E-commerce Systems security / /2 13 IASBS 1 Security Function of - - PowerPoint PPT Presentation

13 /راو/2 IASBS 1

E-commerce Systems security

2

Security Function of Network

• 13

/راو/22 IASBS

3

Goals of Security

!

• !
• !

"

13 /راو/23 IASBS

Cryptography Algorithms

• Symmetric Algorithm (Secret Key Algorithm)
• Public Key Algorithm
• Message Digest

13 /راو/24 IASBS

13 /راو/2 IASBS 5

Cryptography: Basic Terminology

#$%$&

' !( ' )#(

*%&

' *( ' *(

"$

' *( ' "(

%&

' $ ' (

13 /راو/2 IASBS 6

Encryption and Decryption

E D M C M The following identity must hold true: D(C) = M, where C = E(M)

13 /راو/2 IASBS 7

Cryptography: Algorithms and Keys

• +, -

(

• (
• (
• (
• *..(

13 /راو/2 IASBS 8

Key Based Encryption/Decryption

E D M C M . ( . ( K1 K2

Symmetric Encryption Symmetric Encryption

“An introduction An introduction to cryptography” to cryptography”

“AxCvGsmWe# “AxCvGsmWe#4^, ^, sdgfMwir sdgfMwir3:dkJeTs :dkJeTs Y8R\s@!q s@!q3%” %” “An introduction “An introduction to cryptography” to cryptography”

Clear Clear-text input text input Clear Clear-text output text output Cipher Cipher-text text

Same key Same key

(shared secret) (shared secret)

Encryption Encryption Decryption Decryption

DES DES DES DES 13 /راو/29 IASBS

Asymmetric Encryption Asymmetric Encryption

“An introduction “An introduction to cryptography” to cryptography” “Py “Py75 75c%bn&*) c%bn&*)9|f |f De^bDzjF@g De^bDzjF@g5=& =& nmdFgegMs” nmdFgegMs” “An “An introduction to introduction to cryptography” cryptography”

Clear Clear-text Input text Input Clear Clear-text Output text Output Cipher Cipher-text text

Different keys Different keys

Encryption Encryption Decryption Decryption

RSA RSA RSA RSA 13 /راو/210 IASBS

Symmetric Algorithm

.(

' -( ' /.-.%01&

• Sender and Receiver Use Same Secret Key
• Advantage :simple, Fast Encryption and Decryption
• Disadvantage: key exchange, key management
• Algorithms : RC4, DES, IDEA, etc

Encryption Decryption PlainText CipherText Original PlainText K K

13 /راو/211 IASBS

13 /راو/2 IASBS 12

Symmetric Key - Issues

EMTM 553 13

Symmetric Key - Issues

Key management, keys required = (p*(p-1))/2 or:

13 /راو/213 IASBS

DES (Data Encryption Standard)

• #23442343(
• 5-016789:0.

' *8 (

• 0101(
• *01:0.

DES Encryption 64 bit M 64 bit C 56 bits

13 /راو/214 IASBS

DES: Top-Down View

Permutation Permutation Swap Round 1 Round 2 Round 16 Generate keys Initial Permutation 48-bit K1 48-bit K2 48-bit K16 Swap 32-bit halves Final Permutation 64-bit Output 48-bit K1 64-bit Input 56-bit Key

…...

13 /راو/215 IASBS

13 /راو/2 IASBS 16

• 2. Public Key Cryptography

E D M C M 5;%& ;<.5;%& ;<.( KR(pub) KR(pri) S R

Asymmetric Encryption Asymmetric Encryption

“An introduction An introduction to cryptography” to cryptography” “Py “Py75 75c%bn&*) c%bn&*)9|f |f De^bDzjF@g De^bDzjF@g5=& =& nmdFgegMs” nmdFgegMs” “An An introduction to introduction to cryptography” cryptography”

Clear Clear-text Input text Input Clear Clear-text Output text Output Cipher Cipher-text text

Different keys Different keys

Encryption Encryption Decryption Decryption

RSA RSA RSA RSA 13 /راو/217 IASBS

13 /راو/2 IASBS 18

Establishing Shared Secrete

Internet

19

Simplified Math Tricks

• #.

(

• ),,

6%((4$2472&

• ,,

2%((=$42>72&

• .(
• *$

' )1 ' !1?=2>7@ ' !@$42>71

13 /راو/2 IASBS

20

Asymmetric Algorithms

• .(
• *..(
• A(
• *.

.(

• .(
• ,$(
• *$-; B*+(

13 /راو/2 IASBS

21

Public Key Cryptosystem

13 /راو/221 IASBS

22

RSA Public Keys

C;; D 2348( ),.,. (

13 /راو/2 IASBS

23

RSA Key Generation

#.6( DE67 β7%2&%62&( " -2FFβ %β&72(%& "6 2FFβ E≡ 2%β&( %& !.GH .GH( !6.(

13 /راو/2 IASBS

24

Encryption and Decryption

, /( 7 ,GH/< .( /( !/7, GH/<.( ! , /( /.,(

13 /راو/2 IASBS

25

RSA - Authentication

• ,/

(

• 7 ,%& <

.(

• /(
• !/%&

7 .(

• ; ,.

%((*&(

• ; ,

(

13 /راو/2 IASBS

RSA Example - Key Setup

2(

• p=17 & q=11

@( " n = pq =17 x 11=187 =( " I(n)=(p–1)(q-1)=16 x 10=160 1( e- gcd(e,160)=1; e=7 :( d- de=1 mod 160 d < 160 d=23 23x7=161= 1x160+1 0( #.PU={7,187} 4( 5.PR={23,187}

13 /راو/226 IASBS

Example: Confidentiality Example: Confidentiality

Different keys Different keys

Recipient’s Recipient’s public key public key Recipient’s Recipient’s private key private key

private private public public

Encryption Encryption Decryption Decryption

“An An introduction to introduction to cryptography” cryptography” “Py Py75 75c%bn&*) c%bn&*)9|f |f De^bDzjF@g De^bDzjF@g5=& =& nmdFgegMs” nmdFgegMs” “An An introduction to introduction to cryptography” cryptography”

Clear Clear-text Input text Input Clear Clear-text Output text Output Cipher Cipher-text text

13 /راو/227 IASBS

Diffie-Hellman Key Exchange

J5*$ CJ!* KB2340 $ . L#" #

13 /راو/228 IASBS

29

Global Public Elements

6 # α α F6

13 /راو/2 IASBS

30

User A Key Generation

? ? F6 "M M 7α ?

6

13 /راو/2 IASBS

31

User B Key Generation

?/ ?/ F6 "M/ M/ 7α ?

/ 6

13 /راو/2 IASBS

32

Generation of Secret Key by User A

57%M/&?

6

13 /راو/2 IASBS

33

Generation of Secret Key by User B

57%M &?

/ 6

13 /راو/2 IASBS

34

Diffie-Hellman Key Exchange

13 /راو/2 IASBS

Diffie-Hellman Key Exchange

/ / /

• Public Parameters:

large prime q primitive root a

Choose a secret XA Compute YA = aXA mod q Send YA Choose a secret XB Compute YB = a

XB

mod q Send YB Shared Key KAB = YB

XA

= a X

Shared Key KAB = YA

XB

= a X

13 /راو/235 IASBS

Diffie-Hellman Example

K/,,,.- q=353 α=3 .-

' xA=97, /xB=233

.-

– yA==

97 mod 353 = 40

% & – yB==

233 mod 353 = 248 %/&

.-

KAB= yB

xA mod 353 = @18 97 = 160

% & KAB= yA

xB mod 353 = 1> 233 = 160

%/&

13 /راو/236 IASBS

13 /راو/2 IASBS 37

ELGAMAL CRYPTOGRAPHIC

13 /راو/2 IASBS 38

ELGAMAL CRYPTOGRAPHIC

13 /راو/2 IASBS 39

ELGAMAL CRYPTOGRAPHIC

13 /راو/2 IASBS 40

Alice generates a key pair as follows:

13 /راو/2 IASBS 41

ELGAMAL CRYPTOGRAPHIC

Suppose Bob wants to send the message with the value M =17

13 /راو/2 IASBS 42

ELGAMAL CRYPTOGRAPHIC

For decryption:

نر

مروا ن یار ن یور; ؟دھد و ؟ت و د د لور! ن یار ور B ؟دھد و دراد دو"و مروا=* زا ار ؟ دھد وار@* ؟دو هد%ا یو & یراذ(زر*"" ؟دھد حر ل روط ار

13/راو/2 IASBS 43

13 /راو/2 IASBS 44

Q&A