Presentation is loading. Please wait.

Presentation is loading. Please wait.

Saad Haj Bakry, PhD, CEng, FIEE 1 Information Security for e -Business Saad Haj Bakry, PhD, CEng, FIEE P RESENTATIONS IN N ETWORK S ECURITY.

Published byConrad Foster Modified over 8 years ago

Similar presentations

Presentation on theme: "Saad Haj Bakry, PhD, CEng, FIEE 1 Information Security for e -Business Saad Haj Bakry, PhD, CEng, FIEE P RESENTATIONS IN N ETWORK S ECURITY."— Presentation transcript:

1 Saad Haj Bakry, PhD, CEng, FIEE 1 Information Security for e -Business Saad Haj Bakry, PhD, CEng, FIEE P RESENTATIONS IN N ETWORK S ECURITY

2 Saad Haj Bakry, PhD, CEng, FIEE 2 Secure Transactions Use of Symmetric Keys Use of Asymmetric Keys Public Key Infrastructure: PKI Security Protocols Objectives / Contents Information Security for e-Business

3 Saad Haj Bakry, PhD, CEng, FIEE 3 Secure Transactions Requirements IssueFact PrivacyNo Disclosure IntegrityNo Alteration AuthenticationProof of Identity: Sender to Receiver / Receiver to Sender Non-RepudiationLegal Proof of Transaction: Message is Sent or Received AvailabilitySystem in Operation “S-Business”Outcome: “Secure Business” Information Security for e-Business

4 Saad Haj Bakry, PhD, CEng, FIEE 4 DES: Data Encryption Standard AES: Advanced Encryption Standard KDC: Key Distribution Centre Use of Symmetric Keys Information Security for e-Business

5 Saad Haj Bakry, PhD, CEng, FIEE 5 DES: Data Encryption Standard A Symmetric Encryption Algorithm: 1950s Triple Use (3 Keys in a Row): For More Security Being Replaced BY: AES Key Length is “56 bits”: Short / Easy to Crack By US NSA (National Security Agency) & IBM DES (K-1) DES (K-2) DES (K-3) Information Security for e-Business

6 Saad Haj Bakry, PhD, CEng, FIEE 6 AES: Advanced Encryption Standard A Symmetric Encryption Algorithm Criteria of Choice: Strength Efficiency Speed Other Factors Criteria of Choice: Strength Efficiency Speed Other Factors Five Finalists Under Consideration: 2001 By US NIST: Replacing DES (National Institute of Standards & Technology) By US NIST: Replacing DES (National Institute of Standards & Technology) Information Security for e-Business

7 Saad Haj Bakry, PhD, CEng, FIEE 7 KDC: Key Distribution Centre To Solve “Key-Exchange” Problem S-R Session Key: Generated by KDC per Transaction Problem: Centralized Security “ Challenges to KDC !” All Transactions: Exchanged Through KDC KDC Shares a “Secrete Key”: With “Every User” Session Key Sent to S-R : Using their Shared Keys with KDC Information Security for e-Business

8 Saad Haj Bakry, PhD, CEng, FIEE 8 Sender KDC Operation Receiver Communication Network Symmetric Key (S) Plain Text Cipher Text KDC Symmetric Key (R) Symmetric Key (S) Session Key Plain Text 1 1 2 2 2 2 3 3 3 3 Initiation Generation Assignment Transaction Information Security for e-Business

9 Saad Haj Bakry, PhD, CEng, FIEE 9 Key Agreement Protocol: KAP / Digital Envelop Key Management: KM Digital Signature Time-Stamping: Non-Repudiation Notary Authentication Use of Asymmetric Key. Information Security for e-Business

10 Saad Haj Bakry, PhD, CEng, FIEE 10 KAP: Key Agreement Protocol Subject of Agreement: Symmetric Secret Key Secret Key: Suitable for Volumes of Data Agreement Security: Use of Public Key Protocol: Rules of Agreement Process Public Key: Suitable for Limited Volumes Digital Envelop: Secret Key in Public Key Information Security for e-Business

11 Saad Haj Bakry, PhD, CEng, FIEE 11 KAP Example: The Digital Envelop Decrypt Receiver’s “Private Key” Message: “Plain Text” Message: “Cipher Text” (S-K) Message “Cipher Text ” (S-K) Plus “Cipher SK” (P-K) “Digital Signature”: Possible “ Secret Key” Decrypt (Message) Using “Secret Key” Message: “Plain Text” Envelop Encrypt (Secret Key) Using Receiver’s “Public Key” Encrypt (Secret Key) Using Receiver’s “Public Key” Sender Receiver Encrypt (Message) Using “ Secret Key” “ Secret Key” “ Secret Key” Decrypt (Message) Using “Secret Key” Decrypt (Message) Using “Secret Key” Information Security for e-Business

12 Saad Haj Bakry, PhD, CEng, FIEE 12 Key Management Theft (mishandling) & Attack (cryptanalysis) Key Generation: Secure “Long Keys” Key Generation Problem: Sometimes choice is from a small set Key Generation Problem: Sometimes choice is from a small set Recommendation: Key generation should be truly “random” Recommendation: Key generation should be truly “random” Information Security for e-Business

13 Saad Haj Bakry, PhD, CEng, FIEE 13 Digital Signature (1/2) Objective: (P-K) Authentication / Integrity Hash Function Hash Function Message: Plain Text SENDERSENDER SENDERSENDER Message Digest Encrypt (Sender Private Key) Encrypt (Sender Private Key) “Sender Authenticated” Encrypt (Receiver Public Key) Encrypt (Receiver Public Key) Message: Cipher Text Electronic Signature + + Receiver Decrypt (Sender Public Key) Decrypt (Sender Public Key) Message: Plain Text Message Digest Decrypt (Receiver Private Key) Decrypt (Receiver Private Key) Message Digest Message: Cipher Text Hash Function Hash Function “Message Integrity” Information Security for e-Business

14 Saad Haj Bakry, PhD, CEng, FIEE 14 Handwritten Signature: Document Independent (same for all documents) Authentication Only Handwritten Signature: Document Independent (same for all documents) Authentication Only Digital Signature: Document Dependent (based on message contents) Authentication & Integration Digital Signature: Document Dependent (based on message contents) Authentication & Integration Problem (Digital Signature): Non-repudiation (proof that the message has been sent) Digital Signature (2/2) Use: US DSA : “Digital Signature Algorithm” Use: US DSA : “Digital Signature Algorithm” Information Security for e-Business

15 Saad Haj Bakry, PhD, CEng, FIEE 15 Time-stamping / Non-Repudiation (1/2) Objective: Binding “time and date” to digital documents Important for electronic contracts Objective: Binding “time and date” to digital documents Important for electronic contracts Third Party: Time-stamping Agency / Legal Witness Third Party: Time-stamping Agency / Legal Witness Time-Stamping Agency Time-Stamping Agency Sender / Receiver Sender / Receiver Sender / Receiver Sender / Receiver Information Security for e-Business

16 Saad Haj Bakry, PhD, CEng, FIEE 16 1 1 SENDERSENDER SENDERSENDER Time-stamping Agency: Input: Ciphered & Signed Message Output: Time & Date Stamp Agency Stamp (Signature) (Using the Agency’s Private Key) Time-stamping Agency: Input: Ciphered & Signed Message Output: Time & Date Stamp Agency Stamp (Signature) (Using the Agency’s Private Key) Message: Cipher Text Sender Electronic Signature Time-stamping / Non-Repudiation (2/2) 2 2 1 1 2 2 3 3 Time & Date Stamp 4 4 Agency Stamp (Signature) Proof of receipt may be required “same route back” from the “receiver” Information Security for e-Business

17 Saad Haj Bakry, PhD, CEng, FIEE 17 T RANSMITTER N OTARY R ECEIVER M ESSAGE N ETWORK S ERVICES Message with Guarantee of Sender ’ s Identity N OTARY M AY U SE: Encryption (DES) / Digital Signature / Other Methods Notary Authentication Information Security for e-Business

18 Saad Haj Bakry, PhD, CEng, FIEE 18 PKI: Objectives / Organizations Digital Certificates: Structure / Trust / Validity Public Key Infrastructure: PKI Information Security for e-Business

19 Saad Haj Bakry, PhD, CEng, FIEE 19 PKI: Public Key Infrastructure (1/2) Objective: Authentication of Parties in a Transaction Objective: Authentication of Parties in a Transaction IPRA: Internet Policy Registration Authority (The Root Certification Authority) IPRA: Internet Policy Registration Authority (The Root Certification Authority) Hierarchy IPA Policy Creation Authorities CA: Certification Authorities Information Security for e-Business

20 Saad Haj Bakry, PhD, CEng, FIEE 20 PKI: Public Key Infrastructure (2/2) CA take the responsibility of authentication CA take the responsibility of authentication DC are publicly available and are issued / held by CA in “CR: Certificate Repository” DC are publicly available and are issued / held by CA in “CR: Certificate Repository” CA: Certification Authorities CA: Certification Authorities DC: Digital Certificates Using Public Key Cryptography Using Public Key Cryptography DS: Digital Signatures Information Security for e-Business

21 Saad Haj Bakry, PhD, CEng, FIEE 21 Digital Certificate: Structure FieldExplanation Name (Subject) Individual / company being certified Serial Number For management / organization Public Key Public key of the individual / company Expiration Date Certification need to be renewed Signature of Trusted CAFor confirmation Other InformationRelevant / needed data. Information Security for e-Business

22 Saad Haj Bakry, PhD, CEng, FIEE 22 Digital Certificate: Signature of Trust Public Key (Name / Subject) Private Key (CA) Hash Function Signature of Trusted CA OR Information Security for e-Business

23 Saad Haj Bakry, PhD, CEng, FIEE 23 Digital Certificate: Expiration Need for Change of Key (Pairs) Expiration Date: Long use of key leads to vulnerability Expiration Date: Long use of key leads to vulnerability Key Compromised: Cancellation / Renew Key Compromised: Cancellation / Renew CA has “CRL : Certificate Revocation List ” Information Security for e-Business

24 Saad Haj Bakry, PhD, CEng, FIEE 24 Internet “Secure Socket Layer”: SSL Visa / Master Card: Secure Electronic Transaction: SET Microsoft Authenticode Security Protocols Information Security for e-Business

25 Saad Haj Bakry, PhD, CEng, FIEE 25 SSL: Secure Sockets Layer (1/2) Sender Receiver Application Software by: Netscape Communications also used by: MS Internet Explorer SSL TCP IP TCP/IP Data--gram Virtual Circuit “Message Interpretation” (to protect Internet transactions) Messages “Browsers” Information Security for e-Business

26 Saad Haj Bakry, PhD, CEng, FIEE 26 SSL: Secure Sockets Layer (2/2) Functions: Protects “private information from source to destination” Authenticates “receiver / server in a transaction” Functions: Protects “private information from source to destination” Authenticates “receiver / server in a transaction” Tools: Public Key / Digital Certificate Session (Secret) Keys Tools: Public Key / Digital Certificate Session (Secret) Keys PCI: “Peripheral Component Interconnect” cards Installed on “Web Servers” to secure data over an entire SSL transaction “from sender / client to receiver / server” PCI: “Peripheral Component Interconnect” cards Installed on “Web Servers” to secure data over an entire SSL transaction “from sender / client to receiver / server” Information Security for e-Business

27 Saad Haj Bakry, PhD, CEng, FIEE 27 SET: Secure Electronic Transaction Objective: protecting e-commerce payment transactions Objective: protecting e-commerce payment transactions by: Visa & Master-Card Authenticating the Parties Involved: “Customer” “Merchant” “Bank” Authenticating the Parties Involved: “Customer” “Merchant” “Bank” Using “Public-Key Cryptography Information Security for e-Business

28 Saad Haj Bakry, PhD, CEng, FIEE 28 Microsoft Authenticode Objective: Safety of software ordered online Authenticode is built into MS Internet Explorer Authenticode interacts with Digital Certificates Digital Certificates should be obtained by software publishers Digital Certificates can be obtained from CA “VeriSign” Information Security for e-Business

29 Saad Haj Bakry, PhD, CEng, FIEE 29 e-Business Transactions: security measures Use of Symmetric Keys: standards: DES, AES / key distribution: KDC Use of Asymmetric Keys: symmetric key distribution: KAP, digital envelop / digital signature / time stamping: non-repudiation / notary Public Key Infrastructure: digital certificate. Security Protocols: Internet: SSL / Banking: SET / Microsoft: Authenticode. Remarks Information Security for e-Business

30 Saad Haj Bakry, PhD, CEng, FIEE 30 References B.R. Elbert, Private Telecommunication Networks, Artech House, US, 1989. Telecommunications Management: Network Security, The National Computer Centre Limited, UK, 1992 K.H. Rosen, Elementary Number Theory and its Applications, 4 th Edition, Addison Wesley / Longman, 1999. ISO Dictionary of Computer Science: The Standardized Vocabulary (23882), ISO, 1997. F. Botto, Dictionary of e-Business, Wiley (UK), 2000. H.M. Deitel, P.J. Deitel, K. Steinbuhler, e-Business and e-Commerce for Managers, Prentice-Hall (USA), 2001 Information Security for e-Business

Download ppt "Saad Haj Bakry, PhD, CEng, FIEE 1 Information Security for e -Business Saad Haj Bakry, PhD, CEng, FIEE P RESENTATIONS IN N ETWORK S ECURITY."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
CP3397 ECommerce.

CP3397 ECommerce.
(n)Code Solutions A division of GNFC

(n)Code Solutions A division of GNFC
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security

Cryptography and Network Security
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Network Security Policy

Network Security Policy
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Similar presentations

Ads by Google