Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic."— Presentation transcript:

1 Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic transaction; Non-repudiation –there must be proof of agreement to the terms of transaction and prevention of denial of commitment; Integrity –there must be protection that the content of a message has not been tampered with or modified;

2 Department of Information Engineering2 Major Concerns in Electronic Commerce Confidentiality –there must be protection that the content and information of a transaction is kept private and secret from unauthorised third party; and Legal commitment –functions and actions of an electronic transaction must have legal backing. A digital signature must be as legally binding as a handwritten signature. The submissibility of electronic records to Law Courts must be established.

3 Department of Information Engineering3 E-commerce Communication on Internet is insecure –like postal service, sometimes your letter may go through places where bandits abound, and these bandits may read your confidential information modified your confidential information What can you do? –locked the letter in a box –modern day cryptography works in a similar but more interesting way

4 Department of Information Engineering4 Symmetric keys How to communicate in secrecy? Sender –lock the confidential message in a box Receiver –the box can only be opened by the receiver using the same key Symmetric key –the key to lock and to unlock are the same –a key is a string of numbers

5 Department of Information Engineering5 Encryption and Decryption What is encryption? –turns a readable text into something that is unreadable –locking What is decryption? –The reverse process of encryption –turns a unreadable text into a readable one –unlocking

6 Department of Information Engineering6 How By substitution (used by the Romans in Julius Caesar time) By transposition (changing the position) a b c d e...... x y z a b c d e...... x y z a b P O S I T I O N O P I S I T N O

7 Department of Information Engineering7 Encryption and Decryption Example encryption –a) substitution (shift by 13 letters) michael --> zvpunry –b) transposition zvpunry -->vzuprny decryption –shift 13 letters and tranpose

8 Department of Information Engineering8 Key distribution problem OK, you can send the messages securely, but how the problem is –you must find a secure way to send the key to the receiver in the first place !! –key distribution problem

9 Department of Information Engineering9 Public key cryptography Public key –a very important idea first reported in the 70s –asymmetric key one key to lock - public key one key to unlock - private key –anybody can have your public key but they can only lock only you can do the unlocking with the private key –solve the key distribution problem !!

10 Department of Information Engineering10 Comparison Symmetric key algorithm –fast –has key distribution problem public key algorithm –slow –solve key distribution problem in practice, secure communication is achieved by –using public key to distribute the symmetric key –then use the symmetric key to communicate

11 Department of Information Engineering11 Additional property of public key We have a pair of keys –public key and private key you can either use –public key to lock, private key to unlock, or –private key to lock, public key to unlock

12 Department of Information Engineering12 Digital signature In business world, important documents must be signed. How to sign an electronic document? A sends an e-document to B B signs (encrypts) it using his private key and return the document to A Why? Because if later B repudiates that he has signed the document, A can show the court by decrypting the encrypted document using B’s public key !!

13 Department of Information Engineering13 Digital signature The logic –If a document can be decrypted using B`s public key, then who encrypted the document? –MUST be B, because if a document can be decrypted a public key, then the document can only be encrypted using a private key –only B has the private key !! –So in the court, B cannot repudiate he has not signed the document

14 Department of Information Engineering14 Digital certificate Authentication problem –suppose you receive the public key of B on Internet, how can you be so sure that the public key is really from B? –e.g. you find a web page called www.newmicrosoft.com –the web site claims it is a sister company of microsoft –the web has a public which you can use to secure the communication –should you use the key to send your payment ?

15 Department of Information Engineering15 Digital certificate You open a internet bank and receive a message from a person who called himself Li Ka Shing –Mr. Li sends you his public key, request you to transfer 100 million dollars e-cash to his account –should you follow his instruction? The type of problem is called authentication –how to certify the identity of the person/company

16 Department of Information Engineering16 Digital certificate digital certificate –B publicizes his email address and his public key on Internet, and let this document be signed by a trusted authority - the certificate authority (CA) –CA checks B’s real identify in the traditional way (paper certificate, ID card number, …) –CA is trustworthy, and you can check whether the document is signed by CA by using CA’s public key –but how can you be sure that the public key of CA is really from CA? –The key can be certified by yet another CA, or can be published on newspaper or from other trusted source

17 Department of Information Engineering17 PKI What is PKI (public key infrastructure)? –PKI is an infrastructure to support e-commerce and is based on public key –to ensure the trustworthiness of public key obtained from Internet, we need the key to be certified by a CA –in Hong Kong, the Post Office is going to play the role of a CA –so if you run a company and you want people on Internet to have confidence on your public key, you should publish your key information on Internet, and let the Hong Kong Post Office to digitally sign it

18 Department of Information Engineering18 Integrity Although your secret code cannot be decrypted, your enemy can intercept it and change a few bits after you decrypt the code, you may get a totally different message how to prevent this to happen? –Send a message digest together with the message What is a message digest? –It is a hashed message and has very few bits (typically between 128 - 256 bits)

19 Department of Information Engineering19 Message digest The simplest hashing function - remainder e.g. Let a = 1, b = 2,..., z = 26 to hash `apple` into a number between 0-9 –add up the letters (a=1, p=16, l=12, e=5) –apple = 1 + 16 + 16 + 12 + 5 = 50 –divide it by 10, the remainder must be between 0-9 –hashed value = remainder of 50/10 = 0 –send the message `apple` together with the hash value 0 –if someone changes the a in apple to o (i.e. opple), you can detect it because the hash code is different o=15, o+p+p+l+e = 64, hash code = 4

20 Department of Information Engineering20 Message digest The hash function used in real-life is of course more complicated –compressed a document (no size limitation) into 16- 32 digits –any small change in the document (even a space) will give a different hashed value –this hashed value is called the message digest

21 Department of Information Engineering21 Message digest Document Agreement to purchase... message digest Document Agreement to purchase... compute the message digest senderreceiver message digest Same?

22 Department of Information Engineering22 Message digest Because the message digest is a unique identifier of the original document –can digitally signed the message digest (which is shorter) instead of the entire document (which is longer) for authentication –a shorter message is easier to compare visually

23 Department of Information Engineering23 Message digest on your name card Use of message digest on name card –public key is usually over 1000 bits long –cannot print it on name card, better get it from Internet –print the message digest of public key (call finger print) on name card instead (only 16 characters long) –download the public key, and compute the fingerprint if the computed one is same as the one on name card, then the public key is authentic

24 Department of Information Engineering24 Summary Issues and solutions of e-commerce –How to send your confidential data securely? use public and symmetric keys –How can you trust a public key? make sure the public key is certified by a CA –How to sign document on Internet? use digital signature –how to know whether the document has been modified? use message digest

Download ppt "Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.

© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Cyber Law & Islamic Ethics

Cyber Law & Islamic Ethics
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Similar presentations

Ads by Google