Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with."— Presentation transcript:

1 Lesson 12 Cryptography for E-Commerce

2 Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with Core Protocols--IPsec Parallel Security Protocol--Kerberos

3 Protocol and Security: SSL HTTP TCP IP NOT SECURE SSL TCP IP HTTPFTPSMTP SECURE

4 The TCP connection (“3-way Handshake”) client Server SYN Client sends connection request, Specifying a port to connect to On the server. client Server SYN/ACK Server responds with both an acknowledgement and a queue for the connection. client Server ACK Client returns an acknowledgement and the circuit is opened.

5 SSL in Action CLIENT SERVER 1 ClientHello 2 ServerHello 3 ServerKey Exchange 4 ServerHelloDone 5 ClientKey Exchange 6 ChangeCiperSpec 7 Finished

6 SSL in Action CLIENT SERVER 4 ServerHelloDone 5 ClientKey Exchange 6 ChangeCiperSpec 7 Finished 8 ChangeCipherSpec 9 Finished

7 Protocol and Security: SHTTP HTTP TCP IP NOT SECURE SECURE HTTP TCP IP Security

8 Protocol and Security: IPSEC HTTP TCP IP NOT SECURESECURE HTTP TCP IPSEC

9 Protocol and Security: Parallel HTTP TCP IP NOT SECURE SECURE HTTP TCP IP Kerberos

10 PROTOCL COMPARISONS Separate Protocol Application Protocol Integrated with Core Parallel Protocol ABCDE A - Full security B - Multiple Applications C - Tailored Services D - Transparent to Applications E - Easy to Deploy

11 What is Cryptography Protecting information by transforming it into an unreadable format Encryption is the process that transforms the data into the unreadable format, Decryption restores it to its original format. Used to prevent information from “falling into the wrong hands” Data is only available to the people that are supposed to see it

12 Uses of Cryptography Use Keeping Secrets Providing Identity Verifying Info Service Confidentiality Authentication Message Integrity Protects Against Eavesdropping Forgery & Masquerade Alteration

13 Cryptography in Use Today SSL -- Secure Socket Layer TLS -- Transport Layer Security protocol IPsec -- Internet Protocol Security SET -- Secure Electronic Transactions Smart Cards VPN -- Virtual Private Network File or Disk Encryption Tools Remote access: SSH -- Secure Shell Digital Signature Algorithm -- DSA EMAIL: PGP -- Pretty Good Privacy PKI -- Public Key Infrastructure

14 Cryptographic Classifications Secret Key Cryptography –Symmetric Encryption –All Parties have same key Public Key Cryptography –Asymmetric Encryption –Different Keys: public and private

15 Secret Key Cryptography Symmetric Encryption Professor Student Step 4- Decipher with secret key Step 3 - Send Encrypted Message Step 2-Encipher with secret key Step 1- Secret Key Exchange occurs

16 Secret Key Cryptography PROs: – Very Secret – Key Size Determines how hard to break CONs: –Key Management is a Burden –Cryptography can be slow

17 Symmetirc Encrpytion Algorithms DESData Encryption Standard 3DESTriple-Strength DES RC2Rivest Cipher 2 RC4Rivest Cipher 4 All commonly used with SSL

18 Public Key Cryptography Digital Signatures and Public Key Encryption –Message encrypted or signed with private key of sender and public key of recipient –Recipient decrypts with own private key and sender’s public key –Only sender has the right private key so if it decrypts it must have come from the sender –NOTE: Assumes keys have not been compromised

19 Public Key Cryptography Asymmetric Encryption Step 1- Create Public and Private Keys Professor Student Step 3- Encipher with public Key Step 2 - Send Public Key to Student Step 4 -Send Encrypted Message Step 5- Decipher with private key

20 Public Key Cryptography PROs: –As Shown this Proves Identity –This Results in a Digital Signature Used to authenticate digital material Prove identity and validity of action or material CONs: –Burdensome if you need widespread use

21 Combining the Best of Both Professor Student Step 1- Create Public and Private Keys Step 1- Generate a Secret Key Step 2 - Send Public Key to Student Step 4 -Send Encrypted Message Step 5- Decipher with private key and retrieve secret key Step 3- Encipher Secret Key with Public Key

22 Uses of Public Key Cryptography Digital Signatures –Used to authenticate digital material –Prove identity and validity of action or material Transmission of symmetric key (public key encryption is generally slower)

23 Public Key Infrastructure The Mainstream method (using public key cryptography ) by which to ensure key management and reliable authentication and encryption between two objects that are communicating over a single open network

24 Public Key Infrastructure Purpose: provide an environment that addresses today’s business, legal, network, and security demands for trust and confidentiality Environment: policies, protocols, services and standards that support public key cryptogrpahy

25 Public Key Infrastructure Provides: –Strong user identification –Cryptographic Services –Evidence for non-repudiation among strangers

26 Technology Components of PKI Keys: public and private Certificate Authority (CA) –Responsible trusted 3rd party that issues, revokes, and manages digital certificates Registration Authority (RA) –Optional entity implicity trusted by a CA to validate another entity’s indentity prior to the CA issuing a digital certificate –Usually needed in large PKI deployments

27 Technology Components of PKI Digital Certificates –Fundamental to PKI –Credentials issued to an entity that uniquely identifies the entity for all others –The credentials act like a “passport” –Digital Certificates contain the entity’s public key

28 Technology Components of PKI Repository –The workhorse of PKI –Stores certificates and entity information –Provides lookup and retrieval services to an enterprise –Also handles certificate revocation list (CRL) checking

29 Other Components of PKI Policy Management Authority (PMA) –Policy Approval Authority Develops governing policy for PKI –Policy Creation Authority (PCA) Implements PKI policy through CA establishment

30 PKI Policy Primary PKI Policies –Certificate Policy (CP) What the PKI environment does Publicly available document Policy Approval Authority –Certification of Practice Statement(CPS) How the PKI environment does it Details the functions of the PKI Internal document

31 PKI in Action Certificate Authority Certificate Repository ME YOU Generate Keys Register with CA Digital Certificates Returned

32 PKI in Action Certificate Authority Certificate Repository ME YOU Encrypt With Private Key Decrypt With Public Key Send Encrypted Message Request/Get Digital Certificate

33 Summary Cryptography ensures CIA Public Key Cryptography ensures Authentication Public Key Cryptography ensures non-repudiation

Download ppt "Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.

Similar presentations

Ads by Google