slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
E-Commerce Architectures and Technologies PowerPoint Presentation
Download Presentation
E-Commerce Architectures and Technologies

Loading in 2 Seconds...

play fullscreen
1 / 101

E-Commerce Architectures and Technologies - PowerPoint PPT Presentation


  • 65 Views
  • Uploaded on

E-Commerce Architectures and Technologies. Rob Oshana Southern Methodist University. Cryptography. Security Service Layers. Non-repudiation. Data Integrity. Data Confidentiality. Access Control. Authentication. Authentication. Typically the first step to gain access to a system

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'E-Commerce Architectures and Technologies' - liora


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

E-Commerce

Architectures

and Technologies

Rob Oshana

Southern Methodist

University

security service layers
Security Service Layers

Non-repudiation

Data Integrity

Data Confidentiality

Access Control

Authentication

authentication
Authentication
  • Typically the first step to gain access to a system
    • user name and password
  • Process of proving your identity
  • Kerberos is an example
  • Data Origin Authentication Service
    • provides confirmation that the source of data received is as claimed.
  • Peer-Entity Authentication Service
    • provides confirmation that a peer entity in an association is the one claimed
access control
Access Control
  • Provides protection against the unauthorized use of accessible resources using network protocols
    • permissions for files, directories, and processes
  • Specifies what resources a user or service may access on the network
  • A prerequisite for access control is proper authentication
data confidentiality
Data Confidentiality
  • Protection of data from unauthorized disclosure
    • connection confidentiality
    • connectionless confidentiality
    • traffic flow confidentiality
  • Protection of data from passive threats
data integrity
Data Integrity
  • Provides protection from active threats
    • Connection Integrity with Recovery Service
    • Connection Integrity without Recovery Service
    • Selective Field Connection Integrity Service
    • Connectionless Integrity Service
    • Selective Field Connectionless Integrity Service
non repudiation
Non-repudiation
  • The denial by one of the entities involved in a communication of having participated in all or part of the communication
  • Prevents one of the entities involved in a communication to later deny having participated in all or part of the communication
    • Non-Repudiation of Origin Service
    • Non-Repudiation of Receipt Service
security transport protocols

Telnet

Telnet

HTTP

HTTP

FTP

FTP

TCP

TCP

TCP

TCP

IP

IP

IP

IP

Security Transport Protocols

Secure Messaging

(S-MIME, PGP)

Telnet over SSL

FTP over SSL

HTTP over SSL

Secure Telnet

Secure HTTP

Secure FTP

SSL

Network layer

Transport layer

Application layer

Above the

application layer

historical ciphers
Historical Ciphers
  • Nonstandard hieroglyphics, 1900BC
  • Atbash cipher (Old Testament, reversed Hebrew alphabet, 600BC)
  • Caesar cipher;
    • letter = letter + 3
    • ‘fish’ -> ‘ilvk’
  • rot13: Add 13/swap alphabet halves
    • usenet convention used to hide possibly offensive jokes
    • applying it twice restores original text
substitution ciphers
Substitution Ciphers
  • Simple substitution cipher;
    • a=p, b=m, c=f…
  • Break via letter frequency analysis
  • Polyalphabetic substitution cipher
    • 1. A=p, b=m, c=f…
    • 2. A=l, b=t, c=a…
    • 3. A=f, b=x, c=p,…
  • Break by decomposing into individual alphabets, then solve as simple substitution
one time pad 1917
One-time Pad (1917)
  • OTP is unbreakable provided
    • pad is never reused
    • unpredictable random numbers are used (physical sources, eg radioactive decay)

Message s e c r e t

18 5 3 17 5 19

OTP +15 8 1 12 19 5

--------------------------------------------------

17 13 4 3 24 24

g m d c x x

one time pad
One time Pad
  • Used by
    • Russian spies
    • Washington-Moscow “hot-line”
    • CIA covert operations
  • Many snake oil algorithms claim unbreakability by claiming to be a OTP
    • pseudo-OTPs provide pseudo-security
  • Cipher machines attempted to create approximations to OTPs, first mechanically, then electronically
cipher machines 1920
Cipher Machines (1920)
  • Basic component is a wired rotor
    • simple substitution
  • Step the rotor after each letter
    • polyalphabetic substitution, period = 26

-> ‘M’

‘A’ ->

cipher machines
Cipher Machines
  • Chain multiple rotors
  • Each steps the next one when a full turn is complete

-> ‘P’

‘A’ ->

cipher machines1
Cipher Machines
  • Two rotors, period = 26 X 26 = 676
  • Three rotors, period = 26 X 26 X 26 = 17,576
  • Rotor sizes are chosen to be relatively prime to give maximum-length sequence
  • Key is rotor wiring and rotor start position
cipher machines2
Cipher Machines
  • Famous rotor machines
    • Japan, Red, Purple
    • Germany, Enigma
  • Secure if used properly
    • use of predictable openings (“nothing to report”, “Mein Fuehrer”)
    • use of same key over an extended period
stream ciphers
Stream Ciphers
  • Binary pad (keystream), use XOR instead of addition
  • Plaintext = original, unencrypted data
  • Ciphertext = encrypted data
  • Two XORs with the same data always cancel out

Plaintext 1 0 0 1 0 1 1

Keystream 0 1 0 1 1 0 1

Ciphertext 1 1 0 0 1 1 0

Keystream 0 1 0 1 1 0 0

Plaintext 1 0 0 1 0 1 1

stream ciphers1
Stream Ciphers
  • Using the keystream and ciphertext we can recover the plaintext
  • But..using the plaintext and ciphertext we can recover the keystream
  • Using two ciphertexts from the same keystream we can recover the XOR of the plaintexts
  • Any two will recover the third (don’t reuse keys of stream cipher)
slide22
RC4
  • Stream cipher optimized for fast software implementation
  • 2048 bit key, 8 bit output
  • Extremely fast
  • Used in SSL (Netscape, MSIE), Lotus Notes, Windows, Adobe Acrobat, Oracle Server
  • Easy to get wrong
block ciphers

key

L

R

F()

F()

encrypt

Block Ciphers
  • Originated in early 70’s
    • banking security systems

decrypt

L

R

F()

F()

key

block ciphers1
Block Ciphers
  • F() function is a simple transformation, does not have to be reversible
  • Each step is called a round, the more rounds, the greater the security
  • DES is an example of block cipher
    • 16 rounds
    • 56 bit key
    • 64 bit block size (L,R = 32 bits)
attacking block ciphers
Attacking Block Ciphers
  • Differential cryptanalysis
    • looks for correlations in f() function input and output
  • Linear cryptanalysis
    • looks for correlations between key and cipher input and output
  • Related-key cryptanalysis
    • looks for correlations between key changes and cipher input/output
data encryption standard des
Data Encryption Standard (DES)
  • Widely-used method of encryption using a private (secret) key
  • Restricted for exportation to other countries
  • 72 quadrillion or more possible encryption keys that can be used
  • For each given message, the key is chosen at random from among this number of keys
  • Sender and receiver must know and use the same private key
strength of des
Strength of DES
  • Key size = 56 bits
  • Brute force = 2**55 attempts
  • Differential cryptanalysis = 2**47
  • Linear cryptanalysis = 2**43
  • Can be done relatively easily with FPGA or ASIC (8 cents/key)
  • 1998: German court ruled DES unsafe for financial applications
other block ciphers
Other Block Ciphers
  • Triple DES (3DES)
    • encrypt+decrypt+encrypt with 2 (112 bits) or 3(168 bits) DES keys
    • 1998 - banking auditors were requiring the use of 3DES rather than DES
  • RC2
    • companion to RC4, 1024 bit key
    • RC2 and RC4 have special status for US exportability
other block ciphers1
Other Block Ciphers
  • AES
    • Advanced Encryption Standard, replacement for DES
    • 128 bit block size, 128/192/256 bit key
relative performance
Relative Performance

Fast

RC4

AES

DES

RC2

3DES

Slow

public key encryption
Public Key Encryption
  • How can you use two different keys?
    • One is the inverse of the other:
    • key1 = 3, key2 = 1/3, message M = 4
    • Encryption: Ciphertext C = M X Key1
    • = 4 X 3
    • = 12
    • Decryption: Plaintext M = C X key2
    • = 12 X 1/3
    • = 4
  • One key is published, one is kept private -> public-key cryptography (PKC)
example rsa
Example: RSA
  • N, e=public key, n=product of two primes q and p
  • d=private key
  • Encryption: C = M**e mod n
  • Decryption: M = C**d mod n
  • p,q = 5,7
  • n = p X Q
  • =35
  • e=3
  • d= e**-1 mod ((p-1)(q-1))
  • = 16
example rsa1
Example: RSA
  • Message M = 4
  • Encryption: C = 4**3 mod 35 = 29
  • Decryption: M 29**16 mod 35 = 4
slide34
RSA
  • An Internet encryption and authentication system that uses an algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adleman
  • Most commonly used encryption and authentication algorithm
  • Included as part of the Web browsers from Netscape and Microsoft
slide35
RSA
  • Other applications;
    • Lotus Notes
    • Intuit's Quicken
  • Owned by RSA Security
    • licenses the algorithm technologies
    • sells development kits
    • technologies are part of existing or proposed Web, Internet, and computing standards
how rsa works
How RSA Works
  • Algorithm involves multiplying two large prime numbers (a prime number is a number divisible only by that number and 1) and additional operations to derive a set of two numbers that constitutes the public key and another set that is the private key
  • Once the keys have been developed, the original prime numbers are no longer important and can be discarded
how rsa works1
How RSA Works
  • Both the public and the private keys are needed for encryption /decryption but only the owner of a private key ever needs to know it
  • Using the RSA system, the private key never needs to be sent across the Internet
  • The private key is used to decrypt text that has been encrypted with the public key
how rsa works2
How RSA Works
  • If I send you a message, I can find out your public key (but not your private key) from a central administrator and encrypt a message to you using your public key
  • When you receive it, you decrypt it with your private key
how rsa works3
How RSA Works
  • You can also authenticate yourself to me (so I know that it is really you who sent the message) by using your private key to encrypt a digital certificate
    • When I receive it, I can use your public key to decrypt it.
public key algorithms
Public Key Algorithms
  • RSA (Rivest-Shamir-Adleman)
    • digital signatures and encryption in one algorithm
    • private key = sign and decrypt
    • public key = signature check and encrypt
  • DH (Diffie-Hellman)
    • key exchange algorithm
public key algorithms1
Public Key Algorithms
  • DSA (Digital Signature Algorithm)
  • All have roughly the same strength
    • 512 bit key is marginal
    • 1024 bit key is recommended minimal size
    • 2048 bit key is better for long term security
symmetric key
Symmetric key
  • Same key used to encrypt and decrypt
  • Sender and receiver must hold same secret or key confidentiality
  • Data Encryption Standard (DES) algorithm
  • Merchants must administer secret keys to all customers and provide them through secure channel (hard!)
symmetric secret key cryptography
Symmetric/secret-key cryptography

Information

Encrypt

Decrypt

Encrypted

information

Net

asymmetric key
Asymmetric key
  • Two distinct keys
    • public key
    • private key
  • Data encrypted using public key can only be decrypted using the corresponding private key
  • Multiple senders can encrypt information using the public key
    • receiver uses the private key to decrypt
  • Receiver must protect the private key
asymmetric public key cryptography
Asymmetric/public-key cryptography

Public key

Private

key

Net

what the sender does

1011001

Private key

Encrypted

digital

signature

What the Sender Does

Message

to send

Hash

algorithm

Message

digest

Sender

Digital

signature

Encryption

Random

key

Random

key

Receiver

public

key

Encrypted

message

Digital envelope

Receiver

slide48

1011001

1011001

Message

digest

Message

digest

Encrypted

message

Encrypted

digital

signature

What the Receiver Does

Sender

Random

key

Receiver

Private key

Original

Message

Digital envelope

Hash

function

Sender

public

key

hash algorithms
Hash Algorithms
  • Reduce variable length input to fixed length (128 or 160 bit) output
  • Requirements
    • can’t deduce input from output
    • can’t generate a given output (CRC fails this requirement)
    • can’t find two inputs which produce the same output (CRC fails this too)
hash algorithms1
Hash Algorithms
  • Used to
    • produce fixed length fingerprint of arbitrary length data
    • produce data checksums to enable detection of modifications
    • distill passwords down to fixed length encryption keys
  • Also called message digests or fingerprints
public key cryptography
Public-key cryptography
  • Easier for customer to download public key from a merchant
  • Public-key can be used with secret-key without too much difficulty
    • customer generates a random number used to encrypt payment info using DES
    • DES key is then encrypted using the public key of the merchant
    • info and encrypted key sent tp merchant
    • merchant first decrypts the key; then uses key to decrypt payment information
slide52

Secret-key/Public-key combination

Net

encrypted

info

DES key

Net

public

key

private

key

encrypted

DES key

secret key and public key
Secret key and Public Key

Features

Secret Key

Public Key

Number of keys

Single key

Pair of keys

Type of keys

Key is secret

One key is

private, one key

is public

Key

Simple but difficult

Need digital

management

to manage

certificates and

trusted third

parties

Relative speeds

Very fast

Slower

Usage

Used for bulk data

Used for less

encryption

demanding

applications

such as

encrypting

small

documents or

to sign

messages

key sizes and algorithms
Key Sizes and Algorithms
  • Conventional key is used once per message
  • Public key is used for hundreds or thousands of messages
  • Public key compromise is much more serious than a conventional key compromise
    • Compromised logon password, attacker can delete your files
key sizes and algorithms1
Key Sizes and Algorithms
  • Compromised private key, attacker can
    • drain credit card
    • clean out bank account
    • sign contracts/documents
    • identify theft
  • 512 public key versus 40 bit conventional key is good balance for weak security
key sizes and algorithms2
Key Sizes and Algorithms
  • Recommendations for public keys
    • use 512 bit keys for micropayments/smart cards
    • use 1K bit keys for short term use (1 yr)
    • use 1.5K bit keys for longer term use
    • use2K bit keys for certification authorities, long term contract signing
basic services

Non-repudiation

Digital Signature

confidentiality

Encryption

Basic Services

Physical world

Digital world

authentication

Digital Certificate

slide58

Digital Certificate

Certificate request

Digital Certificate

Certificate

Authority

Name

Authority

Serial #

Version

Expiration Date

Key

Digital Signature

X.509

conventional encryption
Conventional Encryption

Insecure

channel

secure channel

Problem of communicating a large message in secret is

reduced to communicating a small key in secret

key agreement
Key Agreement

Key agreement

Insecure

channel

Provides part of the required secure channel for

exchanging a conventional encryption key

certificate authority

Mary’s

public key

John’s

public key

Mary’s

private key

John’s

private key

Mary’s

private key

Certificate Authority

John’s

private key

certificate authority1
Certificate Authority
  • Trusted Third Party
    • similar to a passport office
  • Determines policies for PKI
  • Registers users, system
  • Validates users, privileges
  • Issues certificates
  • Supports life cycle (revoke, renew)
  • Publishes directories
  • Manages risk
  • Protects CA signing key
slide63

Certificate Authority

Public Key

Infrastructure (PKI)

X.500

Registration

Authority

Certificate

Authority

Mary’s

private key

Mary’s

public key

John’s

private key

John’s

public key

Mary’s

private key

John’s

private key

John’s

private key

Mary’s

public key

payment integrity
Payment Integrity
  • Hashing algorithms used to prevent fraud or other sources or error
    • generates value unique to the data being sent
      • hash value or “message digest”
    • one way public cipher
      • no secret key
      • no way to reproduce the original information
      • impossible to hash other data to the same value
      • hash value sent with data and used to compare to hash value generated at the other end
hashing
Hashing
  • Hash algorithm is public
    • anyone can alter data and recalculate new value
  • Message digest encrypted using private key of the sender
    • this is called a “digital signature”
    • possible to identify sender
    • only the owner of the private key can encrypt message digest
    • private key used to encrypt (sign) the information
    • public key used to verify signature
digital signatures

Message

digest

Hashing

Message

digest

Hashing

Message

digest

Digital Signatures

Creation

Transmission

Payment

info

Private key

Verification

Reception

Compare the

two

digests

Private key

how safe is a digital signature
How safe is a digital signature?
  • Algorithm used by SET generates a 160 bit message digest
    • changing a single bit in the message will on average change half the bits in the message digest
  • Odds of two messages having the same message digest are one in 1,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 (10**16)
digital signature examples
Digital Signature Examples

Scenario 1: Susan ordering from Online Mart

1. Only Online Mart can decrypt the order.

2. Verify that Susan sent the order.

Susan

Encrypt with

Online Mart’s

public key

Decrypt with

Online Mart’s

private key

Online Mart

Order Info

Order Info

Digital

signature

Digital

signature

Encrypt with

Susan’s

private key

Decrypt with

Susan’s

public key

Scenario 2: Online Mart sends confidential info to Susan

Online Mart

Susan

Confidential

Info

Encrypt with

Susan’s

public key

Decrypt with

Susan’s

private key

Confidential

Info

Ciphered

text

payment and purchase order process
Payment and Purchase Order Process
  • 1. Account holder registration
  • 2. Merchant registration
  • 3. Account holder (customer) ordering
  • 4. Payment authorization
account holder registration
Account holder registration
  • Must register with a 3rd party (TP)
    • must have a copy of the TP public/private key set
      • e-mail
      • web page download
      • disk
      • flashcard
    • account holder can register account for Internet use with public key
account holder registration1
Account holder registration
  • Registration includes
    • name and address
    • account number
    • identifying personal information
  • Account holder S/W will
    • create/attach account holder public key to form
    • generate message digest from the info
    • encrypt info and disgest (secret key)
    • encrypt secret key using TP public key
    • transmit everything to TP
account holder registration2

Message

digest

Hashing

Message

digest

Account Holder Registration

1

2

Account

holder

public key

3

5

Encrypted

message

Secret

key

Transmission

4

TP

public

key

third party registration
Third Party Registration
  • 1. Decrypts the secret key
  • 2. Decrypts the information, message digest, and account holders public key
  • 3. Computes and compares message digests
  • If information is verified TP digitally signs info with private key and sends back to account holder to save and use in future transactions
third party receives registration

Encrypted

message

Message

digest

Message

digest

Third Party Receives Registration

2

Encrypted

message

Hashing

3

Reception

Comparison

1

TP

private

key

merchant registration
Merchant Registration
  • Merchants must register with TP
    • Visa
    • Mastercard, etc
  • Similar to account registration
  • Certified Documentation (CD) transferred to the merchant from the TP for storage on merchant computer
customer ordering
Customer Ordering
  • Customer must have copy of merchant public key for particular account type
  • Customer asked what type of account
  • CD for that account sent
  • Customer certifies CD using key
  • Customer allowed to shop in the on-line environment
  • Customer fills out appropriate information when ordering products
customer software
Customer Software
  • 1. Encrypts account information with the TP public key
  • 2. Attaches encrypted account info to order form
  • 3. Creates message digest of order form; digitally signs it with customer private key
customer software1
Customer Software
  • 4. Secret-key encryption for
    • order form
    • digital signature
    • customer CD
  • 5. Secret key encrypted with merchants public key
  • 6. Secret-key encrypted message transmitted to merchant
customer ordering order sent to merchant
Customer Ordering - Order sent to merchant

1

2

3

Hashing

Account

TP

public

key

Encrypted

account

Message

digest

Customer

private

key

Encrypted

message

4

6

Secret key

Transmission

5

Merchant

public key

Customers

CD

merchant software functions
Merchant Software Functions
  • 1. Decrypt secret key using private key of merchant
  • 2. Decrypt order form, digital signature and customer CD using secret ket
  • 3. Decrypt MD using customer public key obtained from customer CD (to verify digital signature)
  • 4. Calculate MD from order form and compare with customer decrypted MD
slide81

Customer Ordering - Merchant receives order

4

2

Encrypted

message

Message

digest

Reception

Encrypted

message

Hashing

Compare

Message

digest

Customer’s

public key

3

1

Merchant

private

key

TP

public key

Customer’s

public key

Customers

CD

certificates need for authentication
Certificates: Need for Authentication
  • Before using public-key cryptography, need to make sure other party is authenticated
    • want to make sure other party’s public key is really theirs and not an imposter’s
    • impractical to receive this information directly from the other party over a secure channel
certificates need for authentication1
Certificates: Need for Authentication
  • Alternative is to use a trusted third party
    • Certificate Authority (CA) used to authenticate public key
    • authenticate based on published policies
    • certificate generated which includes name and public key and digitally signed by CA
certificate classes
Certificate Classes
  • Class 1
    • automated unambiguous name and e-mail address search
  • Class 2
    • Class 1 plus automated enrollment information check (driver’s license, SSN, DOB) and automated address check (US and Canada)
  • Class 3
    • Class 1 plus personal presence and ID documents plus Class 2 automated ID check for individuals (credit check); business records for organizations
certificate classes1
Certificate Classes
  • Primary commercial issuers
    • Verisign
    • CyberTrust
  • Issuance through the Web
  • Free 6 month Class 1 offerred
  • Postal Service entering market
security protocol layers

E-commerce protocols

Applications

Applications

S/MIME, PGP

Email

Email

SSL, SSH, Kerberos

Higher-level

net protocols

Higher-level

net protocols

IPSEC

TCP/IP

TCP/IP

Hardware link encryption

Data Link

Data Link

Physical

Physical

Internet

Security Protocol Layers

The further down you go, the more transparent it is.

The further up you go, the easier it is to deploy

key management
Key Management
  • Hardest part of cryptography
  • Two classes of keys
    • Short term session keys (called ephermal keys)
      • generated automatically and invisibly
      • used for one message or session and discarded
    • Long term keys
      • generated explicitly by the user
key management1
Key Management
  • Long term keys are used for two purposes
    • authentication
      • access control
      • integrity
      • non-repudiation
    • confidentiality
      • establish session keys
      • protect stored data
key management problems
Key Management Problems
  • Key certification
  • Distributing keys
    • obtaining someone else’s public key
    • distributing your own public key
  • Establishing a shared key with another party
    • confidentiality: is it really known by the other party?
    • Authentication: is it really shared with the other party?
key management problems1
Key Management Problems
  • Key storage
    • secure storage of keys
  • Revocation
    • revoking published keys
    • determining whether a published key is still valid
key lifetimes and key compromise
Key Lifetimes and Key Compromise
  • Authentication keys
    • public keys may have an extremely long lifetime (decades)
    • private keys/conventional keys have shorter lifetimes (year or two)
  • Confidentiality
    • should have as short a lifetime as possible
  • If the key is compromised
    • revoke the key
key lifetimes and key compromise1
Key Lifetimes and Key Compromise
  • Effects of compromise
    • authentication; signed documents are rendered invalid unless timestamped
    • confidentiality; all data encrypted with it is compromised