e-. e-com. e-commer. e-commer. CHAPTER 9. e-commerce. e-commerce. e-commerce. e-com. e-commerce. e-commerce. ELECTRONIC COMMERCE: SECURING NETWORK TRANSACTION. e-commerce. e-com. e-commerce. e-c. e-commerce. e-commerce. e-commerce. e-commerce. e-commerce. e-commer.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
e- e-com e-commer e-commer CHAPTER 9 e-commerce e-commerce e-commerce e-com e-commerce e-commerce ELECTRONIC COMMERCE: SECURING NETWORK TRANSACTION e-commerce e-com e-commerce e-c e-commerce e-commerce e-commerce e-commerce e-commerce e-commer
Electronic Commerce - Transaction Security Issues • Disclosure: • Release of message contents to any person not authorized to see them • Traffic Analysis: • It refers to the discovery of the pattern of traffic between parties. • Masquerade: • It refers to insertion of messages into the network from a fraudulent source. • Content modification: • Changes to the contents of a message, including insertion, deletion, transposition, or modification. • Sequence modification: • It refers insertion, deletion, and reordering of some sequenced packets by the intruder during transmission. • Timing modification: • It refers to delayed or replay of old message sequences that were recorded by intruder in an earlier transaction. • Repudiation: • It refers to the denial of receipt of message by destination or denial of transmission of message by source.
Electronic Commerce - Transaction Security • Four Important transaction security issues • Secrecy • Authentication • Ability to identify whom are you talking to, before revealing business secrets are entering in a business deal • non-repudiation • How do you prove that the electronic order was placed for 500 cards at Rs5.00 each, when later on party denies placing it or at a lower price. It deals with those “signed deals”. • How can you be sure before scheduling production of a custom order, that it was not a trick by a malicious adversary. • integrity control • In real life we deal with these issues too. Secrecy and integrity using registered mails, locking the documents up • Original documents address the non-repudiation & Authentication is addressed by recognizing faces,voices, signs etc.
Electronic Commerce - Transaction Security • The transaction security can be partly addressed by encrypting the transmission at various network layers. It can provide the secrecy and integrity control. But, authentication and non-repudiation can be dealt at the application level. • Encryption ? • Based on the science of Cryptography • Pioneers • Military • Diplomatic Core • Diarists • Lovers • Code clerks performed necessary transformations ==> Slow process • Switching from one system to another was difficult • capture of code clerk ==> change in system
Electronic Commerce - Transaction Security Intruder Plaintext,P Plaintext,P Decryption Method Encryption Method Decryption key, K Encryption key, K Cyphertext C= EK (P) The Encryption Model Prof. Bharat Bhasker, Indian Institute of Management Lucknow - CSI-99
Electronic Commerce - Encryption • Intruder does not have decryption key; the Cryptology has two parts • Cryptography art of encrypting the message of plaintext • Cryptanalysis art of breaking the cipher to get the plaintext C = EK(P) P = DK(C) DK(EK(P)) = P • Cryptanalyst knows the method of encryption E, thus only K is a secret. • Public algorithm with key as variable, on compromise key is changed not the algorithm. • Also, any security mechanism based on fact that intruder is unaware of schemes is self-defeating, On the other hand, the publicity helps in testing the robustness.
Electronic Commerce - Encryption • Key is the important factor that helps in choosing an encryption method. • Key can be changes as often as you desire. • Basic model has stable algorithm,,parameterized by a key Length of a Key Combination Lock -- 2 digit ==> 100 possibilities 3 digit ==> 1000 6 digit ==> Severe deterent Longer the key higher the Work factor 64 bit key may keep off the garden variety intruders -- Kid brothers 256 bit key may keep off the BIG BROTHER
Electronic Commerce - Encryption • Cryptanalysts divide the problem in three subtypes • Ciphertext Only • Ciphertext and some matched Plaintext (e.g., Please Login, Proto headers) • Ciphertext and Chosen Plaintext (What’s the encryption of ABCDE) • Encryption Methods • Substitution Ciphers : each letter or a group of letters are replaced by another group of letters to disguise it. • Caesar’s Cipher (Oldest Known) • a -> D • b -> E attack • c -> F DWWDFN • Rotation by 3 a b c d e f g h I j q w e r t y u I o p • This is mono-alphabetic substitution
Electronic Commerce - Encryption • The Mono-alphabetic substitution offers 26! Mappings and looks quite safe. • Surprisingly, given a small amount of ciphertext, it can be easily broken. • Crytanalyst can exploit the statistical properties of the language • Frequency letters e > t > o > a > n > I • digrams th > in > er > re > an • trigrams the > ing > ion • Generate relative frequecies of each alpahbet in ciphertext, assign e to the most frequent one, t to next one • look for trigrams tXe assign h to X • look for thYt Y is likely to be an ‘a’ • Another approach look for ciphertext based on context, for a accounting firm words like financial will appear. Her I is repeated after four letters. Use this as a mapping word. • Substitution Cipher preserves the order of Plaintext, but disguises it.
Electronic Commerce - Encryption • Transposition cipher reorders the letter but do not disguise it. Using a key the order of the Text is changed.
Electronic Commerce - Encryption • Two Fundamental principles of good encryption schemes • A high degree of redundancy, information not needed to understand the message For a Mail-order company CameraWorld (CW) an efficient ordering system may design a order format to be • 2 bytes for product code (60,000 product) 1 byte for qty: an efficient implementation. Suppose a disgruntled employee, having a list of customer names, generated these orders and random product codes and Qty (Without encoding) , After decryption it will still be a valid order as most of the 2 byte combinations will represent some valid values. • Assume 9 byte product code , many invalid combinations, thus difficult to forge. • Prevent Users from playing back the old messages: A competitor may tap the line record it and play it back. (also, Cyber Money) Customer Name Product Code Qty
Symmetric Encryption • Single key • Shared secret • Examples • Data Encryption Standard (DES) • Block Cipher, 56 bit key • Triple DES 112 bit key • Advanced Encryption Standard (AES) • Rijndael Algorithm • Belgian cryptographers, Joan Daemen and Vincent Rijmen. • 128, 192, 256 bit keys • Key (shared secret) vulnerable to discovery • Need to share a unique secret key with each party that you wish to securely communicate • Key management becomes unmanageable
Asymmetric Encryption • Two mathematically related keys • Unable to derive one from the other • Encrypt with one – decrypt with other • Public Key Cryptography • One (public) key published for all to see • Other (private) key kept secret • Algorithms • RSA - Integer Factorization (large primes) • Diffie-Hellman - Discrete Logarithms • ECES - Elliptic Curve Discrete Logarithm
B’s Private key Simplified model of public key encryption
Asymmetric Advantages • No shared secret key • Public key is public • Can be freely distributed or published • Key management is much easier • Private key known ONLY to owner • Less vulnerable, easier to keep secret • Supports Non-repudiation • Sender can not deny sending message
Encryption Algorithm - DES General description of DES algorithm
Encryption Algorithm – Double DES The plaintext P is encrypted with two keys to generate the ciphertext C as shown here. C = EK2( EK1(P)) For decrypting the ciphertext, the two keys are applied in reverse order. P = DK1(DK2(C )) Meet-in-the-Middle attack The double DES algorithm is unsafe due to block encryption cipher. From above, C = EK2( EK1( P )) and X = EK1( P ) = DK2( C ). For a given ( P,C), Encrypt P with for all the 256 values of K1. These results are then stored and sorted by the values of X. Next, Also decrypt C using all the 256 values of K2. Compare decryption with the stored results for a match. If a match is found, then the two resulting key values are tested against a new plaintext-ciphertext pair.
Encryption Algorithm – Triple DES The function follows an encrypt-decrypt-encrypt (EDE) sequence as shown in the figure above. C = EK1 (DK2( EK1(P))) This means that the sequence to be followed for decryption is decrypt-encrypt-decrypt (DED). P = DK1( EK2( DK1(P))) The triple DES follows EDE encryption sequence rather than EEE sequence mainly to maintain backward compatibility. A system communicating with another host that uses DES can use the k1=k2 and will be able to communicate. Triple DES is a relatively popular option to DES because of the greater security offered
Electronic Commerce - Encryption • RSA algorithm (Rivest Shamir, Adleman , MIT, 78) • Chose two large prime number p, q (order 10100) • compute n = p * q and z = (p - 1) (q - 1) • Choose a number relatively prime to z and call it d • Find e such that e * d = 1 (mod z) With e,d in hand, we are ready to present encryption and decryption algorithms. Take plaintext P, treat it as a stream of bits. Divide the stream in blocks of K-bits such that 0< 2K < n . Encryption will be done K -bits at a time. Encrypted C = Pe (mod n) and P = C d (mod n) (e,n) is advertised and is called public key; (d,n) is kept secret and is called private key Security comes from inability to factor n, Using Euclids algorithm n can be factored. For a 200 digit number 4 billion years of computer time.
Electronic Commerce – RSA Encryption • Let us pick p = 3 and q = 17 in the step one above. • The second step of the algorithm will compute n = (p*q) = (3*17) = 51 and z = (p-1)*(q-1) = 32. • Let us select e =11 that satisfies all the criteria of step 3. The selected e is odd number, it is lesser than n=51 and is relatively prime to z=32. • Compute the value of, it is 7. • plaintext P encrypted by public key (11, 51) gives the ciphertext C = P11 (mod 51). For decryption the private key (3, 51) is used to get P = C3 (mod 51). • Since n is 51, the block P will consist of 5 bits at a time. Assume each alphabet is encrypted in five bits.
Electronic Commerce – Message Digest • The algorithm generates a fixed size unique signature value for a variable sized message. • It relies on one-way hash function, which computes a fixed-length string (128-bit) as a output for any arbitrarily long piece of plaintext input. • A hash function H generates a hash value h of the form • h = H (M) • Where M is a variable-length message, and H (M) is the fixed-length has value. • The hash function (message-digest) has the following important properties: • It is easy to compute the digest MD(P) if the plaintext P is given • Given MD(P) it is effectively impossible to determine P • No two messages can have the same message digest (hash value)
Electronic Commerce – SHA • Secured Hash Algorithm closely models the Message Digest algorithm and processes the input in blocks of 512 bits. • Algorithm was developed by National Institute of Standards and Technology (NIST) and has been published as Federal Information Processing Standard 180 (FIPS 180). • Algorithm takes as input a message with a maximum length of less than 264 bits and produces as output a 160-bit message digest. T • Input is processed in blocks of 512-bits. SHA's code is 32 bit longer than MD5's, all other things being equal, it is more secure than MD5 by a factor of 232. • Additional security comes at a price of computational performance. Also having a hash code, which is not a power of two, might lead to some inconvenience.
Electronic Commerce -Authentication • Authentication technique by which a process verifies that the communication partner is who it is supposed to be, not and impostor. • Authorization is concerned with what the process is permitted to do. For example, Scotty wants to delete Startrek.txt; File server requires answers to two questions Is this really Scotty’s process? ( Authentication) Is Scotty aloowed to delete Startrek.txt ? ( Authorization) The file can be deleted only if answer to both questions is an unambiguous yes. In an insecure network environment, infested with marauding hordes of hackers initiating host have to be assured of the identity of other side. Suppose Alice(A) want to communicate securely with Bank (B), both PRICIPALS, main character of the communication story have to ascertain each others identities.
Electronic Commerce -Authentication Alice Bank A Rb Kab(Rb) Ra Kab(Ra) Authentication Based on Shared Secret Key Assumption - Both sides have a shared secret key, exchanged or agreed apriori Kab(Ks)
Electronic Commerce -Authentication Alice Bank A,Ra Rb,Kab(Ra) Kab(Rb) Kab(Ks) Authentication Based on Shared Secret Key ( Reduced messages) This protocol can be broken by Reflection attack
Electronic Commerce -Authentication (Alice) Trudy Bank A,Rt Rb,Kab(Rt) A, Rb Rc,Kab(Rb) Kab(Rb) Reflection Attack on Reduced message algorithm Trudy sends A,Rt to B; B sends Rb,Kab(Rt) to Trudy; Trudy has no answer for the new challenge; She opens a new session sending Rb as the challence to B, on getting the response sends the encoded message back to Bank as answer for I session
Electronic Commerce- Authentication General Principles of designing an Authentication Protocol Have the initiator prove, who she is before responder has to. In this case Bank gives away valuable information to before Trudy has to give any evidence of who she is. • Have the initiator and responder use different keys for proof. Even if it means having two different shared keys Kab and Kab’. • Have the initiator and responder draw their challenges from a different set altogether. For example, initiator may use even, while responder odd numbers. How to establish a shared key? Offline over phone. -- How do you know it’s not an intruder? Arrange a meeting -- Drivers licences, credit cards, and bank a/c etc. Not an easy task to arrange a meeting!! • We present a protocol for exchanging keys online- Even though Trudy is watching it
Electronic Commerce -Authentication Alice (pick x) (gy mod n)x gxymod n Bank (pick y) (gx mod n)y gxymod n N,g,gx mod n gy mod n Diffie Hellman Key Exchange To large primes n, g, where (n-1)/2 is also a prime; Alice chooses x and Bank y; Trudy sees this all. Knows n,g and other numbers. Trouble is given ,gx mod n she can not deduce x; No practical algorithm for computing discrete log modulo a very large prime number is known.
Electronic Commerce -Authentication Trudy (pick z) Bank (pick y) Alice (pick x) n,g,gx mod n n,g,gz mod n gz mod n gy mod n Diffie Hellman Key Exchange Trudy by putting herself in the middle has convinced A and B that they are talking to each other; A and B setup a session key with Trudy. She intercepts every message between A and B; Modifies it, if so desired. This called (wo)man in the middle attack. Sharing a secret with stranger almost worked; Anyway to talk to n-people, you need n separate keys ; n plastic chip cards (Sour Grapes)
Electronic Commerce -Authentication KDC Trusted Center Bank Alice A,Ka(B,Ks) Kb(A,Ks) Authentication through -- Key Distribution Center • Each user has a shared key with KDC; Authentication and shared key exchange is done through KDC. • Trudy needs some money; She decides to work for A; asks A to pay her through bank transfer. A establishes a key Ks with Bank through KDC. A sends B request to transfer money to Trudy’s account. (Aha! Trudy recorded them) • She relays it; B thinks she works for A and transfers Money. (Replay Attack) • Solutions Timestamp: Unique message numbers (How long? Replay happens after an year!)
Electronic Commerce -Authentication Bank Alice A,B,R,Ka(A,B,R,Ra) A,Ka(A,B,R,Ra), B,Kb(A,B,R,Rb) KDC Trusted Center Ka(Ra,Ks) Kb(Rb,Ks) Authentication through -- KDC (Otway-Rees authentication protocol) • A generate R and Ra (Challenge & fresh random number) , B adds it’s own challenge, Rb and sends it’s own encrypted and A’s message to KDC. KDC decodes both, compares R. If same, sends Ks along with challenges to both A,B. • Alice receives same Ra, as proof KDC not Trudy sent the message. Also, replay is possible. • First exhange of message through Ks further ensures A and B are talking.
Electronic Commerce -Authentication Bank Alice Eb(A,Ra) Ea(Ra,Rb,Ks) Ks(Rb) Authentication through -- Public Key Cryptography • A uses B’s public key and sends a challenge. B is not sure whether A or Trudy sent the message. B plays along and sends Ra, Rb(new challenge) and secret key Ks. A decrypts it using private key, finds Ra (good news) ; Trudy can’t find Ra so it must be B. It’s also fresh Ra, can’t be replay. Alice agrees for session and sends Ks(Rb); Bank decrypts Rb using Ks it had sent, and is sure of A’s identity.
Digital Signature • Type of Electronic Signature • Combines one-way secure hash functions with public key cryptography • Hash function generates fixed length value • No two documents produce the same hash value • Secure Hash Algorithm 1 (SHA-1) • Characteristics • Data Integrity - hash value • Non-repudiation – encrypted with private key • Does NOT provide confidentiality
Sue's Private Key Hash Value 0F47CEFF AE0317DB AA567C29 0101011110000110101 1011110101111010111 encrypt Digital Signature Hash Function Digital Signature Creation Dear Mr. Bob: We have asked the Court to issue a restraining order against you to stay away from my client. Sincerely, B. Chen Chen & Li , Law Firm Dear Mr. Bob: We have asked the Court to issue a restraining order against you to stay away from my client. Sincerely, B. Chen Chen & Li , Law Firm Attorney
Chen’s Public Key Dear Mr. Bob: We have asked the Court to issue a restraining order against you to stay away from my client. Sincerely, B. Chen Chen & Li , Law Firm 0F47CEFF AE0317DB AA567C29 0F47CEFF AE0317DB AA567C29 0101011110000110101 1011110101111010111 decrypt Digital Signature Validation Signature is valid if the two hashes match
But • How do you know for sure who is the owner of a public key?
Public Key Infrastructure Public Key Infrastructure (PKI) provides the means to bind public keys to their owners and helps in the distribution of reliable public keys in large heterogeneous networks. NIST The set of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke Public Key Certificates based on public-key cryptography. IETF PKIX working group
Public Key Certificates • Digital Certificates • Binds a public key to it's owner • Issued and digitally signed by a trusted third party • Like an electronic photo-id • Follows X509 V3 standard – RFC 2459
X509 V3 Basic Fields • Owner's X.500 distinguished name (DN) • C=IN;O=GOV,OU=IIML;CN=Bharat Bhasker • Owner's public key • Validity period • Issuer's X.500 distinguished name
X509 V3 Extensions • Location of certificate status information • Location of Issuer's certificate • Subject's Alternative Name • email address, employee ID • Key Usage constraints • Only for digital signatures • Only for encryption • Policy information • Level of trust
PKI Components • Certification Authority (CA) • Registration Authority (RA) • Repository • Archive • Users