e-commerce architectures and technologies
DESCRIPTION
E-Commerce Architectures and Technologies. Rob Oshana Southern Methodist University. Cryptography. Security Service Layers. Non-repudiation. Data Integrity. Data Confidentiality. Access Control. Authentication. Authentication. Typically the first step to gain access to a system - PowerPoint PPT PresentationTRANSCRIPT
E-CommerceArchitecturesand Technologies
Rob Oshana
Southern MethodistUniversity
Cryptography
Security Service Layers
Authentication
Access Control
Data Confidentiality
Data Integrity
Non-repudiation
Authentication• Typically the first step to gain access to a system
– user name and password
• Process of proving your identity
• Kerberos is an example
• Data Origin Authentication Service – provides confirmation that the source of data received
is as claimed.
• Peer-Entity Authentication Service – provides confirmation that a peer entity in an
association is the one claimed
Access Control
• Provides protection against the unauthorized use of accessible resources using network protocols– permissions for files, directories, and
processes
• Specifies what resources a user or service may access on the network
• A prerequisite for access control is proper authentication
Data Confidentiality
• Protection of data from unauthorized disclosure– connection confidentiality– connectionless confidentiality– traffic flow confidentiality
• Protection of data from passive threats
Data Integrity• Provides protection from active threats
– Connection Integrity with Recovery Service – Connection Integrity without Recovery Service – Selective Field Connection Integrity Service – Connectionless Integrity Service – Selective Field Connectionless Integrity
Service
Non-repudiation
• The denial by one of the entities involved in a communication of having participated in all or part of the communication
• Prevents one of the entities involved in a communication to later deny having participated in all or part of the communication – Non-Repudiation of Origin Service – Non-Repudiation of Receipt Service
Security Transport Protocols
Network layer Transport layer Application layerAbove the
application layer
IP
TCP
IP
TCP
IP
TCP
IP
TCP
SSL
Tel
net
FT
P
HT
TP
Tel
net
ove
r S
SL
FT
P o
ver
SS
L
HT
TP
ove
r S
SL
Sec
ure
Tel
net
Sec
ure
FT
P
Sec
ure
HT
TP
Tel
net
FT
P
HT
TP
Secure Messaging(S-MIME, PGP)
Encryption and Authentication Algorithms
and Technology
Historical Ciphers
• Nonstandard hieroglyphics, 1900BC• Atbash cipher (Old Testament, reversed
Hebrew alphabet, 600BC)• Caesar cipher;
– letter = letter + 3– ‘fish’ -> ‘ilvk’
• rot13: Add 13/swap alphabet halves– usenet convention used to hide possibly offensive
jokes– applying it twice restores original text
Substitution Ciphers
• Simple substitution cipher;– a=p, b=m, c=f…
• Break via letter frequency analysis• Polyalphabetic substitution cipher
– 1. A=p, b=m, c=f…– 2. A=l, b=t, c=a…– 3. A=f, b=x, c=p,…
• Break by decomposing into individual alphabets, then solve as simple substitution
One-time Pad (1917)• OTP is unbreakable provided
– pad is never reused
– unpredictable random numbers are used (physical sources, eg radioactive decay)
Message s e c r e t18 5 3 17 5 19
OTP +15 8 1 12 19 5--------------------------------------------------
17 13 4 3 24 24 g m d c x x
One time Pad• Used by
– Russian spies– Washington-Moscow “hot-line”– CIA covert operations
• Many snake oil algorithms claim unbreakability by claiming to be a OTP– pseudo-OTPs provide pseudo-security
• Cipher machines attempted to create approximations to OTPs, first mechanically, then electronically
Cipher Machines (1920)
• Basic component is a wired rotor– simple substitution
• Step the rotor after each letter– polyalphabetic substitution, period = 26
‘A’ ->
-> ‘M’
Cipher Machines
• Chain multiple rotors• Each steps the next one when a full turn
is complete
‘A’ ->
-> ‘P’
Cipher Machines
• Two rotors, period = 26 X 26 = 676• Three rotors, period = 26 X 26 X 26 =
17,576• Rotor sizes are chosen to be relatively
prime to give maximum-length sequence
• Key is rotor wiring and rotor start position
Cipher Machines
• Famous rotor machines– Japan, Red, Purple– Germany, Enigma
• Secure if used properly– use of predictable openings (“nothing
to report”, “Mein Fuehrer”)– use of same key over an extended
period
Stream Ciphers• Binary pad (keystream), use XOR
instead of addition
• Plaintext = original, unencrypted data
• Ciphertext = encrypted data
• Two XORs with the same data always cancel out
Plaintext 1 0 0 1 0 1 1Keystream 0 1 0 1 1 0 1Ciphertext 1 1 0 0 1 1 0Keystream 0 1 0 1 1 0 0Plaintext 1 0 0 1 0 1 1
Stream Ciphers
• Using the keystream and ciphertext we can recover the plaintext
• But..using the plaintext and ciphertext we can recover the keystream
• Using two ciphertexts from the same keystream we can recover the XOR of the plaintexts
• Any two will recover the third (don’t reuse keys of stream cipher)
RC4
• Stream cipher optimized for fast software implementation
• 2048 bit key, 8 bit output• Extremely fast• Used in SSL (Netscape, MSIE), Lotus
Notes, Windows, Adobe Acrobat, Oracle Server
• Easy to get wrong
Block Ciphers
• Originated in early 70’s– banking security systems
F()
F()
L R
encrypt
key
F()
F()
L R
key
decrypt
Block Ciphers
• F() function is a simple transformation, does not have to be reversible
• Each step is called a round, the more rounds, the greater the security
• DES is an example of block cipher– 16 rounds– 56 bit key– 64 bit block size (L,R = 32 bits)
Attacking Block Ciphers
• Differential cryptanalysis– looks for correlations in f() function input
and output
• Linear cryptanalysis– looks for correlations between key and
cipher input and output
• Related-key cryptanalysis– looks for correlations between key changes
and cipher input/output
Data Encryption Standard (DES)
• Widely-used method of encryption using a private (secret) key
• Restricted for exportation to other countries• 72 quadrillion or more possible encryption
keys that can be used• For each given message, the key is chosen
at random from among this number of keys• Sender and receiver must know and use the
same private key
Strength of DES
• Key size = 56 bits
• Brute force = 2**55 attempts
• Differential cryptanalysis = 2**47
• Linear cryptanalysis = 2**43
• Can be done relatively easily with FPGA or ASIC (8 cents/key)
• 1998: German court ruled DES unsafe for financial applications
Other Block Ciphers
• Triple DES (3DES)– encrypt+decrypt+encrypt with 2 (112 bits)
or 3(168 bits) DES keys– 1998 - banking auditors were requiring the
use of 3DES rather than DES
• RC2– companion to RC4, 1024 bit key– RC2 and RC4 have special status for US
exportability
Other Block Ciphers
• AES– Advanced Encryption Standard,
replacement for DES– 128 bit block size, 128/192/256 bit key
Relative PerformanceFast
Slow
RC4
3DES
AES
DES
RC2
Public Key Encryption• How can you use two different keys?
– One is the inverse of the other:– key1 = 3, key2 = 1/3, message M = 4– Encryption: Ciphertext C = M X Key1– = 4 X 3– = 12– Decryption: Plaintext M = C X key2– = 12 X 1/3– = 4
• One key is published, one is kept private -> public-key cryptography (PKC)
Example: RSA• N, e=public key, n=product of two primes q and p• d=private key• Encryption: C = M**e mod n• Decryption: M = C**d mod n• p,q = 5,7• n = p X Q• =35• e=3• d= e**-1 mod ((p-1)(q-1))• = 16
Example: RSA
• Message M = 4
• Encryption: C = 4**3 mod 35 = 29
• Decryption: M 29**16 mod 35 = 4
RSA
• An Internet encryption and authentication system that uses an algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adleman
• Most commonly used encryption and authentication algorithm
• Included as part of the Web browsers from Netscape and Microsoft
RSA
• Other applications;– Lotus Notes– Intuit's Quicken
• Owned by RSA Security– licenses the algorithm technologies– sells development kits– technologies are part of existing or
proposed Web, Internet, and computing standards
How RSA Works• Algorithm involves multiplying two large
prime numbers (a prime number is a number divisible only by that number and 1) and additional operations to derive a set of two numbers that constitutes the public key and another set that is the private key
• Once the keys have been developed, the original prime numbers are no longer important and can be discarded
How RSA Works
• Both the public and the private keys are needed for encryption /decryption but only the owner of a private key ever needs to know it
• Using the RSA system, the private key never needs to be sent across the Internet
• The private key is used to decrypt text that has been encrypted with the public key
How RSA Works
• If I send you a message, I can find out your public key (but not your private key) from a central administrator and encrypt a message to you using your public key
• When you receive it, you decrypt it with your private key
How RSA Works
• You can also authenticate yourself to me (so I know that it is really you who sent the message) by using your private key to encrypt a digital certificate– When I receive it, I can use your public
key to decrypt it.
Summary of RSAOperation Use Whose Kind of keySend anencryptedmessage
Use thereceiver’s
Public
Send anencryptedsignature
Use the sender’s Private
Receive anencryptedmessage
Use thereceiver’s
Private
Receive anencryptedsignature
Use the sender’s Public
Public Key Algorithms
• RSA (Rivest-Shamir-Adleman)– digital signatures and encryption in one
algorithm– private key = sign and decrypt– public key = signature check and
encrypt
• DH (Diffie-Hellman)– key exchange algorithm
Public Key Algorithms
• DSA (Digital Signature Algorithm)
• All have roughly the same strength– 512 bit key is marginal– 1024 bit key is recommended minimal
size– 2048 bit key is better for long term
security
Symmetric key
• Same key used to encrypt and decrypt• Sender and receiver must hold same
secret or key confidentiality• Data Encryption Standard (DES)
algorithm• Merchants must administer secret
keys to all customers and provide them through secure channel (hard!)
Symmetric/secret-key cryptography
Net
Information
Encrypt
Encryptedinformation
Decrypt
Asymmetric key• Two distinct keys
– public key– private key
• Data encrypted using public key can only be decrypted using the corresponding private key
• Multiple senders can encrypt information using the public key– receiver uses the private key to decrypt
• Receiver must protect the private key
Asymmetric/public-key cryptography
Net
Public key Privatekey
What the Sender Does
1011001
Messageto send
Hashalgorithm
Messagedigest
Private key
EncryptionDigital
signature
Sender
Receiver
Randomkey
Receiverpublic key
Encryptedmessage
Randomkey
Encrypteddigital
signatureDigital envelope
What the Receiver Does
ReceiverPrivate key
SenderRandom
keyEncryptedmessage Original
Message
Encrypteddigital
signature
1011001
Messagedigest
1011001
Messagedigest
Digital envelope
Hashfunction
Senderpublic key
Hash Algorithms
• Reduce variable length input to fixed length (128 or 160 bit) output
• Requirements– can’t deduce input from output– can’t generate a given output (CRC fails
this requirement)– can’t find two inputs which produce the
same output (CRC fails this too)
Hash Algorithms
• Used to– produce fixed length fingerprint of arbitrary
length data– produce data checksums to enable
detection of modifications– distill passwords down to fixed length
encryption keys
• Also called message digests or fingerprints
Public-key cryptography• Easier for customer to download public key from a
merchant• Public-key can be used with secret-key without too
much difficulty– customer generates a random number used to encrypt
payment info using DES– DES key is then encrypted using the public key of the
merchant– info and encrypted key sent tp merchant– merchant first decrypts the key; then uses key to decrypt
payment information
Secret-key/Public-key combination
Net
DES key encryptedinfo
publickey
encryptedDES key
Net
privatekey
Secret key and Public KeyFeatures Secret Key Public KeyNumber of keys Single key Pair of keysType of keys Key is secret One key is
private, one keyis public
Keymanagement
Simple but difficultto manage
Need digitalcertificates andtrusted thirdparties
Relative speeds Very fast SlowerUsage Used for bulk data
encryptionUsed for lessdemandingapplicationssuch asencryptingsmalldocuments orto signmessages
Key Sizes and Algorithms
• Conventional key is used once per message
• Public key is used for hundreds or thousands of messages
• Public key compromise is much more serious than a conventional key compromise– Compromised logon password, attacker can
delete your files
Key Sizes and Algorithms
• Compromised private key, attacker can– drain credit card– clean out bank account– sign contracts/documents– identify theft
• 512 public key versus 40 bit conventional key is good balance for weak security
Key Sizes and Algorithms
• Recommendations for public keys– use 512 bit keys for
micropayments/smart cards– use 1K bit keys for short term use (1 yr)– use 1.5K bit keys for longer term use– use2K bit keys for certification
authorities, long term contract signing
Basic ServicesPhysical world Digital world
authentication Digital Certificate
Non-repudiationDigital Signature
confidentiality Encryption
CertificateAuthority
Certificate request
Digital Certificate
NameAuthoritySerial #VersionExpiration DateKeyDigital Signature
X.509X.509
Digital Certificate
Conventional Encryption
Insecurechannel
secure channel
Problem of communicating a large message in secret isreduced to communicating a small key in secret
Key Agreement
Insecurechannel
Key agreement
Provides part of the required secure channel forexchanging a conventional encryption key
Certificate Authority
Mary’spublic key
Mary’sprivate key
John’spublic key
John’sprivate key
Mary’sprivate key
John’sprivate key
Certificate Authority• Trusted Third Party
– similar to a passport office
• Determines policies for PKI• Registers users, system• Validates users, privileges• Issues certificates• Supports life cycle (revoke, renew)• Publishes directories• Manages risk• Protects CA signing key
Certificate Authority
Mary’spublic key
Mary’sprivate key
John’spublic key
John’sprivate key
Mary’sprivate key
John’sprivate key
Mary’spublic key
John’sprivate key
Public KeyInfrastructure (PKI)Registration
AuthorityX.500 Certificate
Authority
Payment Integrity• Hashing algorithms used to prevent fraud
or other sources or error– generates value unique to the data being sent
• hash value or “message digest”
– one way public cipher• no secret key• no way to reproduce the original information• impossible to hash other data to the same value• hash value sent with data and used to compare to
hash value generated at the other end
Hashing• Hash algorithm is public
– anyone can alter data and recalculate new value
• Message digest encrypted using private key of the sender– this is called a “digital signature”– possible to identify sender– only the owner of the private key can encrypt
message digest– private key used to encrypt (sign) the information– public key used to verify signature
Digital SignaturesCreation
Paymentinfo
Hashing Messagedigest
Private key
Transmission
Verification
Reception
Hashing
Private key
Messagedigest
Messagedigest
Compare thetwo
digests
How safe is a digital signature?
• Algorithm used by SET generates a 160 bit message digest– changing a single bit in the message will on
average change half the bits in the message digest
• Odds of two messages having the same message digest are one in 1,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 (10**16)
Digital Signature Examples
1. Only Online Mart can decrypt the order.2. Verify that Susan sent the order.
Scenario 1: Susan ordering from Online Mart
Susan Online MartEncrypt with Online Mart’s public keyOrder Info
Encrypt with Susan’s private key
Digital signature
Order Info
Digital signature
Decrypt with Online Mart’s private key
Decrypt with Susan’s public key
Scenario 2: Online Mart sends confidential info to SusanSusanOnline Mart
Confidential Info
Cipheredtext
Confidential Info
Encrypt with Susan’s public key
Decrypt with Susan’s private key
Payment and Purchase Order Process
• 1. Account holder registration
• 2. Merchant registration
• 3. Account holder (customer) ordering
• 4. Payment authorization
Account holder registration
• Must register with a 3rd party (TP)– must have a copy of the TP
public/private key set• e-mail• web page download• disk• flashcard
– account holder can register account for Internet use with public key
Account holder registration• Registration includes
– name and address– account number– identifying personal information
• Account holder S/W will– create/attach account holder public key to form– generate message digest from the info– encrypt info and disgest (secret key)– encrypt secret key using TP public key– transmit everything to TP
Account Holder Registration
HashingMessage
digest
Messagedigest
Account holder
public key
1 2
3
4
5Secret
key
TP public
key
Encryptedmessage
Transmission
Third Party Registration
• 1. Decrypts the secret key
• 2. Decrypts the information, message digest, and account holders public key
• 3. Computes and compares message digests
• If information is verified TP digitally signs info with private key and sends back to account holder to save and use in future transactions
Third Party Receives Registration
Encryptedmessage
Reception
Encryptedmessage
Messagedigest
Hashing Messagedigest
TPprivate
key
Comparison
1
2
3
Merchant Registration
• Merchants must register with TP– Visa– Mastercard, etc
• Similar to account registration
• Certified Documentation (CD) transferred to the merchant from the TP for storage on merchant computer
Customer Ordering• Customer must have copy of merchant
public key for particular account type• Customer asked what type of account• CD for that account sent• Customer certifies CD using key• Customer allowed to shop in the on-line
environment• Customer fills out appropriate information
when ordering products
Customer Software
• 1. Encrypts account information with the TP public key
• 2. Attaches encrypted account info to order form
• 3. Creates message digest of order form; digitally signs it with customer private key
Customer Software
• 4. Secret-key encryption for– order form– digital signature– customer CD
• 5. Secret key encrypted with merchants public key
• 6. Secret-key encrypted message transmitted to merchant
Customer Ordering - Order sent to merchant
Account TPpublic
key
Encryptedaccount
HashingMessage
digestCustomer
privatekey
Encryptedmessage
Secret key
Merchantpublic key
Transmission
1 2 3
4
5
6
CustomersCD
Merchant Software Functions• 1. Decrypt secret key using private key of
merchant• 2. Decrypt order form, digital signature and
customer CD using secret ket• 3. Decrypt MD using customer public key
obtained from customer CD (to verify digital signature)
• 4. Calculate MD from order form and compare with customer decrypted MD
Customer Ordering - Merchant receives order
Encryptedmessage
Reception Encryptedmessage
Hashing
Messagedigest
Messagedigest
Merchantprivate
keyCustomers
CD
TPpublic key
Customer’s public key
Customer’s public key
Compare
1
2
3
4
Certificates: Need for Authentication
• Before using public-key cryptography, need to make sure other party is authenticated– want to make sure other party’s public
key is really theirs and not an imposter’s– impractical to receive this information
directly from the other party over a secure channel
Certificates: Need for Authentication
• Alternative is to use a trusted third party– Certificate Authority (CA) used to
authenticate public key– authenticate based on published policies– certificate generated which includes
name and public key and digitally signed by CA
Certificate Classes• Class 1
– automated unambiguous name and e-mail address search
• Class 2– Class 1 plus automated enrollment information
check (driver’s license, SSN, DOB) and automated address check (US and Canada)
• Class 3– Class 1 plus personal presence and ID documents
plus Class 2 automated ID check for individuals (credit check); business records for organizations
Certificate Classes
• Primary commercial issuers– Verisign– CyberTrust
• Issuance through the Web
• Free 6 month Class 1 offerred
• Postal Service entering market
Security Protocol Layers
Physical
Data Link
TCP/IP
Higher-levelnet protocols
Applications
Physical
Data Link
TCP/IP
Higher-levelnet protocols
Applications
Internet
Hardware link encryption
IPSEC
SSL, SSH, Kerberos
S/MIME, PGP
E-commerce protocols
The further down you go, the more transparent it is.The further up you go, the easier it is to deploy
Key Management and Certificates
Key Management
• Hardest part of cryptography• Two classes of keys
– Short term session keys (called ephermal keys)
• generated automatically and invisibly• used for one message or session and
discarded
– Long term keys• generated explicitly by the user
Key Management
• Long term keys are used for two purposes– authentication
• access control
• integrity
• non-repudiation
– confidentiality• establish session keys
• protect stored data
Key Management Problems
• Key certification
• Distributing keys– obtaining someone else’s public key– distributing your own public key
• Establishing a shared key with another party– confidentiality: is it really known by the other
party?– Authentication: is it really shared with the other
party?
Key Management Problems
• Key storage– secure storage of keys
• Revocation– revoking published keys– determining whether a published key is
still valid
Key Lifetimes and Key Compromise
• Authentication keys– public keys may have an extremely long
lifetime (decades)– private keys/conventional keys have shorter
lifetimes (year or two)
• Confidentiality– should have as short a lifetime as possible
• If the key is compromised– revoke the key
Key Lifetimes and Key Compromise
• Effects of compromise– authentication; signed documents are
rendered invalid unless timestamped– confidentiality; all data encrypted with it
is compromised
Browser Encryption Capabilities