1 / 19

E-COMMERCE

E-COMMERCE. CIT 245. By Mohammed A. Saleh. 1. PKI INFRASTRUCTURE. The Key to Security: Cryptography Relies on two basic components: an algorithm and a key An algorithm is a method used to encrypt a message and a key is an object used to decrypt a message.

jacob-miranda
Download Presentation

E-COMMERCE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-COMMERCE CIT 245 By Mohammed A. Saleh 1

  2. PKI INFRASTRUCTURE • The Key to Security: Cryptography • Relies on two basic components: an algorithm and a key • An algorithm is a method used to encrypt a message and a key is an object used to decrypt a message. • In a system where the letters are substituted for other letters, the “key” is the chart of paired letters and algorithm is the substitution. • If two parties want to communicate, they must use the same algorithm, in some cases use the same key. 2

  3. PKI INFRASTRUCTURE • Cryptographic keys must be kept secret. • Sometimes algorithms are kept secret, as the method of encryption may hold the very method used to decrypt the message. • What is a Cryptosystem? • It is a mathematical function for processing data and there is nothing secret about the function except the key. 3

  4. PKI INFRASTRUCTURE • Public Key Infrastructure • The “state of art” in authentication rests on PKI. • It has become the cornerstone for secure e-payments. • It refers to the technical components, infrastructure, and practices needed to enable the use of public key encryption, digital signatures and digital certificates with a network application. • Network applications include SCM, VPNs, secure e-mail, and intranet applications. 4

  5. PKI INFRASTRUCTURE • Private and Public Key Encryption • At the heart of PKI is encryption. • Encryption is the process of transforming or scrambling data in such a way that is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt). • Encryption has four basic parts: plaintext, ciphertext, an encryption algorithm, and the key. • Two major classes of encryption systems are symmetric systems, with one secret key, and asymmetric systems, with two keys. 5

  6. Encryption components 6

  7. PKI INFRASTRUCTURE • Symmetric (Private) Key System • The same key is used to encrypt and decrypt the plaintext. • The sender and the receiver of the text must share the same key without revealing it to anyone else – thus making it a private system. Private Key Private Key Plaintext Message Ciphertext Plaintext Message Encryption Decryption 7

  8. PKI INFRASTRUCTURE • The confidentiality of the message depends on the key. • It is possible to guess a key simply by having a computer try all of the encryption combinations until the message is decrypted. • High-speed processing computers can try millions of guesses in a second. • This is why the length of the key (in bits) is the main factor in securing a message. • If the key were 4 bits long (e.g., 1011) there would be only 16 possible combinations. (i.e. 2 raised to the 4th power) 8

  9. PKI INFRASTRUCTURE • The longer the key, the more the possible combination hence more time needed to crack a key. • For a 40-bit key, there are over a trillion possible combinations but this can be broken in 8 days. (using a computer that can check 1.6 million keys per second). • However, a 64-bit encryption key would take 58.5 years to be broken (at 10 million keys per second) 9

  10. PKI INFRASTRUCTURE • Examples of Encryption Techniques • Caesar’s Method • Oldest techniques of encryption • Traces its history back to Roman times. • It involves shifting each letter of the message to a letter that appears k letters after it. • When it was first devised by the Romans. k was equal to 3, it meant that each letter was shifted 3 places to the right. • Example, ‘A’ would be transformed to ‘D’, ‘B’ to ‘E’, ‘C’ to ‘F’, and so on. 10

  11. PKI INFRASTRUCTURE 11

  12. PKI INFRASTRUCTURE • Using this scheme, the plain text “SECRET” would encrypt as “VHFUHW”. • To enable to read the cipher text, you tell person receiving the message that the key is 3. • This is not a very safe system. • Data Encryption Standard (DES) • Encrypts and decrypts data in 64-bit blocks, using a 64-bit key, although effective key strength is only 56 bits. • It takes a 64-bit block of plain text as input and outputs a 64-bit block of cipher text. 12

  13. PKI INFRASTRUCTURE • Operates on blocks of equal sizes • Over time, sort cut attacks were found that could significantly reduce the time to find the DES key by brute force. • With faster and more powerful computers, it was recognized that the 56-bit key was simply not large enough for high security applications. • With these security flaws DES was abandoned and a replacement of it was the Advances Encryption Standard (AES). 13

  14. PKI INFRASTRUCTURE 14

  15. PKI INFRASTRUCTURE • Asymmetric (Public) Key Encryption • Uses a pair of matched keys – a public key that is publicly available to anyone and a private key that is known only to its owner. • If a message is encrypted with a public key, then the associated private key is required to decrypt the message. • When a user wants to send a message to another user, he simply needs to encrypt the message to be sent using the recipient's public key (which he can find, for example, in a key server such as an LDAP directory). The latter will be capable of decrypting the message with his private key (that only he knows). 15

  16. PKI INFRASTRUCTURE 16

  17. PKI INFRASTRUCTURE • Examples of Encryption Techniques • Rivest, Shamir and Alderman (RSA) • Invented by three cryptographers, being the first practical commercial public key cryptosystem. • Used in web browsers, e-mail programs, mobile phones, VPN, secure shells and many more. • It uses large prime numbers for its purposes. • Works on the basic fact that prime numbers are extremely difficult to factorize. 17

  18. PKI INFRASTRUCTURE • Take two prime numbers of say, 50 bits each and multiply them using the most current supercomputing technology it would take more than a 1000 yrs to factorize them • Seems to be reliable and a fast algorithm. 18

  19. Exercises • 1. What are the possible combinations for the following symmetric keys: • 4-bit key, 12-bit key and 64-bit key • 2. What is the cipher text of the following plain text message “ONCE IN A BLUE MOON” (use Caesar’s method of encryption where k is 4) • 3. What are the pros and cons of symmetric and asymmetric encryption. • 4. What is the difference between a dictionary and a brute force attack? 19

More Related