1 / 16

GZ der Informatik VIII Kryptografie, Digitale Signaturen, SET

GZ der Informatik VIII Kryptografie, Digitale Signaturen, SET. Univ.-Ass. DI. Markus Seidl University of Vienna Markus.Seidl@univie.ac.at. Cryptography. - to protect sensitive information - using a key - two primary encryption methods Secret-key cryptography Public-key cryptography

charles-campbell
Télécharger la présentation

GZ der Informatik VIII Kryptografie, Digitale Signaturen, SET

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GZ der Informatik VIIIKryptografie, Digitale Signaturen, SET Univ.-Ass. DI. Markus Seidl University of Vienna Markus.Seidl@univie.ac.at GZ der Informatik / Sicherheit

  2. Cryptography - to protect sensitive information - using a key - two primary encryption methods Secret-key cryptography Public-key cryptography - SET (Secure Electronic Transaction) uses both methods Sicherheit

  3. Secret-key cryptography - symmetric cryptography - same key to encrypt and decrypt the message - share a secret (key) - e.g. DES (Data Encryption Standard) Sicherheit

  4. Public-key cryptography • - asymmetric cryptography • - uses two keys: one to encrypt and one key to decrypt the message • - keys are mathematically related • - user has two keys: a public and a private key • - public key is distributed, private key is not disclosed • - e.g. RSA (Rivest Shamir and Adleman) Sicherheit

  5. SET - Encryption • - confidentiality is ensured • - using a randomly generated symmetric encryption key • - key encrypted using the message recipient‘s public key • - „digital envelope“ of the message ({M}SK {SK}PUBK_REC) • - provide highest degree of protections (keys cannot be easily reproduced) • Programming methods • Random number generation algorithms Sicherheit

  6. SET – Digital Signatures • - ensure integrity and authentication • - mathematical relationship between the public and private keys • - message digests (160 bit) • value generated for a message (or document) • unique to that message • generated by passing a one-way cryptographic function • - digital signature (DS) • (M, {MD(M)}PRIVK_SEND) • recipient verifies the message digest • recipient can be sure that message really comes from the sender Sicherheit

  7. SET – Digital Signatures (2) • - Example • Alice computes MD of a message M • encrypts it with her private key • send M + DS to Bob • Bob computes MD • decrypts DS with Alice‘s public key • if equal, message was signed with Alice‘s private key and message has not changed since it was signed. • - SET uses two asymmetric key pairs for each participant • „key exchange“ pair (for encryption and decryption) • „signature“ pair (creation and verification of DS) Sicherheit

  8. SET - Certificates • - authentication is further strengthended by the use of certificates • - e.g. Bob wants to be sure that the public key belongs to Alice • - Solution • receive public key over a secure channel directly from Alice • use a trusted third party (Certificate Authority) • - CA (Certificate Authority) • Alice provides proof of her identity • CA creates a message containing Alice‘s name and her public key • this message (certificate) is digitally signed by the CA ({A, PUBK_A}PRIVK_CA) • public key of the CA should be known to as many people as possible • SET participants have two key pairs, they also have two certificates • the certificates are created and signed at the same time by the CA Sicherheit

  9. SET – Encryption summary Sicherheit

  10. SET – Dual Signature • - Dual signature • Bob sends Alice an offer • Bob sends the bank an authorization to transfer money • - Generating a dual signature • ( M1, MD(M2), {MD(M1)MD(M2)} PRIVK ) • - Example • message from Alice to the bank with the MD of the offer • bank uses MD of Bobs´s authorisation and MD of the offer from Alice • bank checks authenticity of the offer against the dual signature • - Use of dual signatures • merchant sends authorization request to the acquirer • includes payment instructions and MD of the order (by the cardholder) • the acquirer check the dual signature (MD from the merchant, MD of the payment instructions Sicherheit

  11. SET – Certificate Issuance • - Cardholder certificates • - Merchant certificates • - Payment gateway certificates • - Acquirer certificates • - Issuer certificates Sicherheit

  12. SET – Hierarchy of trust Sicherheit

  13. Zuverlässigkeit von digitalen Signaturen • - Geheimhaltung des geheimen Schlüssel (Chipkarte) • - Länge des Schlüssels (Anzahl) • Angreifer probiert alle Schlüssel durch • Dauer der Verschlüsselung • - Verwendetes Kryptosystem • - Verwendete Komprimierungsfunktion • - Authentizität des öffentlichen Schlüssels (Lösung -> Zertifikate) Sicherheit

  14. Unterschiede bei Unterschriften • - Eigenhändige Unterschrift • kann "gefälscht" werden • Sicherheitsgrad fest vorgegeben • nicht global einsetzbar • - Digitale Unterschrift • kann "gestohlen" werden (privater Schlüssel, Chipkarte) • Sicherheitsgrad frei wählbar (Schlüssellänge) • global einsetzbar (binnen Sekunden im In- und Ausland verifizierbar) Voraussetzung: Zertifizierungshierarchie Sicherheit

  15. Einsatzmöglichkeiten für digitale Signaturen • - Authentifikation • zeigt die Autorenschaft an • E-mail, Banktransaktionen, Schecks, Firmenrundschreiben, Gesetzestexte, etc.) • - Signierte Dokumente mit Semantik (Einverständnis mit dem Inhalt) • Autorenschaft und Urheberrecht eines Dokuments • digital unterschriebene Softwarepakete • - Elektronisch abgeschlossene Verträge (rechtliche Grundlage!?) • - Elektronischer Handel (z.B. Einkaufen im Internet) Sicherheit

  16. Notwendige Rahmenbedingungen • - Gesetzliche Voraussetzungen: Schaffung der gesetzl. Grundlage • für Einführung einer Zertifizierungshierarchie • für Rechtsverbindlichkeit von digit. Unterschriften • Anerkennung und Prüfung techn. Voraussetzung (Chipkarte etc.) • - Technische Voraussetzungen (Schaffung von Standards) • Schaffung von Zertifizierungsstellen • Einrichten von Zeitstempeldiensten • Verteilungsstellen für Zertifikate Sicherheit

More Related