Date post: | 18-Nov-2014 |
Category: |
Technology |
Upload: | itrraincity |
View: | 665 times |
Download: | 0 times |
1
Security in e-commerce
Ahmad allahbakhshe
2
Introduction
• Security in e-commerce subject new • Security in e-commerce such as threats, risks,…• Imporatance subject in Security e-commerce
subject Inter network Security
3
Mechanisms Cryptography types
Cryptography Principles of encryption, the encryption two type Mechanisms Cryptography :• Symmetric Cryptosystem• Asymmetric Cryptosystem
4
Method Symmetric
Method Symmetric two type:• Stream cipher• Block cipher
5
Hash Functions
Characteristics1. Given M, it is easy to compute h2. Given h, it is hard to compute M such that H(M)= h
– One-way characteristic3. Given M, it is hard to find another message , M`, such that
H(M)=H(M`)– Also called weak collision resistance
4. It is hard to find two random messages, M and M` , such that H(M)=H(M`)
6
Hash Functions
f ff
Y0 Y1 Ym-1
IV=CV0 CV1 CVm-1
n n n
b b b
…n n
CVm=H(M)
7
MD5
Produces 128-bit hash codes The input is processed in 512-bit blocks
1. Input message is padded to be an integer multiple of 448 (512-64)
Padding is 1-bit followed by 0s
2. Append a 64-bit representation of length of the input• If input is greater than 264 only the low-order 64 bits of the length are
used
3. Initialise the MD buffer (128 bits) to a fixed value• This buffer is used to hold intermediate and final results of the hash
function (chaining variable)
4. Process all m 512-bits blocks with HMD5 compression
8
Strength of MD5
Every bit of the hash code is a function of every bit in the input Brute force attack complexity is 2128
Birthday attack complexity is 264
Considered cryptanalytically vulnerable
9
Encryption algorithms
• 1)DES • 2) AES
10
History of DES
IBM develops Lucifer for banking systems (1970’s ) NIST and NSA evaluate and modify Lucifer (1974)
Modified Lucifer adopted as federal standard (1976) Name changed to Data Encryption Standard (DES) Defined in FIPS (46-3) and ANSI standard X9.32
NIST defines Triple DES (3DES) (1999) Single DES use deprecated - only legacy systems.
NIST approves Advanced Encryption Std. (AES) (2001) AES which will replaces DES and 3DES.
11
DES
Block length = 64 bits (L,R of 32 bits each.)
Key Length = 56 bits (8 parity bits) 16 subkeys of 48 bits each are created for the 16
rounds
12
DES
Block length is same as DES but use 3 DES steps.
Key length = 168 bits Uses a 56 bit key for each of the 3 DES stages
Keys may be independent or related if k1 = k2 = k3 3DES is compatible with DES.
13
AES
The RSA Cryptosystem Proposed by Rivest, Shamir, and Adleman (1977) Used for encryption and signature schemes Based on the intractability of the integer
factorization problem Key generation
Let p, q be large prime, n=pq and =(p-1)(q-1) Choose randomly e s.t. gcd(e,)=1 Compute d e-1 mod Public-key: (e, n) Private-key: (d,n) RSA function: f(m)=me mod n
14
AES
Key generation Let p, q be large prime, n=pq and =(p-1)(q-1) Choose randomly e s.t. gcd(e,)=1 Compute d e-1 mod Public-key: (e, n) Private-key: (d,n) RSA function: f(m)=me mod n
15
AES
Encryption Decryption
M E C
KUa
EKUa(M)=Me (mod n)
D
KRa
DKRa(C)=Cd (mod n)
M
n = pqd*e = 1 (mod ø(n))
Private keyKRa = (d, n)Public key
KUa = (e, n)
Public Key
Here we go again!! Exchange key in person Verify the pubic key
Via telephone using the key’s fingerprint, which is considerably
shorter Obtain public key through a trusted third party
Person or authority
16
17
Types of attack
Ciphertext-only attack The attacker only has a few ciphertexts to use
Known-plaintext attack The attacker possesses a few ciphertexts and the relative plaintexts
Chosen-plaintext attack Like in known-plaintext plus the attacker can choose the plaintext
that gets encrypted (more powerful) Adaptive-chosen-plaintext attack
Like in chosen-plaintext attack plus the attackers can modify the choice based on the results of previous encryption
18
Brute Force Attacks
All cryptosystems can be broken with a ciphertext-only attack aka Brute Force Attack It doesn't apply to OTP
Brute force attack Try all possible keys Try all possible plaintext (Dictionary attack for passwords) Complexity
Complexity of the attack Data Complexity, Processing Complexity, Storage requirements
19
Firewalls
A firewall is a barrier placed between the private network and the outside world.
All incoming and outgoing traffic must pass through it. Types firewall : Router-Based Host Based
20
Secure Protocols
SSL SET S/MIME TLS SSH And …
21
SSL
Originally designed for TCP Assumes reliable delivery of packets Cannot run on UDP or IP
Other SSL variants work over UDP Microsoft’s STLP WAP Forum’s WTLS
22
SSL
Three purposes: Agree on a set of algorithms to be used in the communication Establish the key to be used with the above algorithms Optionally authenticate the client
23
SET
Developed by Visa and MasterCard Designed to protect credit card transactions Confidentiality: all messages encrypted Trust: all parties must have digital certificates Privacy: information made available only when and
where necessary
24
SET
25
S/MIME Uses encryption
both symmetric and public key strategies
Symmetric key is transmitted with the message Shared secret is encoded using public key of the
recipient Uses digital signatures to protect against tampering
and forgery
26
S/MIME Problems with RFC 822
Cannot send binaries and executables Limited to 7-bit ASCII Oversized emails could be rejected Encoding problems
MIME introduces five new header fields Allows new content and multiple content Defines transfer encodings for message bodies
27
S/MIME Versions Version 2
widely implemented but limited 40-bit keys (the RC2 algorithm) RSA-patented symmetric algorithms
Version 3 currently in IETF draft
uses Diffie-Hellman instead of RSA technology support for strong encryption
28
TLS
The TLS protocol comes from lessons learned by the SSL and PCT protocols
Very similar to the SSL v3 protocol The TLS v1.0 protocol is described in
RFC2246 The TLS protocol is composed by two layers:
TLS record protocol TLS handshake protocol
29
TLS
The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications.
Goals of TLS Cryptographic security Interoperability Extensibility Relative efficiency
30
SSH
SSH provides secure replacements for rsh, rlogin, rcp, ftp, and telnet, all of which transmit data over the network as clear text
The SSH protocol was developed in 1995 to address the various security issues associated with the "r-commands"
Developed by Tatu Ylönen, a researcher at the Helsinki University of Technology
31
SSH
SSH protocol is based on a client/server architecture A user who wants to connect to a remote host will execute the ssh
command (the client) on his local machine It will connect to the remote computer's ssh daemon (the server)
There are two primary versions of the SSH protocol SSH-1 SSH-2
32
Payment Gatway
Decrypt the digital license to obtain and decrypt the symmetric key block
Verify the sign vendor Decrypt digital pay to obtain and decrypt the symmetric key
block
33
IPSec—IP Security
Provide encryption and integrity protection to IP packets (and authentication of two peers). AH (Authentication Header)
An additional header, provides integrity protection ESP (Encapsulating Security Payload)
Also an addition header, provides encryption and integrity protection
IKE (Internet Key Exchange) Establishing session keys (used for AH & ESP) as well as
authentication. Both AH and ESP are called IPSec Headers. Authentication: users and data.
34
Security Associations (SA)
Provide encryption and integrity protection to IP packets (and authentication of two peers). AH (Authentication Header)
An additional header, provides integrity protection ESP (Encapsulating Security Payload)
Also an addition header, provides encryption and integrity protection
IKE (Internet Key Exchange) Establishing session keys (used for AH & ESP) as well as
authentication. Both AH and ESP are called IPSec Headers. Authentication: users and data.
35
IPSec mode usage
Transport mode is used when IPSec is used end-to-end
Tunnel mode is used between firewalls or endnode and firewall. (Example)
Combination of multiple modes In tunnel mode, the original IP packet will be kept
intact (not really?).
36
IKE phases
Phase 1 Mutual authentication and establishes session
keys (used in phase 2) by key exchange, called IKE SA
How about authentication: Pre-shared secret key Public encryption key Public signature key
Establishes session key Diffie-Hellman key exchange, protected by above keys.
37
IKE phases
Phase 2 Establish multiple session keys, such as ESP SA,
AH SA, …
38
IKE phase 1—main mode
Alice Bob
Crypto suites I support
Crypto suite I choose
ga mod p
gb mod p
gab mod p{“Alice”, proof I am Alice}
gab mod p{“Bob”, proof I am Bob}
39
IKE phase 2
Any party can initiate a quick mode exchange to set up an ESP SA or AH SA Negotiating crypto parameters Optionally doing a Diffie-Hellman exchange (if
perfect forward secrecy is desired) Negotiating what traffic will be sent on the SA
40
Thank you