Presentation is loading. Please wait.

Presentation is loading. Please wait.

April 20023CSG11 Electronic Commerce Encryption John Wordsworth Department of Computer Science The University of Reading Room.

Published bySophia Daniel Modified over 8 years ago

Similar presentations

Presentation on theme: "April 20023CSG11 Electronic Commerce Encryption John Wordsworth Department of Computer Science The University of Reading Room."— Presentation transcript:

1 April 20023CSG11 Electronic Commerce Encryption John Wordsworth Department of Computer Science The University of Reading J.B.Wordsworth@rdg.ac.uk Room 129, Ext 6544

2 April 20023CSG12 Lecture objectives Understand the use of encryption for secret communication. Understand the principles of symmetric encryption systems. Understand the principles of asymmetric encryption systems and the use of public and private keys. Describe how the HTTPS protocol is used to set up secure communications between a client and a server. Explain how a challenge/response algorithm avoids the need for passwords to be transmitted. Describe some methods of cryptoanalysis.

3 April 20023CSG13 What is encryption? A means of making a text secret, so that only the sender and receiver can understand it. plain text encrypt cypher text plain text decrypt cypher text key

4 April 20023CSG14 Some simple(?) cryptographic systems Substitution cyphers Rearrangement cyphers Progressive cyphers Playfair codes etc

5 April 20023CSG15 Symmetric encryption The same key is used for encryption and decryption. The key is known only to the sender and receiver. The algorithm is (usually) well-known. Algorithms: DES, IDEA, RC4. The longer the key, the harder it is to break, but the longer it takes to operate the alogorithm. Key management is a problem.

6 April 20023CSG16 Asymmetric encryption Two keys are used, one public, one private. Alice freely distributes her public key, but keeps her private key to herself. Bob, wishing to communicate secretly with Alice, encrypts his plain text with Alice’s public key, using a well-known algorithm (probably RSA). The cypher text can only be decrypted with Alice’s private key, so only Alice can read it.

7 April 20023CSG17 The magic of RSA What is encrypted with the private key can be decrypted with the public key. Security depends on not being able to derive the private key from the public key. Needs long keys (say 1024 bits) to be secure. Is very slow compared with symmetric algorithms (DES, for example).

8 April 20023CSG18 Secure sockets layer and HTTPS client server I like RC4, DES, or none here’s my certificate; let’s use RC4 create RC4 key and encrypt with server’s public key here’s our RC4 key decrypt RC4 key with private key RC4-encrypted

9 April 20023CSG19 Challenge/response algorithm Alice wishes to use her workstation to log on to a remote system. The remote system and Alice both know Alice’s password p. The remote system computes: challenge c = CA(p), response r = RA(c, p) The remote system sends the challenge to the workstation. The workstation asks Alice for password q, computes RA(c,q), and sends it to the remote system. If q = r, Alice is admitted. The password was never transmitted.

10 April 20023CSG110 Cryptoanalysis Brute force attack Man-in-the-middle attack Known plain text attack Social engineering Implementation Replay

11 April 20023CSG111 Key points Encryption and decryption are important facilities for electronic commerce. Symmetric encryption is fast, and relies on a secret key known only to the two parties. Asymmetric encryption is slow, and relies on a public key know to all, and a private key known only to the recipient. HTTPS uses asymmetric and symmetric encryption. Encryption algorithms, keys, and messages are under constant attack from cryptoanalysts.

Download ppt "April 20023CSG11 Electronic Commerce Encryption John Wordsworth Department of Computer Science The University of Reading Room."

Similar presentations

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.

Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.

Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Similar presentations

Ads by Google