Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2...
-
Upload
caleb-mclain -
Category
Documents
-
view
224 -
download
5
Transcript of Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2...
![Page 1: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/1.jpg)
WWWWWW
Chapter 10
Encryption: A Matter of Trust
![Page 2: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/2.jpg)
2WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
OBJECTIVES
• What is Encryption?• Basic Cryptographic Algorithm• Digital Signatures• Major Attacks on Cryptosystems• Digital Certificates• Key Management• Internet Security Protocols & Standards• Government Regulations
Encryption: Objectives
![Page 3: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/3.jpg)
3WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
WHAT IS ENCRYPTION?
• Based on use of mathematical procedures to scramble data to make it extremely difficult to recover the original message
• Converts the data into an encoded message using a key for decoding the message
Encryption: What is Encryption?
![Page 4: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/4.jpg)
4WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
WHAT DOES ENCRYPTION SATISFY?
• Authentication
• Integrity
• Non-repudiation
• Privacy
Encryption: What is Encryption?
![Page 5: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/5.jpg)
5WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
BASIC CRYPTOGRAPHIC ALGORITHM
• Secret Key– The sender and recipient possess the same
single key
• Public Key– One public anyone can know to encrypt– One private only the owner knows to decrypt– Provide message confidentiality– Prove authenticity of the message of originator
Encryption: Basic Cryptographic Algorithm
![Page 6: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/6.jpg)
6WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
COMMONLY USED CRYPTOSYSTEMS
• RSA Algorithm– Most commonly used but vulnerable
• Data Encryption Standards (DES)– Turns a message into a mess of unintelligible
characters
• 3DES• RC4• International Data Encryption Algorithm (IDEA)
Encryption: Basic Cryptographic Algorithm
![Page 7: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/7.jpg)
7WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
DIGITAL SIGNATURES
• Transform the message signed so that anyone who reads it can be sure of the real sender
• A block of data representing a private key
• Serve the purpose of authentication
Encryption: Digital Signatures
![Page 8: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/8.jpg)
8WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
MAJOR ATTACKS ON CRYPTOSYSTEMS
• Chosen-plaintext Attack
• Known-plaintext Attack
• Ciphertext-only Attack
• Third-party Attack
Encryption: Major Attacks on Cryptosystems
![Page 9: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/9.jpg)
9WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
DIGITAL CERTIFICATES
• An electronic document issued by a certificate authority (CA) to establish a merchant’s identity by verifying its name and public key
• Includes holder’s name, name of CA, public key for cryptographic use, duration of certificate, the certificate’s class & ID
Encryption: Digital Certificates
![Page 10: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/10.jpg)
10WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
CLASSES OF CERTIFICATES
• Class 1– Contains minimum checks on user’s background– Simplest & quickest
• Class 2– Checks for information e.g. names, SSN, date of
birth– Requires proof of physical address, etc.
Encryption: Digital Certificates
![Page 11: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/11.jpg)
11WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
CLASSES OF CERTIFICATES (Cont’d)
• Class 3– You need to prove exactly who you are & that you
are responsible– Strongest
• Class 4– Checks on things like user’s position in an
organization in addition to class 3 requirements
Encryption: Digital Certificates
![Page 12: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/12.jpg)
12WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
KEY MANAGEMENT
• Key Generation & Registration
• Key Distribution
• Key Backup / Recovery
• Key Revocation & Destruction
Encryption: Key Management
![Page 13: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/13.jpg)
13WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
THIRD PARTY SERVICES
• Public Key Infrastructure– Certification Authority– Registration Authority– Directory Services
• Notary Services
• Arbitration Services
Encryption: Key Management
![Page 14: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/14.jpg)
14WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
INTERNET SECURITY PROTOCOLS & STANDARDS
• Web Application– Secure Socket Layer (SSL)– Secure Hypertext Transfer Protocol (S-HTTP)
• E-Commerce– Secure Electronic Transaction (SET)
• E-Mail– PGP– S/MIME
Encryption: Internet Security Protocols & Standards
![Page 15: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/15.jpg)
15WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
SSL
• Operates between application & transport layers
• Most widely used standard for online data encryption
• Provide services:– Server authentication– Client authentication– Encrypted SSL connection
Encryption: Internet Security Protocols & Standards
![Page 16: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/16.jpg)
16WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
S-HTTP
• Secures web transactions merely
• Provides transaction confidentiality, integrity & non-repudiation of origin
• Able to integrate with HTTP applications
• Mainly used for intranet communications
• Does not require digital certificates / public keys
Encryption: Internet Security Protocols & Standards
![Page 17: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/17.jpg)
17WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
SET
• One protocol used for handling funds transferred from credit card issuers to a merchant’s bank account
• Provides confidentiality, authentication & integrity of payment card transmissions
• Requires customers to have digital certificate & digital wallet
Encryption: Internet Security Protocols & Standards
![Page 18: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/18.jpg)
18WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
PGP
• Encrypts the data with one-time algorithm, then encrypts the key to the algorithm using public-key cryptography
• Supports public-key encryption, symmetric-key encryption & digital signatures
• Supports other standards, e.g. SSL
Encryption: Internet Security Protocols & Standards
![Page 19: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/19.jpg)
19WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
S/MIME
• Provides security for different data types & attachments to e-mails
• Two key attributes:– Digital signature– Digital envelope
• Performs authentication using x.509 digital certificates
Encryption: Internet Security Protocols & Standards
![Page 20: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/20.jpg)
20WWWWWW Awad –Electronic Commerce 1/e© 2002 Prentice Hall
GOVERNMENT REGULATIONS
• National Security Agency (NSA)
• National Computer Security Center (NCSC)
• National Institute of Standards & Technology (NIST)
• Office of Defense Trade Controls (DTC)
Encryption: Government Regulations
![Page 21: Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.](https://reader033.fdocuments.in/reader033/viewer/2022051210/55143eea5503466d1a8b56c8/html5/thumbnails/21.jpg)
WWWWWW
Chapter 10
Encryption: A Matter of Trust