1 / 33

Lesson 12 Cryptography for E-Commerce

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security. Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with Core Protocols--IPsec Parallel Security Protocol--Kerberos. HTTP. SSL. TCP. TCP. IP. IP. Protocol and Security: SSL. SECURE.

damara
Télécharger la présentation

Lesson 12 Cryptography for E-Commerce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lesson 12CryptographyforE-Commerce

  2. Approaches to Network Security • Separate Security Protocol--SSL • Application-Specific Security--SHTTP • Security with Core Protocols--IPsec • Parallel Security Protocol--Kerberos

  3. HTTP SSL TCP TCP IP IP Protocol and Security: SSL SECURE NOT SECURE HTTP SMTP FTP

  4. The TCP connection(“3-way Handshake”) Client sends connection request, Specifying a port to connect to On the server. SYN Server client Server responds with both anacknowledgement and a queuefor the connection. SYN/ACK Server client Client returns an acknowledgementand the circuit is opened. ACK Server client

  5. SSL in Action ClientHello 1 ServerHello CLIENT SERVER 2 ServerKey Exchange 3 ServerHelloDone 4 ClientKey Exchange 5 ChangeCiperSpec 6 Finished 7

  6. SSL in Action CLIENT SERVER ServerHelloDone ChangeCipherSpec Finished 4 8 9 ClientKey Exchange 5 ChangeCiperSpec 6 Finished 7

  7. HTTP TCP IP Protocol and Security: SHTTP SECURE NOT SECURE HTTP Security TCP IP

  8. SECURE NOT SECURE HTTP HTTP TCP TCP IP IPSEC Protocol and Security: IPSEC

  9. HTTP HTTP Kerberos TCP TCP IP IP Protocol and Security: Parallel SECURE NOT SECURE

  10. PROTOCL COMPARISONS • Separate Protocol • Application Protocol • Integrated with Core • Parallel Protocol A B C D E A - Full security B - Multiple Applications C - Tailored Services D - Transparent to Applications E - Easy to Deploy

  11. What is Cryptography • Protecting information by transforming it into an unreadable format • Encryption is the process that transforms the data into the unreadable format, Decryption restores it to its original format. • Used to prevent information from “falling into the wrong hands” • Data is only available to the people that are supposed to see it

  12. Uses of Cryptography Use Keeping Secrets Providing Identity Verifying Info Service Confidentiality Authentication Message Integrity Protects Against Eavesdropping Forgery & Masquerade Alteration

  13. Cryptography in Use Today • SSL -- Secure Socket Layer • TLS -- Transport Layer Security protocol • IPsec -- Internet Protocol Security • SET -- Secure Electronic Transactions • Smart Cards • VPN -- Virtual Private Network • File or Disk Encryption Tools • Remote access: SSH -- Secure Shell • Digital Signature Algorithm -- DSA • EMAIL: PGP -- Pretty Good Privacy • PKI -- Public Key Infrastructure

  14. Cryptographic Classifications • Secret Key Cryptography • Symmetric Encryption • All Parties have same key • Public Key Cryptography • Asymmetric Encryption • Different Keys: public and private

  15. Step 1- Secret Key Exchange occurs Step 3 - Send Encrypted Message Step 2-Encipher with secret key Step 4- Decipher with secret key Secret Key CryptographySymmetric Encryption Professor Student

  16. Secret Key Cryptography • PROs: • Very Secret • Key Size Determines how hard to break • CONs: • Key Management is a Burden • Cryptography can be slow

  17. Symmetirc Encrpytion Algorithms • DES Data Encryption Standard • 3DES Triple-Strength DES • RC2 Rivest Cipher 2 • RC4 Rivest Cipher 4 All commonly used with SSL

  18. Public Key Cryptography • Digital Signatures and Public Key Encryption • Message encrypted or signed with private key of sender and public key of recipient • Recipient decrypts with own private key and sender’s public key • Only sender has the right private key so if it decrypts it must have come from the sender • NOTE: Assumes keys have not been compromised

  19. Step 2 - Send Public Key to Student Step 4 -Send Encrypted Message Step 5- Decipher with private key Step 3- Encipher with public Key Public Key CryptographyAsymmetric Encryption Professor Student Step 1- Create Public and Private Keys

  20. Public Key Cryptography • PROs: • As Shown this Proves Identity • This Results in a Digital Signature • Used to authenticate digital material • Prove identity and validity of action or material • CONs: • Burdensome if you need widespread use

  21. Step 1- Create Public and Private Keys Step 2 - Send Public Key to Student Step 4 -Send Encrypted Message Step 1- Generate a Secret Key Step 5- Decipher with private key and retrieve secret key Step 3- Encipher Secret Key with Public Key Combining the Best of Both Professor Student

  22. Uses of Public Key Cryptography • Digital Signatures • Used to authenticate digital material • Prove identity and validity of action or material • Transmission of symmetric key (public key encryption is generally slower)

  23. Public Key Infrastructure The Mainstream method (using public key cryptography ) by which to ensure key management and reliable authentication and encryption between two objects that are communicating over a single open network

  24. Public Key Infrastructure Purpose: provide an environment that addresses today’s business, legal, network, and security demands for trust and confidentiality Environment: policies, protocols, services and standards that support public key cryptogrpahy

  25. Public Key Infrastructure Provides: • Strong user identification • Cryptographic Services • Evidence for non-repudiation among strangers

  26. Technology Components of PKI • Keys: public and private • Certificate Authority (CA) • Responsible trusted 3rd party that issues, revokes, and manages digital certificates • Registration Authority (RA) • Optional entity implicity trusted by a CA to validate another entity’s indentity prior to the CA issuing a digital certificate • Usually needed in large PKI deployments

  27. Technology Components of PKI • Digital Certificates • Fundamental to PKI • Credentials issued to an entity that uniquely identifies the entity for all others • The credentials act like a “passport” • Digital Certificates contain the entity’s public key

  28. Technology Components of PKI • Repository • The workhorse of PKI • Stores certificates and entity information • Provides lookup and retrieval services to an enterprise • Also handles certificate revocation list (CRL) checking

  29. Other Components of PKI • Policy Management Authority (PMA) • Policy Approval Authority • Develops governing policy for PKI • Policy Creation Authority (PCA) • Implements PKI policy through CA establishment

  30. PKI Policy • Primary PKI Policies • Certificate Policy (CP) • What the PKI environment does • Publicly available document • Policy Approval Authority • Certification of Practice Statement(CPS) • How the PKI environment does it • Details the functions of the PKI • Internal document

  31. PKI in Action Certificate Authority Register with CA Register with CA Certificate Repository ME YOU Digital Certificates Returned Generate Keys Generate Keys

  32. PKI in Action Certificate Authority Send Encrypted Message Certificate Repository ME YOU Request/Get Digital Certificate Encrypt With Private Key Decrypt With Public Key

  33. Summary • Cryptography ensuresCIA • Public Key Cryptography ensures Authentication • Public Key Cryptography ensures non-repudiation

More Related