Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure and Applications
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Cyber Law & Islamic Ethics
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Digital Signatures. Electronic Record 1.Very easy to make copies 2.Very fast distribution 3.Easy archiving and retrieval 4.Copies are as good as original.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 1 DATE HERE Julie Grace - NetDox, Inc. Emerging Internet Commerce.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
What is Digital Signature Building confidentiality and trust into networked transactions. Kishankant Yadav
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Public Key Infrastructure (PKI) Chien-Chung Shen
DIGITAL SIGNATURE.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.
Computer Communication & Networks
Cryptography.
Pooja programmer,cse department
Lecture 4 - Cryptography
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
Best Digital Signature Service in Noida. Electronic Record 1.Very easy to make copies 2.Very fast distribution 3.Easy archiving and retrieval 4.Copies.
CDK: Chapter 7 TvS: Chapter 9
Presentation transcript:

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic transaction; Non-repudiation –there must be proof of agreement to the terms of transaction and prevention of denial of commitment; Integrity –there must be protection that the content of a message has not been tampered with or modified;

Department of Information Engineering2 Major Concerns in Electronic Commerce Confidentiality –there must be protection that the content and information of a transaction is kept private and secret from unauthorised third party; and Legal commitment –functions and actions of an electronic transaction must have legal backing. A digital signature must be as legally binding as a handwritten signature. The submissibility of electronic records to Law Courts must be established.

Department of Information Engineering3 E-commerce Communication on Internet is insecure –like postal service, sometimes your letter may go through places where bandits abound, and these bandits may read your confidential information modified your confidential information What can you do? –locked the letter in a box –modern day cryptography works in a similar but more interesting way

Department of Information Engineering4 Symmetric keys How to communicate in secrecy? Sender –lock the confidential message in a box Receiver –the box can only be opened by the receiver using the same key Symmetric key –the key to lock and to unlock are the same –a key is a string of numbers

Department of Information Engineering5 Encryption and Decryption What is encryption? –turns a readable text into something that is unreadable –locking What is decryption? –The reverse process of encryption –turns a unreadable text into a readable one –unlocking

Department of Information Engineering6 How By substitution (used by the Romans in Julius Caesar time) By transposition (changing the position) a b c d e x y z a b c d e x y z a b P O S I T I O N O P I S I T N O

Department of Information Engineering7 Encryption and Decryption Example encryption –a) substitution (shift by 13 letters) michael --> zvpunry –b) transposition zvpunry -->vzuprny decryption –shift 13 letters and tranpose

Department of Information Engineering8 Key distribution problem OK, you can send the messages securely, but how the problem is –you must find a secure way to send the key to the receiver in the first place !! –key distribution problem

Department of Information Engineering9 Public key cryptography Public key –a very important idea first reported in the 70s –asymmetric key one key to lock - public key one key to unlock - private key –anybody can have your public key but they can only lock only you can do the unlocking with the private key –solve the key distribution problem !!

Department of Information Engineering10 Comparison Symmetric key algorithm –fast –has key distribution problem public key algorithm –slow –solve key distribution problem in practice, secure communication is achieved by –using public key to distribute the symmetric key –then use the symmetric key to communicate

Department of Information Engineering11 Additional property of public key We have a pair of keys –public key and private key you can either use –public key to lock, private key to unlock, or –private key to lock, public key to unlock

Department of Information Engineering12 Digital signature In business world, important documents must be signed. How to sign an electronic document? A sends an e-document to B B signs (encrypts) it using his private key and return the document to A Why? Because if later B repudiates that he has signed the document, A can show the court by decrypting the encrypted document using B’s public key !!

Department of Information Engineering13 Digital signature The logic –If a document can be decrypted using B`s public key, then who encrypted the document? –MUST be B, because if a document can be decrypted a public key, then the document can only be encrypted using a private key –only B has the private key !! –So in the court, B cannot repudiate he has not signed the document

Department of Information Engineering14 Digital certificate Authentication problem –suppose you receive the public key of B on Internet, how can you be so sure that the public key is really from B? –e.g. you find a web page called –the web site claims it is a sister company of microsoft –the web has a public which you can use to secure the communication –should you use the key to send your payment ?

Department of Information Engineering15 Digital certificate You open a internet bank and receive a message from a person who called himself Li Ka Shing –Mr. Li sends you his public key, request you to transfer 100 million dollars e-cash to his account –should you follow his instruction? The type of problem is called authentication –how to certify the identity of the person/company

Department of Information Engineering16 Digital certificate digital certificate –B publicizes his address and his public key on Internet, and let this document be signed by a trusted authority - the certificate authority (CA) –CA checks B’s real identify in the traditional way (paper certificate, ID card number, …) –CA is trustworthy, and you can check whether the document is signed by CA by using CA’s public key –but how can you be sure that the public key of CA is really from CA? –The key can be certified by yet another CA, or can be published on newspaper or from other trusted source

Department of Information Engineering17 PKI What is PKI (public key infrastructure)? –PKI is an infrastructure to support e-commerce and is based on public key –to ensure the trustworthiness of public key obtained from Internet, we need the key to be certified by a CA –in Hong Kong, the Post Office is going to play the role of a CA –so if you run a company and you want people on Internet to have confidence on your public key, you should publish your key information on Internet, and let the Hong Kong Post Office to digitally sign it

Department of Information Engineering18 Integrity Although your secret code cannot be decrypted, your enemy can intercept it and change a few bits after you decrypt the code, you may get a totally different message how to prevent this to happen? –Send a message digest together with the message What is a message digest? –It is a hashed message and has very few bits (typically between bits)

Department of Information Engineering19 Message digest The simplest hashing function - remainder e.g. Let a = 1, b = 2,..., z = 26 to hash `apple` into a number between 0-9 –add up the letters (a=1, p=16, l=12, e=5) –apple = = 50 –divide it by 10, the remainder must be between 0-9 –hashed value = remainder of 50/10 = 0 –send the message `apple` together with the hash value 0 –if someone changes the a in apple to o (i.e. opple), you can detect it because the hash code is different o=15, o+p+p+l+e = 64, hash code = 4

Department of Information Engineering20 Message digest The hash function used in real-life is of course more complicated –compressed a document (no size limitation) into digits –any small change in the document (even a space) will give a different hashed value –this hashed value is called the message digest

Department of Information Engineering21 Message digest Document Agreement to purchase... message digest Document Agreement to purchase... compute the message digest senderreceiver message digest Same?

Department of Information Engineering22 Message digest Because the message digest is a unique identifier of the original document –can digitally signed the message digest (which is shorter) instead of the entire document (which is longer) for authentication –a shorter message is easier to compare visually

Department of Information Engineering23 Message digest on your name card Use of message digest on name card –public key is usually over 1000 bits long –cannot print it on name card, better get it from Internet –print the message digest of public key (call finger print) on name card instead (only 16 characters long) –download the public key, and compute the fingerprint if the computed one is same as the one on name card, then the public key is authentic

Department of Information Engineering24 Summary Issues and solutions of e-commerce –How to send your confidential data securely? use public and symmetric keys –How can you trust a public key? make sure the public key is certified by a CA –How to sign document on Internet? use digital signature –how to know whether the document has been modified? use message digest

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.