Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice...
-
Upload
chastity-collins -
Category
Documents
-
view
221 -
download
1
Transcript of Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice...
![Page 1: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/1.jpg)
WWWWWW
Chapter 14
Encryption: A Matter Of Trust
![Page 2: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/2.jpg)
2WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
OBJECTIVES
• What is Encryption?• Basic Cryptographic Algorithm• Digital Signatures• Major Attacks on Cryptosystems• Digital Certificates• Key Management• Internet Security Protocols and Standards• Government Regulations
![Page 3: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/3.jpg)
3WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
WHAT IS ENCRYPTION?
• Based on use of mathematical procedures to scramble data to make it extremely difficult to recover the original message
• Converts the data into an encoded message using a key for decoding the message
![Page 4: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/4.jpg)
4WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
WHAT DOES ENCRYPTION SATISFY?
• Authentication
• Integrity
• Nonrepudiation
• Privacy
![Page 5: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/5.jpg)
5WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
BASIC CRYPTOGRAPHIC ALGORITHM
• Secret Key– The sender and recipient possess the same single
key
• Public Key– One public key anyone can know to encrypt– One private key only the owner knows to decrypt– Provide message confidentiality– Prove authenticity of the message of originator
![Page 6: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/6.jpg)
6WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
COMMON CRYPTOSYSTEMS
• RSA Algorithm– Most commonly used but vulnerable
• Data Encryption Standards (DES)– Turns a message into a mess of unintelligible
characters
• 3DES• RC4• International Data Encryption Algorithm (IDEA)
![Page 7: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/7.jpg)
7WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
DIGITAL SIGNATURES
• Transform the message signed so that anyone who reads it can be sure of the real sender
• A block of data representing a private key
• Serve the purpose of authentication
![Page 8: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/8.jpg)
8WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
MAJOR ATTACKS ON CRYPTOSYSTEMS
• Chosen-plaintext Attack
• Known-plaintext Attack
• Ciphertext-only Attack
• Third-party Attack
![Page 9: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/9.jpg)
9WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
DIGITAL CERTIFICATES
• An electronic document issued by a certificate authority (CA) to establish a merchant’s identity by verifying its name and public key
• Includes holder’s name, name of CA, public key for cryptographic use, duration of certificate, the certificate’s class and ID
![Page 10: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/10.jpg)
10WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
CLASSES OF CERTIFICATES
• Class 1– Contains minimum checks on user’s background– Simplest and quickest
• Class 2– Checks for information e.g. names, SSN, date of
birth– Requires proof of physical address, etc.
![Page 11: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/11.jpg)
11WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
CLASSES OF CERTIFICATES (Cont’d)
• Class 3– You need to prove exactly who you are and you
are responsible– Strongest
• Class 4– Checks on things like user’s position in an
organization in addition to class 3 requirements
![Page 12: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/12.jpg)
12WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
KEY MANAGEMENT
• Key Generation and Registration
• Key Distribution
• Key Backup / Recovery
• Key Revocation and Destruction
![Page 13: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/13.jpg)
13WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
THIRD-PARTY SERVICES
• Public Key Infrastructure– Certification Authority– Registration Authority– Directory Services
• Notary Services
• Arbitration Services
![Page 14: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/14.jpg)
14WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
INTERNET SECURITY PROTOCOLS & STANDARDS
• Web Application– Secure Socket Layer (SSL)– Secure Hypertext Transfer Protocol (S-HTTP)
• E-Commerce– Secure Electronic Transaction (SET)
• E-Mail– PGP– S/MIME
![Page 15: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/15.jpg)
15WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
SSL
• Operates between application and transport layers
• Most widely used standard for online data encryption
• Provide services:– Server authentication– Client authentication– Encrypted SSL connection
![Page 16: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/16.jpg)
16WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
S-HTTP
• Secure Web transactions
• Provides transaction confidentiality, integrity and nonrepudiation of origin
• Able to integrate with HTTP applications
• Mainly used for intranet communications
• Does not require digital certificates / public keys
![Page 17: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/17.jpg)
17WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
SET
• One protocol used for handling funds transfer from credit card issuers to a merchant’s bank account
• Provide confidentiality, authentication and integrity of payment card transmissions
• Requires customers to have digital certificate and digital wallet
![Page 18: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/18.jpg)
18WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
PGP
• Encrypts the data with one-time algorithm, then encrypts the key to the algorithm using public-key cryptography
• Supports public-key encryption, symmetric-key encryption and digital signatures
• Supports other standards, e.g. SSL
![Page 19: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/19.jpg)
19WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
S/MIME
• Provides security for different data types and attachments to e-mails
• Two key attributes:– Digital signature– Digital envelope
• Performs authentication using x.509 digital certificates
![Page 20: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/20.jpg)
20WWWWWW Awad –Electronic Commerce 2/e© 2004 Pearson Prentice Hall
GOVERNMENT REGULATIONS
• National Security Agency (NSA)
• National Computer Security Center (NCSC)
• National Institute of Standards and Technology (NIST)
• Office of Defense Trade Controls (DTC)
![Page 21: Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649e195503460f94b05d0a/html5/thumbnails/21.jpg)
WWWWWW
Chapter 14
Encryption: A Matter Of Trust