1

Security in e-commerce

Ahmad allahbakhshe

2

Introduction

• Security in e-commerce subject new • Security in e-commerce such as threats, risks,…• Imporatance subject in Security e-commerce

subject Inter network Security

3

Mechanisms Cryptography types

Cryptography Principles of encryption, the encryption two type Mechanisms Cryptography :• Symmetric Cryptosystem• Asymmetric Cryptosystem

4

Method Symmetric

Method Symmetric two type:• Stream cipher• Block cipher

5

Hash Functions

Characteristics1. Given M, it is easy to compute h2. Given h, it is hard to compute M such that H(M)= h

– One-way characteristic3. Given M, it is hard to find another message , M`, such that

H(M)=H(M`)– Also called weak collision resistance

4. It is hard to find two random messages, M and M` , such that H(M)=H(M`)

6

Hash Functions

f ff

Y0 Y1 Ym-1

IV=CV0 CV1 CVm-1

n n n

b b b

…n n

CVm=H(M)

7

MD5

Produces 128-bit hash codes The input is processed in 512-bit blocks

1. Input message is padded to be an integer multiple of 448 (512-64)

Padding is 1-bit followed by 0s

2. Append a 64-bit representation of length of the input• If input is greater than 264 only the low-order 64 bits of the length are

used

3. Initialise the MD buffer (128 bits) to a fixed value• This buffer is used to hold intermediate and final results of the hash

function (chaining variable)

4. Process all m 512-bits blocks with HMD5 compression

8

Strength of MD5

Every bit of the hash code is a function of every bit in the input Brute force attack complexity is 2128

Birthday attack complexity is 264

Considered cryptanalytically vulnerable

9

Encryption algorithms

• 1)DES • 2) AES

10

History of DES

IBM develops Lucifer for banking systems (1970’s ) NIST and NSA evaluate and modify Lucifer (1974)

Modified Lucifer adopted as federal standard (1976) Name changed to Data Encryption Standard (DES) Defined in FIPS (46-3) and ANSI standard X9.32

NIST defines Triple DES (3DES) (1999) Single DES use deprecated - only legacy systems.

NIST approves Advanced Encryption Std. (AES) (2001) AES which will replaces DES and 3DES.

11

DES

Block length = 64 bits (L,R of 32 bits each.)

Key Length = 56 bits (8 parity bits) 16 subkeys of 48 bits each are created for the 16

rounds

12

DES

Block length is same as DES but use 3 DES steps.

Key length = 168 bits Uses a 56 bit key for each of the 3 DES stages

Keys may be independent or related if k1 = k2 = k3 3DES is compatible with DES.

13

AES

The RSA Cryptosystem Proposed by Rivest, Shamir, and Adleman (1977) Used for encryption and signature schemes Based on the intractability of the integer

factorization problem Key generation

Let p, q be large prime, n=pq and =(p-1)(q-1) Choose randomly e s.t. gcd(e,)=1 Compute d e-1 mod Public-key: (e, n) Private-key: (d,n) RSA function: f(m)=me mod n

14

AES

Key generation Let p, q be large prime, n=pq and =(p-1)(q-1) Choose randomly e s.t. gcd(e,)=1 Compute d e-1 mod Public-key: (e, n) Private-key: (d,n) RSA function: f(m)=me mod n

15

AES

Encryption Decryption

M E C

KUa

EKUa(M)=Me (mod n)

D

KRa

DKRa(C)=Cd (mod n)

M

n = pqd*e = 1 (mod ø(n))

Private keyKRa = (d, n)Public key

KUa = (e, n)

Public Key

Here we go again!! Exchange key in person Verify the pubic key

Via telephone using the key’s fingerprint, which is considerably

shorter Obtain public key through a trusted third party

Person or authority

16

17

Types of attack

Ciphertext-only attack The attacker only has a few ciphertexts to use

Known-plaintext attack The attacker possesses a few ciphertexts and the relative plaintexts

Chosen-plaintext attack Like in known-plaintext plus the attacker can choose the plaintext

that gets encrypted (more powerful) Adaptive-chosen-plaintext attack

Like in chosen-plaintext attack plus the attackers can modify the choice based on the results of previous encryption

18

Brute Force Attacks

All cryptosystems can be broken with a ciphertext-only attack aka Brute Force Attack It doesn't apply to OTP

Brute force attack Try all possible keys Try all possible plaintext (Dictionary attack for passwords) Complexity

Complexity of the attack Data Complexity, Processing Complexity, Storage requirements

19

Firewalls

A firewall is a barrier placed between the private network and the outside world.

All incoming and outgoing traffic must pass through it. Types firewall : Router-Based Host Based

20

Secure Protocols

SSL SET S/MIME TLS SSH And …

21

SSL

Originally designed for TCP Assumes reliable delivery of packets Cannot run on UDP or IP

Other SSL variants work over UDP Microsoft’s STLP WAP Forum’s WTLS

22

SSL

Three purposes: Agree on a set of algorithms to be used in the communication Establish the key to be used with the above algorithms Optionally authenticate the client

23

SET

Developed by Visa and MasterCard Designed to protect credit card transactions Confidentiality: all messages encrypted Trust: all parties must have digital certificates Privacy: information made available only when and

where necessary

24

SET

25

S/MIME Uses encryption

both symmetric and public key strategies

Symmetric key is transmitted with the message Shared secret is encoded using public key of the

recipient Uses digital signatures to protect against tampering

and forgery

26

S/MIME Problems with RFC 822

Cannot send binaries and executables Limited to 7-bit ASCII Oversized emails could be rejected Encoding problems

MIME introduces five new header fields Allows new content and multiple content Defines transfer encodings for message bodies

27

S/MIME Versions Version 2

widely implemented but limited 40-bit keys (the RC2 algorithm) RSA-patented symmetric algorithms

Version 3 currently in IETF draft

uses Diffie-Hellman instead of RSA technology support for strong encryption

28

TLS

The TLS protocol comes from lessons learned by the SSL and PCT protocols

Very similar to the SSL v3 protocol The TLS v1.0 protocol is described in

RFC2246 The TLS protocol is composed by two layers:

TLS record protocol TLS handshake protocol

29

TLS

The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications.

Goals of TLS Cryptographic security Interoperability Extensibility Relative efficiency

30

SSH

SSH provides secure replacements for rsh, rlogin, rcp, ftp, and telnet, all of which transmit data over the network as clear text

The SSH protocol was developed in 1995 to address the various security issues associated with the "r-commands"

Developed by Tatu Ylönen, a researcher at the Helsinki University of Technology

31

SSH

SSH protocol is based on a client/server architecture A user who wants to connect to a remote host will execute the ssh

command (the client) on his local machine It will connect to the remote computer's ssh daemon (the server)

There are two primary versions of the SSH protocol SSH-1 SSH-2

32

Payment Gatway

Decrypt the digital license to obtain and decrypt the symmetric key block

Verify the sign vendor Decrypt digital pay to obtain and decrypt the symmetric key

block

33

IPSec—IP Security

Provide encryption and integrity protection to IP packets (and authentication of two peers). AH (Authentication Header)

An additional header, provides integrity protection ESP (Encapsulating Security Payload)

Also an addition header, provides encryption and integrity protection

IKE (Internet Key Exchange) Establishing session keys (used for AH & ESP) as well as

authentication. Both AH and ESP are called IPSec Headers. Authentication: users and data.

34

Security Associations (SA)

Provide encryption and integrity protection to IP packets (and authentication of two peers). AH (Authentication Header)

An additional header, provides integrity protection ESP (Encapsulating Security Payload)

Also an addition header, provides encryption and integrity protection

IKE (Internet Key Exchange) Establishing session keys (used for AH & ESP) as well as

authentication. Both AH and ESP are called IPSec Headers. Authentication: users and data.

35

IPSec mode usage

Transport mode is used when IPSec is used end-to-end

Tunnel mode is used between firewalls or endnode and firewall. (Example)

Combination of multiple modes In tunnel mode, the original IP packet will be kept

intact (not really?).

36

IKE phases

Phase 1 Mutual authentication and establishes session

keys (used in phase 2) by key exchange, called IKE SA

How about authentication: Pre-shared secret key Public encryption key Public signature key

Establishes session key Diffie-Hellman key exchange, protected by above keys.

37

IKE phases

Phase 2 Establish multiple session keys, such as ESP SA,

AH SA, …

38

IKE phase 1—main mode

Alice Bob

Crypto suites I support

Crypto suite I choose

ga mod p

gb mod p

gab mod p{“Alice”, proof I am Alice}

gab mod p{“Bob”, proof I am Bob}

39

IKE phase 2

Any party can initiate a quick mode exchange to set up an ESP SA or AH SA Negotiating crypto parameters Optionally doing a Diffie-Hellman exchange (if

perfect forward secrecy is desired) Negotiating what traffic will be sent on the SA

40

Thank you