtual Private Network File or Disk Encryption Tools Remote access: SSH -- Secure Shell Digital Signature Algorithm -- DSA EMAIL: PGP -- Pretty Good Privacy PKI -- Public Key Infrastructure
14
Cryptographic Classifications Secret Key Cryptography –Symmetric Encryption –All Parties have same key Public Key Cryptography –Asymmetric Encryption –Different Keys: public and private
15
Secret Key Cryptography Symmetric Encryption Professor Student Step 4- Decipher with secret key Step 3 - Send Encrypted Message Step 2-Encipher with secret key Step 1- Secret Key Exchange occurs
16
Secret Key Cryptography PROs: – Very Secret – Key Size Determines how hard to break CONs: –Key Management is a Burden –Cryptography can be slow
17
Symmetirc Encrpytion Algorithms DESData Encryption Standard 3DESTriple-Strength DES RC2Rivest Cipher 2 RC4Rivest Cipher 4 All commonly used with SSL
18
Public Key Cryptography Digital Signatures and Public Key Encryption –Message encrypted or signed with private key of sender and public key of recipient –Recipient decrypts with own private key and sender’s public key –Only sender has the right private key so if it decrypts it must have come from the sender –NOTE: Assumes keys have not been compromised
19
Public Key Cryptography Asymmetric Encryption Step 1- Create Public and Private Keys Professor Student Step 3- Encipher with public Key Step 2 - Send Public Key to Student Step 4 -Send Encrypted Message Step 5- Decipher with private key
20
Public Key Cryptography PROs: –As Shown this Proves Identity –This Results in a Digital Signature Used to authenticate digital material Prove identity and validity of action or material CONs: –Burdensome if you need widespread use
21
Combining the Best of Both Professor Student Step 1- Create Public and Private Keys Step 1- Generate a Secret Key Step 2 - Send Public Key to Student Step 4 -Send Encrypted Message Step 5- Decipher with private key and retrieve secret key Step 3- Encipher Secret Key with Public Key
22
Uses of Public Key Cryptography Digital Signatures –Used to authenticate digital material –Prove identity and validity of action or material Transmission of symmetric key (public key encryption is generally slower)
23
Public Key Infrastructure The Mainstream method (using public key cryptography ) by which to ensure key management and reliable authentication and encryption between two objects that are communicating over a single open network
24
Public Key Infrastructure Purpose: provide an environment that addresses today’s business, legal, network, and security demands for trust and confidentiality Environment: policies, protocols, services and standards that support public key cryptogrpahy
25
Public Key Infrastructure Provides: –Strong user identification –Cryptographic Services –Evidence for non-repudiation among strangers
26
Technology Components of PKI Keys: public and private Certificate Authority (CA) –Responsible trusted 3rd party that issues, revokes, and manages digital certificates Registration Authority (RA) –Optional entity implicity trusted by a CA to validate another entity’s indentity prior to the CA issuing a digital certificate –Usually needed in large PKI deployments
27
Technology Components of PKI Digital Certificates –Fundamental to PKI –Credentials issued to an entity that uniquely identifies the entity for all others –The credentials act like a “passport” –Digital Certificates contain the entity’s public key
28
Technology Components of PKI Repository –The workhorse of PKI –Stores certificates and entity information –Provides lookup and retrieval services to an enterprise –Also handles certificate revocation list (CRL) checking
29
Other Components of PKI Policy Management Authority (PMA) –Policy Approval Authority Develops governing policy for PKI –Policy Creation Authority (PCA) Implements PKI policy through CA establishment
30
PKI Policy Primary PKI Policies –Certificate Policy (CP) What the PKI environment does Publicly available document Policy Approval Authority –Certification of Practice Statement(CPS) How the PKI environment does it Details the functions of the PKI Internal document
31
PKI in Action Certificate Authority Certificate Repository ME YOU Generate Keys Register with CA Digital Certificates Returned
32
PKI in Action Certificate Authority Certificate Repository ME YOU Encrypt With Private Key Decrypt With Public Key Send Encrypted Message Request/Get Digital Certificate
33
Summary Cryptography ensures CIA Public Key Cryptography ensures Authentication Public Key Cryptography ensures non-repudiation
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.