We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCaleb McLain
Modified over 2 years ago
Chapter 10 Encryption: A Matter of Trust
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm Digital Signatures Major Attacks on Cryptosystems Digital Certificates Key Management Internet Security Protocols & Standards Government Regulations Encryption: Objectives
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 3 WHAT IS ENCRYPTION? Based on use of mathematical procedures to scramble data to make it extremely difficult to recover the original message Converts the data into an encoded message using a key for decoding the message Encryption: What is Encryption?
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 4 WHAT DOES ENCRYPTION SATISFY? Authentication Integrity Non-repudiation Privacy Encryption: What is Encryption?
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 5 BASIC CRYPTOGRAPHIC ALGORITHM Secret Key –The sender and recipient possess the same single key Public Key –One public anyone can know to encrypt –One private only the owner knows to decrypt –Provide message confidentiality –Prove authenticity of the message of originator Encryption: Basic Cryptographic Algorithm
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 6 COMMONLY USED CRYPTOSYSTEMS RSA Algorithm –Most commonly used but vulnerable Data Encryption Standards (DES) –Turns a message into a mess of unintelligible characters 3DES RC4 International Data Encryption Algorithm (IDEA) Encryption: Basic Cryptographic Algorithm
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 7 DIGITAL SIGNATURES Transform the message signed so that anyone who reads it can be sure of the real sender A block of data representing a private key Serve the purpose of authentication Encryption: Digital Signatures
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 8 MAJOR ATTACKS ON CRYPTOSYSTEMS Chosen-plaintext Attack Known-plaintext Attack Ciphertext-only Attack Third-party Attack Encryption: Major Attacks on Cryptosystems
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 9 DIGITAL CERTIFICATES An electronic document issued by a certificate authority (CA) to establish a merchants identity by verifying its name and public key Includes holders name, name of CA, public key for cryptographic use, duration of certificate, the certificates class & ID Encryption: Digital Certificates
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 10 CLASSES OF CERTIFICATES Class 1 –Contains minimum checks on users background –Simplest & quickest Class 2 –Checks for information e.g. names, SSN, date of birth –Requires proof of physical address, etc. Encryption: Digital Certificates
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 11 CLASSES OF CERTIFICATES (Contd) Class 3 –You need to prove exactly who you are & that you are responsible –Strongest Class 4 –Checks on things like users position in an organization in addition to class 3 requirements Encryption: Digital Certificates
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 12 KEY MANAGEMENT Key Generation & Registration Key Distribution Key Backup / Recovery Key Revocation & Destruction Encryption: Key Management
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 13 THIRD PARTY SERVICES Public Key Infrastructure –Certification Authority –Registration Authority –Directory Services Notary Services Arbitration Services Encryption: Key Management
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 14 INTERNET SECURITY PROTOCOLS & STANDARDS Web Application –Secure Socket Layer (SSL) –Secure Hypertext Transfer Protocol (S-HTTP) E-Commerce –Secure Electronic Transaction (SET) –PGP –S/MIME Encryption: Internet Security Protocols & Standards
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 15 SSL Operates between application & transport layers Most widely used standard for online data encryption Provide services: –Server authentication –Client authentication –Encrypted SSL connection Encryption: Internet Security Protocols & Standards
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 16 S-HTTP Secures web transactions merely Provides transaction confidentiality, integrity & non-repudiation of origin Able to integrate with HTTP applications Mainly used for intranet communications Does not require digital certificates / public keys Encryption: Internet Security Protocols & Standards
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 17 SET One protocol used for handling funds transferred from credit card issuers to a merchants bank account Provides confidentiality, authentication & integrity of payment card transmissions Requires customers to have digital certificate & digital wallet Encryption: Internet Security Protocols & Standards
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 18 PGP Encrypts the data with one-time algorithm, then encrypts the key to the algorithm using public-key cryptography Supports public-key encryption, symmetric- key encryption & digital signatures Supports other standards, e.g. SSL Encryption: Internet Security Protocols & Standards
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 19 S/MIME Provides security for different data types & attachments to s Two key attributes: –Digital signature –Digital envelope Performs authentication using x.509 digital certificates Encryption: Internet Security Protocols & Standards
Awad –Electronic Commerce 1/e © 2002 Prentice Hall 20 GOVERNMENT REGULATIONS National Security Agency (NSA) National Computer Security Center (NCSC) National Institute of Standards & Technology (NIST) Office of Defense Trade Controls (DTC) Encryption: Government Regulations
Chapter 10 Encryption: A Matter of Trust
Peer-to-peer and agent-based computing Security in Distributed Systems.
1 A Tutorial on Web Security for E-Commerce. 2 Web Concepts for E-Commerce Client/Server Applications Communication Channels TCP/IP.
Chapter 11 E-Commerce Security. Electronic CommercePrentice Hall © Learning Objectives 1.Document the trends in computer and network security attacks.
Chapter 8 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Liang ZHAO, PKU EUChinaGrid 3 rd Tutorial Nov.25, 2006 Authentication and Authorization in gLite Liang ZHAO Peking University.
12/01/ Protection of Information Assets (25%) 3. Protection of Information Assets 3. Protection of Information Assets (25%) Protecting Personal &
Chapter 10 Implementing Electronic Commerce Security Gary Schneider, 2003.
What is. Digital Certificate It is an identity.
Chapter 11 E-COMMERCE SECURITY. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall1 Learning Objectives Explain EC-related.
Security Controls and Systems in E-Commerce Prof. Mohamed Aly Aboul - Dahab Head of Electronic and communications Engineering Department Arab Academy for.
INTERNET MARKETING CHAPTER 6 Electronic Payment Systems Pranjoy Arup Das
Public Key Infrastructure and Applications. Agenda PKI Overview Digital Signatures What is it? How does it work? Digital Certificates Public Key Infrastructure.
Copyright © 2003 Pearson Education, Inc. Slide 11-1.
Security Threats and Protection Mechanisms. Learning Objectives Internet security issues (intellectual property rights, client, communication channels,
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
1 Pretty Good Privacy (PGP) Security for Electronic .
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 4: There’s more to it than RACF.
Security – Keys, Digital Signatures and Certificates I CS3517 Distributed Systems and Security Lecture 19.
1 E-business Security and Control 2 Opening Case: Visa 10 commandments for online merchants – Maintaining a network firewall – Keeping security patches.
Chapter 8 Payment Systems: Getting the Money. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Brief History of Money Features of Real-World.
Authentication Nick Feamster CS 6262 Spring 2009.
Prof.Dr.Victor PATRICIU, ROMANIA ITU- E-Commerce Centers for the CEE, CIS & Baltic States Regional Seminar on E-Commerce May, 14-17, 2002, Bucharest, ROMANIA.
CSCI-235 Micro-Computer in Science Privacy & Security.
Introduction to Protocols: Entity Authentication, Key Establishment, Integrity/Message Authentication, Confidentiality INFSCI 1075: Network Security –
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Section 10.1 Identify how Web sites are structured Explain the role of URLs Describe the function of HTTP Section 10.2 Explain how the Web has affected.
DC DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998.
© 2016 SlidePlayer.com Inc. All rights reserved.