Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2003 T. Trappenberg Overview E 1 E1. Security Module 1 Technology: GR01E - Electronic Commerce Overview.

Published byZoe Pitts Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2003 T. Trappenberg Overview E 1 E1. Security Module 1 Technology: GR01E - Electronic Commerce Overview."— Presentation transcript:

1 Copyright © 2003 T. Trappenberg Overview E 1 E1. Security Module 1 Technology: GR01E - Electronic Commerce Overview

2 Copyright © 2003 T. Trappenberg Overview E 2 Data security Hacker resistance Fault Tolerance Intrusion control and detection SSL Policies …

3 Copyright © 2003 T. Trappenberg Overview E 3 What is SSL/TSL? Secure Socket Layer/Transport Layer Security Runs commonly on top of TCP/IP A protocol that implements - privacy against eavesdroppers through encryption of messages - message integrity trough hash function - authentication through digital signatures e.g., connect to https, ssmtp, spop3 (each has a unique port number)

4 Copyright © 2003 T. Trappenberg Overview E 4 Netscape SSL Secure Socket Layer Microsoft PCT Private Communication Technology IETF: TLS Internet Engineering Task force Based on SSL 3.0 January 1999: Draft version 1.0 (http://www.ietf.org) New standard for secure communication over the internet Goals: `Cryptographic security’ (including privacy and authentication Interoperability Extensibility Relative efficiency

5 Copyright © 2003 T. Trappenberg Overview E 5 TLS Protocols: TLS handshake protocol : TLS record protocol: Negotiation of - Session identifier packaging of data to be transported - Compression method - Cipher specification - Master key - Peer certificate

6 Copyright © 2003 T. Trappenberg Overview E 6 Authetication: either - both parties - server authentication - no authentication

7 Copyright © 2003 T. Trappenberg Overview E 7 Security Analysis

8 Copyright © 2003 T. Trappenberg Overview E 8 However: - How secure is the cryptographic protocol? (e.g. key length, …) - How is authentication handled (e.g. switched on?, signature verification, …) - Implementation errors

9 Copyright © 2003 T. Trappenberg Overview E 9 E2. Cryptography Module 1 Technology: GR01E - Electronic Commerce Overview

10 Copyright © 2003 T. Trappenberg Overview E 10 Dear Jean, I love you George This is $1000 Dollar (US!!)

11 Copyright © 2003 T. Trappenberg Overview E 11 Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures Trust networks Cryptography Basics

12 Copyright © 2003 T. Trappenberg Overview E 12 Confidentiality (how can I make sure that an eavesdropper can not read my message) Message integrity (how do I know that the message has not been modified on its travel?) Authentication (how do I know that the message is from a particular person?)

13 Copyright © 2003 T. Trappenberg Overview E 13 guvf zrffntr vf frperg __is __ss___ is s_____

14 Copyright © 2003 T. Trappenberg Overview E 14 Relative frequency of letters in English text

15 Copyright © 2003 T. Trappenberg Overview E 15 this message is secret guvf zrffntr vf frperg __is _ess__e is se__e_ __is __ss___ is s_____ this _ess__e is se__et abcdefghijklmnopqrstuvwxyz nopqrstuvwxyzabcdefghijklm ROT13 algorithm (cipher):

16 Copyright © 2003 T. Trappenberg Overview E 16 Definitions (Encryption, Decryption, Plaintext, Ciphertext) EncryptionDecryption PlaintextCiphertext Original Plaintext Types of cipher: Stream cipher –Each bit (or byte) is encrypted or decrypted individually –Simple substitution ciphers (ROT13, XOR) Block cipher –A sequence of bits (or bytes) is used at each step in the encryption and decryption process (DES, AES)

17 Copyright © 2003 T. Trappenberg Overview E 17 EncryptionDecryption PlaintextCiphertext Original Plaintext Key EncryptionDecryption PlaintextCiphertext Original Plaintext Encryption Key Decryption Key Symmetric Key Algorithms Public Key Cryptography

18 Copyright © 2003 T. Trappenberg Overview E 18 Symmetric Key Algorithms General: Substitution (ROT13, Cryptoquotes) Transposition XOR One Time Pad Specific algorithms: DES (data encryption standard, 56-bit key, Triple-DES) IDEA (international data encryption algorithm, 128-bit key, patents) RC2, RC4, RC5 (Ronald Rivest RSA, variable key length) Rijndael (AES) (advanced encryption standard adapted in 2001) } most practical algorithms use a combination of these

19 Copyright © 2003 T. Trappenberg Overview E 19 Rijndael: Iterated Block Cipher 10/12/14 times applying the same round function Round function: uniform and parallel, composed of 4 steps Each step has its own particular function: - ByteSub: nonlinearity - ShiftRow: inter-column diffusion - MixColumn: inter-byte diffusion within columns - Round key addition

20 Copyright © 2003 T. Trappenberg Overview E 20 What is an appropriate length for a key?

21 Copyright © 2003 T. Trappenberg Overview E 21 Comparison of cryptographic algorithms

22 Copyright © 2003 T. Trappenberg Overview E 22 Key distribution problem Solutions: Doubly padlocked box exchange Diffie-Hellman key exchange Public-key cryptography (RSA, elliptic curve cryptography)

23 Copyright © 2003 T. Trappenberg Overview E 23 AliceBob Secret part generation One-way function Swap Key generation

24 Copyright © 2003 T. Trappenberg Overview E 24 AliceBob Secret part generation Choose a secret number A=3 Choose a secret number B=6 One-way functionUse one-way function a=7 A (mod 11)=2 Use one-way function b=7 B (mod 11)=4 Swap b=4a=2 Key generationAnother one-way function k=b A (mod 11)=9 Another one-way function k=a B (mod 11)=9

25 Copyright © 2003 T. Trappenberg Overview E 25 The Diffie-Hellman key exchange was the first widely recognized solution to the key exchange problem Can only be used to exchange key. Symmetric key cryptographic methods can be used to exchange secret messages Fairly elaborate exchange of messages

26 Copyright © 2003 T. Trappenberg Overview E 26 Public Key Cryptography A public key - private key pair are used, one for encryption and the other for decryption

27 Copyright © 2003 T. Trappenberg Overview E 27

28 Copyright © 2003 T. Trappenberg Overview E 28 Public Key: n - product of two primes, p and q (p and q are secret) e - relatively prime to (p-1)(q-1) Private Key: d - e -1 mod ((p-1)(q-1)) Encrypting: c = m e mod n Decrypting: m = c d mod n Public Key Cryptography (a la RSA) A public key - private key pair are used, one for encryption and the other for decryption Let p=3, q=11 n=pq=33 e must be relatively prime to (p-1)(q-1)=20 choose e = 7, then d = 7 -1 mod 20 = 3 Plaintext is 3,4,2 (m 1 =3, m 2 =4, m 3 =2) c 1 =m 1 e mod n = 3 7 mod 33 = 9 c2 = m2 e mod n = 4 7 mod 33 = 15 c3 = m3 e mod n = 2 7 mod 33 = 29 Ciphertext is 9,15,29 m 1 =c 1 d mod n = 9 3 mod 33 = 3 m 2 =c 2 d mod n = 15 3 mod 33 = 4 m 3 =c 3 d mod n = 29 3 mod 33 = 2 Plaintext is 3,4,2 Example:

29 Copyright © 2003 T. Trappenberg Overview E 29 PGP: Pretty Good Privacy Philip Zimmermann Implementation of best available cryptographic algorithms for confidentiality and authentication and integration into a freely available general-purpose application Package, source code, and documentation available on the web Low-cost commercial version from Network Associates Includes AES, 3DES, CAST, IDEA; RSA DSS, Diffie-Hellman; SHA1; key management, …

30 Copyright © 2003 T. Trappenberg Overview E 30 Message Digests & Hash function A message digest is a one-way function which maps the information contained in a (small or large) file to a single large number, typically between 128 bits and 256 bits in length. A good message digest function should have the following properties: –Every bit of the output is influenced by every bit of the input –Changing a single bit in the input results in every output bit having a 50% chance of changing –Given an input file, its corresponding digest, and the digest function, it is computationally infeasible to produce another input file which maps to the same digest

31 Copyright © 2003 T. Trappenberg Overview E 31 http://ciips.ee.uwa.edu.au/~morris/Year2/PLDS210/hash_tables.html

32 Copyright © 2003 T. Trappenberg Overview E 32 Message Digests (continued) Standard encryption algorithm e.g. use last block in cipher feedback mode Provide good message digest code Computationally more demanding than other specialized functions MD5 One widely used message digest algorithm from a series of algorithms developed by Ronald Rivest Does not rely on a secrete key and is therefore not suitable as MAC without further provisions HMAC The Hashed Message Authentication Code uses a shared secret key in combination with a message digest function to produce a secret message authentication code Since an attacker doesn’t know the secret, the attacker cannot produce a correct authentication code if they alter the message Fast to calculate, can be used as digital signature. However, a shared secret key is used. SHA-1 Developed by the NSA for use with the Digital Signature Standard

33 Copyright © 2003 T. Trappenberg Overview E 33 Message Digest Algorithm Hash Block Cipher Message Authentication Code MACMessage Secret Key Operation of a message digest function to produce a message authentication code

34 Copyright © 2003 T. Trappenberg Overview E 34 Private Key Message Hash Function Digest Encrypt Signature Message Signature Hash Function Decrypt Public Key Message Actual Digest Expected Digest If actual and expected match, the signature is verified OriginatorRecipientTransmitted Message RSA Digital Signature

35 Copyright © 2003 T. Trappenberg Overview E 35 Types of authentication What you know (username and password) What you have (token, smart card) What you are (biometrics) Where you are (location security)

36 Copyright © 2003 T. Trappenberg Overview E 36 Digital Certificates Need a system for pairing public keys to identification information Certification authority (or trusted third party) issues a certificate which pairs identification information with a public key, signed with the certification authority’s private key User must trust the certification authority, and have a valid copy of the certification authority’s public key

37 Copyright © 2003 T. Trappenberg Overview E 37 Digital Certificates (continued) Subject Identification Information Certification Authority Name Certification Authority’s Digital Signature Subject Public Key Value Certificate Certificate Authority’s Private Key Generate Digital Signature

38 Copyright © 2003 T. Trappenberg Overview E 38 Certification Paths More than one Certification Authority will be required If CAs trust one another, they can issue certificates for each other’s public keys This leads to a recursively defined path from a user under one CA to a user under another CA

39 Copyright © 2003 T. Trappenberg Overview E 39 Certification Paths (continued) Root Public Key (Certification Authority A) Subject = Certification Authority B Subject Public Key Issuer = Certification Authority A Public – Private Key Pair Bob Certificate 1 Subject = Certification Authority C Subject Public Key Issuer = Certification Authority B Certificate 2 Subject = Bob Subject Public Key Issuer = Certification Authority C Certificate 3 Public Key user

40 Copyright © 2003 T. Trappenberg Overview E 40 X.509 Certificate Format Versions 1 and 2 Version (of certificate format) Certification Authority’s Digital Signature Certificate Certificate Authority’s Private Key Generate Digital Signature Certificate Serial Number Signature Algorithm Identifier Issuer’s X.500 Name Validity Period Subject’s X.500 Name Subject’s Public Key Information Algorithm Identifier Public Key Value Issuer Unique Identifier Subject Unique Identifier Not in Version 1

Download ppt "Copyright © 2003 T. Trappenberg Overview E 1 E1. Security Module 1 Technology: GR01E - Electronic Commerce Overview."

Similar presentations

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security

Cryptography and Network Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google