Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Looking Forward, SchedulesLooking Forward, Schedules Recap: Public key.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Looking Forward, SchedulesLooking Forward, Schedules Recap: Public key."— Presentation transcript:

1 March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Looking Forward, SchedulesLooking Forward, Schedules Recap: Public key cryptographyRecap: Public key cryptography Secret Keys vs Public KeysSecret Keys vs Public Keys

2 Looking Forward Next LabNext Lab –Due date is being pushed to the end of the semester –I need to find a different way to run WireShark on the outside VirusesViruses –I’ll post a revised Chapter 3 with a section on viruses Cain and Abel, scanning, password crackingCain and Abel, scanning, password cracking –A security program I’ve been playing with –I need to finish ‘sanitizing’ my laptop for the demonstration –The password cracker is unreliable March 2005 2R. Smith - University of St Thomas - Minnesota

3 Presentation Schedule Monday, May 11 SQL SlammerSQL Slammer –Brakefield, Hart, Wertish Active DirectoryActive Directory –Allers-Hatlie, Hooper Crypto AlgorithmsCrypto Algorithms –McNeil, Schwarz, Tursich BotnetsBotnets –Heaney, Schreck Wednesday, May 13 Conficker –Hansohn, Lee Biometrics - McCormick TBD - Chang HIPAA - Barrett Wireless Cracking –Almutawa, Moore, Winiarczyk March 2005 3R. Smith - University of St Thomas - Minnesota

4 March 2005 4R. Smith - University of St Thomas - Minnesota Public Key cryptography First successful version: Diffie HellmanFirst successful version: Diffie Hellman ‘Distributive property’ of exponents‘Distributive property’ of exponents –(B X ) Y = (B Y ) X Or, in Diffie-Hellman:Or, in Diffie-Hellman: –(B X mod M) Y mod M = (B Y mod M) X mod M –(x) is Private Key; (B X mod M) is Public Key Why is it secure? Because…Why is it secure? Because… –(B X mod M) * (B Y mod M) mod M ! = (B Y mod M) X mod M –Modulus makes it impractical to reverse

5 March 2005 5R. Smith - University of St Thomas - Minnesota RSA More flexible variantMore flexible variant –Basic Math: Given M, M y = Ciphertext; M = (M y ) -y –y = Public Key; -y = Private Key (inverse of public key) –RSA uses “Modular Inverse” instead of simple inverse Multiply two primes P x QMultiply two primes P x Q –Product is the Modulus, part of the published key, –2 other numbers form rest of the key “Public” exponent “E” (often 3 or 65537)“Public” exponent “E” (often 3 or 65537) “Private” inverse “D” (computed from P, Q, and E)“Private” inverse “D” (computed from P, Q, and E) Works in both directions – encrypt and decryptWorks in both directions – encrypt and decrypt

6 March 2005 6R. Smith - University of St Thomas - Minnesota Using Public Key Diffie HellmanDiffie Hellman –I can share one secret with another D-H user I use the other user’s PUBLIC key with my PRIVATE keyI use the other user’s PUBLIC key with my PRIVATE key RSARSA –If I have a user’s PUBLIC key, I can send them a secret I encrypt the secret with THEIR public keyI encrypt the secret with THEIR public key They decrypt with their own private keyThey decrypt with their own private key –I can use my PRIVATE key to “sign” things I encrypt a hash (checksum) with my PRIVATE keyI encrypt a hash (checksum) with my PRIVATE key Others can check the result with my PUBLIC keyOthers can check the result with my PUBLIC key

7 Public Key vs Secret Key Secret Key is good:Secret Key is good: Hosts already knownHosts already known Small number of hostsSmall number of hosts Many hosts and KDCMany hosts and KDC –KDC is well protected Revocation is easyRevocation is easy Public Key is good: Many hosts, not known ahead of time Revocation not a major concern Host security not very reliable March 2005 7R. Smith - University of St Thomas - Minnesota

8 Encrypting to “sign” some data March 2005 8R. Smith - University of St Thomas - Minnesota Use private key to encryptUse private key to encrypt

9 Applying a Digital Signature Hash it, encrypt the hashHash it, encrypt the hash March 2005 9R. Smith - University of St Thomas - Minnesota

10 Checking the digital signature Use the public key to decrypt the encrypted hashUse the public key to decrypt the encrypted hash March 2005 10R. Smith - University of St Thomas - Minnesota

11 Authentication with public keys A variant of challenge-responseA variant of challenge-response March 2005 11R. Smith - University of St Thomas - Minnesota

12 FIPS 196 authentication Public key challenge-responsePublic key challenge-response March 2005 12R. Smith - University of St Thomas - Minnesota

13 March 2005 13R. Smith - University of St Thomas - Minnesota Decryption Procedure Secret Key Secret Key (temporary) Random Number Generator Encryption Procedure Cipher Text RSA Encrypting Secret Keys First send the secret key, then send the dataFirst send the secret key, then send the data Encryption Procedure { } Public Key Clear Text 4327 4445219 John J. Jones Clear Text 4327 4445219 John J. Jones Decryption Procedure Private Key

14 SSL Encryption Socket layer encryptionSocket layer encryption The old story of Mosaic becoming NetscapeThe old story of Mosaic becoming Netscape Practical example of successful securityPractical example of successful security –Won on the basis of its practical application –Security mechanisms themselves weren’t the deciding factor March 2005 14R. Smith - University of St Thomas - Minnesota

15 Basic SSL RSA to protect a shared secretRSA to protect a shared secret March 2005 15R. Smith - University of St Thomas - Minnesota

16 SSL Phase 1 pre master secretpre master secret March 2005 16R. Smith - University of St Thomas - Minnesota

17 Build the secret Combine single secret and nonces to make more secretsCombine single secret and nonces to make more secrets March 2005 17R. Smith - University of St Thomas - Minnesota

18 The rest of SSL March 2005 18R. Smith - University of St Thomas - Minnesota

19 March 2005 19R. Smith - University of St Thomas - Minnesota Web Requirements CustomersCustomers –Can buy things and handle related issues (returns) through the web site –Info is only available as needed to handle their orders, etc. ImplementationImplementation –Order processing is as automated as possible –As little down time as possible, especially for order entry EmployeesEmployees –Can surf the web and use e-mail –Can use shared file and print services OutsidersOutsiders –Can visit the commercial web site and buy things –Can not access internal company components

20 How the Web Works GET – reading data from a site – –Passive, relies purely on HTML text files POST – sending data to a site – –Requires an ‘active’ response on the server side – –Web site ‘programming’ via PHP, Perl, etc. Modern sites: active scripts and a database

21 March 2005 21R. Smith - University of St Thomas - Minnesota E-Commerce Tools Web servers + shopping cartsWeb servers + shopping carts Database serversDatabase servers Warehousing/shipping applicationsWarehousing/shipping applications 3 rd party support3 rd party support –Payment processing; package tracking Network server hostsNetwork server hosts “Back end” hosts“Back end” hosts E-mail serversE-mail servers Routers and firewalls to control flow & accessRouters and firewalls to control flow & access Encrypting gateways for distributed companiesEncrypting gateways for distributed companies

22 March 2005 22R. Smith - University of St Thomas - Minnesota Making things Interesting Or, at least, complicatedOr, at least, complicated Physical locationsPhysical locations –Web hosting location –Warehouse(s) for merchandise –Company headquarters Are these all in one place?Are these all in one place?

23 March 2005 23R. Smith - University of St Thomas - Minnesota Enterprise network architecture How many sites? Do we connect them? How?How many sites? Do we connect them? How? Do all employees get to surf the Web?Do all employees get to surf the Web? Which sites provide a “public face”?Which sites provide a “public face”? Which sites host critical systems?Which sites host critical systems? –I.e. those that directly affect the company’s immediate business Which sites administer critical systems?Which sites administer critical systems?

24 March 2005 24R. Smith - University of St Thomas - Minnesota Some questions How do we use these tools to build an e- commerce site?How do we use these tools to build an e- commerce site? How might we use different types of firewalls?How might we use different types of firewalls?

25 March 2005 25R. Smith - University of St Thomas - Minnesota E-Commerce: Conflicting Goals EfficiencyEfficiency –Sell lots of stuff at little expense –Make the customers happy –Accept lots of connections –Respond quickly to net requests –High availability –Send merchandise quickly –Handle customer problems/returns quickly –Accurate feedback on merchandise availability –Accurate status on existing order and shipped pkgs Security –Detect fraudulent purchases –Keep company activities private –Make payments accurately –Block hacker attacks –Record purchases accurately –Don’t send merchandise unless paid for –Don’t accept returns unless bought here –Limit the scope of attacks –On-line payment verification –Keep records to help identify long term bad trends

26 March 2005 26R. Smith - University of St Thomas - Minnesota That’s it Questions?Questions? Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.

Download ppt "March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Looking Forward, SchedulesLooking Forward, Schedules Recap: Public key."

Similar presentations

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Web security: SSL and TLS

Web security: SSL and TLS
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Exam clarifications needed?Exam clarifications needed? A ‘minor’ homework.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Exam clarifications needed?Exam clarifications needed? A ‘minor’ homework.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Return Homework; grading recapReturn Homework; grading recap “Enigma”

March R. Smith - University of St Thomas - Minnesota CISC Class Today Return Homework; grading recapReturn Homework; grading recap “Enigma”
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Cryptography – introductory termsCryptography – introductory terms “Enigma”

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Cryptography – introductory termsCryptography – introductory terms “Enigma”
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Homework due TodayHomework due Today LAN and Internet AddressesLAN and.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework due TodayHomework due Today LAN and Internet AddressesLAN and.
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Homework backHomework back Take-home exam will be on Blackboard after.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework backHomework back Take-home exam will be on Blackboard after.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 8 Web Security.

Chapter 8 Web Security.

Similar presentations

Ads by Google