COEN 351 E-Commerce Security

Slides:

Advertisements

Similar presentations

The Diffie-Hellman Algorithm

Advertisements

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Digital Signatures and Hash Functions. Digital Signatures.

Cryptographic Security CS5204 – Operating Systems1.

Public Key Algorithms …….. RAIT M. Chatterjee.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Public Key Model 8. Cryptography part 2.

Rachana Y. Patil 1 1.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.

COEN 351 E-Commerce Security Essentials of Cryptography.

Cryptography, Authentication and Digital Signatures

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.

Chapter 21 Public-Key Cryptography and Message Authentication.

Cryptography and Network Security (CS435) Part Eight (Key Management)

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.

Digital Signatures, Message Digest and Authentication Week-9.

PUBLIC KEY CRYPTOGRAPHY ALGORITHM Concept and Example 1IT352 | Network Security |Najwa AlGhamdi.

1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.

1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

Key Management Network Systems Security Mort Anvari.

1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.

Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:

Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.

Key Management Network Systems Security

Asymmetric Cryptographic Algorithms

Secure Diffie-Hellman Algorithm

Presentation transcript:

COEN 351 E-Commerce Security Essentials of Cryptography

Cryptography Scrambles a plain-text into crypto-text. Enables to descramble plain text.

Symmetric Cryptography Uses the same key for encryption, decryption

Asymmetric Cryptography Uses different key for encryption, decryption

Message Authentication Codes Condenses message into a short hash SHA1, … MD5, … are appropriate cryptographically secure hash functions For example, encrypt only the MAC with a key known to sender and receiver.

Message Authentication Code Alternatively, use a secret key. This also provides authentication.

Use of Asymmetric Cryptography Generic idea: Make one key public. How? Website Website can be spoofed. On your business card Works for individuals, requires recipient to type in several lines of gibberish correctly. From a trusted source Going back and back: Where does the trust stem from?

Use of Asymmetric Cryptography Notations: E – public key, D – secret key EC (M) – encryption of M using key C. DC(M) – decryption of M using key C. Asymmetric cryptography key identities DEED(M) = M DDEE(M) = M

Use of Asymmetric Cryptography Secret Transmission of messages Alice uses public key of Bob to encrypt her messages to him: EE(Bob)(M). Bob uses his private key to decrypt the message: DD(Bob)EE(Bob)(M).

Use of Asymmetric Cryptography Signing a message I: Alice encrypts the message with her private key: ED(Alice)(M). Bob decrypts with her public key and obtains M = DE(Alice) ED(Alice)(M). If M makes sense, Bob knows that someone with Alice secret key send the message.

Use of Asymmetric Cryptography Signing a message II This method avoids encryption of the whole message. Asymmetric cryptography is very compute intensive. Alice uses a MAC of her message: MAC(M). She sends Bob M and ED(Alice)(MAC(M)). Bob calculates MAC(M) = DE(Alice) (ED(Alice)(MAC(M))). Bob verifies that this is the correct MAC. Bob concludes that the message was sent by someone knowing Alice’s private key.

Key Management Generic Rules: Key Management becomes an issue. Use symmetric cryptography as much as possible for performance. Never use keys more than once. Key Management becomes an issue.

Key Management Keys have limited lifetimes: Cryptanalysis is easier with more material. Breaking WEP involves harvesting a large number of packets. Once found, a compromised key continues to do damage.

Key Management Key Management Life Cycles: Key establishment Key generation Key distribution Key backup / recovery, key escrow Key replacement / update (rekeying) Key revocation Key expiration / Key termination / Key destruction

Key Management Key generation Uses random number generation Pseudo-random generation derived from a seed WEP: seed based on user key word. Not as random as appeared. Hardware random number generation Combined methods

Key Management Key distribution Has issues of authentication and confidentiality. Diffie-Hellman protocol solves confidentiality: Allows two parties to agree on a common secret. Subject to the man-in-the-middle attack Alice thinks that she shares a secret with Bob. In reality, she communicates with M, and shares the secret with him. M shares another secret with Bob.

Key Management Key backup / recovery Key escrow Accidental loss of key hardware failure, forgotten password … Control of encrypted information Employer cannot entrust enterprise-critical data to complete control of a single / group of employees. Key escrow To preserve possibility of access by law enforcement agencies. In the UK, it is a crime to withhold a key to encrypted data under subpoena. In the US, such a law is seen to contradict 5th amendment protection.

Key Management Key destruction Key archiving Secure key destruction is far easier than secure file erasure. Key destruction destroys accessibility to encrypted data. Key archiving Necessary for validation of old signatures, of integrity of old messages, …

Key Management Symmetric key transport: Send symmetric key along, protected by public key of recipient. Saves on processing time

Diffie-Hellman Uses calculation modulo p, p a large prime. Chooses generator g. Ideally, gx, x = 0, …, p -2 runs through all numbers 1, … p -1. Uses the fact that calculating powers gx is computationally feasible. But discrete logarithm (given gx find x) is not.

Diffie Hellman Alice generates random number a mod p. Bob generates random number b mod p. Alice sends Bob ga mod p. Bob sends Alice gb mod p. Alice calculates (gb)a mod p. Bob calculates (ga)b mod p. These numbers are identical and the shared key.

Diffie Hellman Man in the middle attack Bob Man in the Middle Alice

Diffie Hellman Alice sends Bob ga mod p. Bob sends Alice gb mod p. But message goes to alien. Alien sends Bob gc mod p. Bob sends Alice gb mod p. But message goes to alien. Alien sends Alice gd mod p. Alice calculates (gd)a mod p. Bob calculates (gc)b mod p. These set up a secure communication channel between the alien and Bob and one between the alien and Alice.

Diffie Hellman Secure against eavesdroppers. Can be secured against man-in-the-middle by using authenticated gb mod p or by using a published value gb mod p.

Diffie Hellman and all other schemes The problem is one of authentication and trust.