Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Slides:



Advertisements
Similar presentations
What is. Digital Certificate It is an identity.
Advertisements

Chapter 8 Payment Systems: Getting the Money
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Public Key Infrastructure and Applications
CP3397 ECommerce.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Cryptography and Network Security Chapter 17
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Cryptographic Technologies
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 24.
ELC 200 Day 24. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Day 24 Agenda Student Evaluations Should be progressing on Framework –Scheduling.
ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 8 Web Security.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
1. INDEX 2 A signature is a handwritten depiction of someone’s name or nickname that a person writes on documents as proof of identity and intent. Signature.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Supporting Technologies III: Security 11/16 Lecture Notes.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
1 Chapter 8: Security in Electronic Commerce IT357 Electronic Commerce.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure Electronic Transaction (SET)
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Types of Electronic Infection
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
ELC 200 DAY 26. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Quiz 4 (last) will be April 30 Chap 13, 14, & 15 Assignment 8 on next.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Cryptography and Network Security
Cryptography and Network Security
Pooja programmer,cse department
Secure Electronic Transaction (SET) University of Windsor
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

Chapter 10 Encryption: A Matter of Trust

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm Digital Signatures Major Attacks on Cryptosystems Digital Certificates Key Management Internet Security Protocols & Standards Government Regulations Encryption: Objectives

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 3 WHAT IS ENCRYPTION? Based on use of mathematical procedures to scramble data to make it extremely difficult to recover the original message Converts the data into an encoded message using a key for decoding the message Encryption: What is Encryption?

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 4 WHAT DOES ENCRYPTION SATISFY? Authentication Integrity Non-repudiation Privacy Encryption: What is Encryption?

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 5 BASIC CRYPTOGRAPHIC ALGORITHM Secret Key –The sender and recipient possess the same single key Public Key –One public anyone can know to encrypt –One private only the owner knows to decrypt –Provide message confidentiality –Prove authenticity of the message of originator Encryption: Basic Cryptographic Algorithm

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 6 COMMONLY USED CRYPTOSYSTEMS RSA Algorithm –Most commonly used but vulnerable Data Encryption Standards (DES) –Turns a message into a mess of unintelligible characters 3DES RC4 International Data Encryption Algorithm (IDEA) Encryption: Basic Cryptographic Algorithm

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 7 DIGITAL SIGNATURES Transform the message signed so that anyone who reads it can be sure of the real sender A block of data representing a private key Serve the purpose of authentication Encryption: Digital Signatures

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 8 MAJOR ATTACKS ON CRYPTOSYSTEMS Chosen-plaintext Attack Known-plaintext Attack Ciphertext-only Attack Third-party Attack Encryption: Major Attacks on Cryptosystems

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 9 DIGITAL CERTIFICATES An electronic document issued by a certificate authority (CA) to establish a merchants identity by verifying its name and public key Includes holders name, name of CA, public key for cryptographic use, duration of certificate, the certificates class & ID Encryption: Digital Certificates

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 10 CLASSES OF CERTIFICATES Class 1 –Contains minimum checks on users background –Simplest & quickest Class 2 –Checks for information e.g. names, SSN, date of birth –Requires proof of physical address, etc. Encryption: Digital Certificates

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 11 CLASSES OF CERTIFICATES (Contd) Class 3 –You need to prove exactly who you are & that you are responsible –Strongest Class 4 –Checks on things like users position in an organization in addition to class 3 requirements Encryption: Digital Certificates

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 12 KEY MANAGEMENT Key Generation & Registration Key Distribution Key Backup / Recovery Key Revocation & Destruction Encryption: Key Management

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 13 THIRD PARTY SERVICES Public Key Infrastructure –Certification Authority –Registration Authority –Directory Services Notary Services Arbitration Services Encryption: Key Management

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 14 INTERNET SECURITY PROTOCOLS & STANDARDS Web Application –Secure Socket Layer (SSL) –Secure Hypertext Transfer Protocol (S-HTTP) E-Commerce –Secure Electronic Transaction (SET) –PGP –S/MIME Encryption: Internet Security Protocols & Standards

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 15 SSL Operates between application & transport layers Most widely used standard for online data encryption Provide services: –Server authentication –Client authentication –Encrypted SSL connection Encryption: Internet Security Protocols & Standards

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 16 S-HTTP Secures web transactions merely Provides transaction confidentiality, integrity & non-repudiation of origin Able to integrate with HTTP applications Mainly used for intranet communications Does not require digital certificates / public keys Encryption: Internet Security Protocols & Standards

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 17 SET One protocol used for handling funds transferred from credit card issuers to a merchants bank account Provides confidentiality, authentication & integrity of payment card transmissions Requires customers to have digital certificate & digital wallet Encryption: Internet Security Protocols & Standards

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 18 PGP Encrypts the data with one-time algorithm, then encrypts the key to the algorithm using public-key cryptography Supports public-key encryption, symmetric- key encryption & digital signatures Supports other standards, e.g. SSL Encryption: Internet Security Protocols & Standards

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 19 S/MIME Provides security for different data types & attachments to s Two key attributes: –Digital signature –Digital envelope Performs authentication using x.509 digital certificates Encryption: Internet Security Protocols & Standards

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 20 GOVERNMENT REGULATIONS National Security Agency (NSA) National Computer Security Center (NCSC) National Institute of Standards & Technology (NIST) Office of Defense Trade Controls (DTC) Encryption: Government Regulations

Chapter 10 Encryption: A Matter of Trust

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.