Cornerstones of internet securityPresentation Transcript
Cornerstones of Internet security
Threats to e-commerce systems can be either malicious or accidental. The procedures and controls you put in place to protect your site should help minimise both.
Malicious threats could include:
hackers attempting to penetrate a system to read or alter sensitive data
burglars stealing a server or laptop that has unprotected sensitive data on its disk
imposters posing as legitimate users and even creating a website similar to yours
authorised users downloading a web page or receiving an email with hidden active content that attacks your systems or sends sensitive information to unauthorised people
Cornerstones of Internet security
Authenticity : it maeans verifying the identity of the user. In tcp/ip the basic means of verifying is password, but password can be intercepted. IP address can also be spoofed.
Privacy: are the contents of message secret ?breaches of privacy can occur both during and after the transactions .
Integrity: have the content of the message modified during transmission?
Nonrepudiation: Can the sender of the message deny that they actually sent the message
E-business security control
There are several techniques that can identify and verify someone seeking to access an e-commerce system. These include:
A user name and password combination, where the password can vary in length and include numbers and characters. Remember to include a system that prompts employees to change their passwords at regular intervals.
"Two-factor" authentication requiring something the user has (eg an authentication token) and something the user knows (eg a personal identification number).
A digital certificate that enables authentication through the use of an individual's unique signing key.
A person's unique physical attribute, referred to as a biometric. This can range from a fingerprint or iris scan, through to retina or facial-feature recognition.
This restricts different classes of users to subsets of information and ensures that they can only access data and services for which they have been authorised. These include using:
network restrictions to prevent access to other computer systems and networks
application controls to ensure individuals are limited in the data or service they can access
restrictions on what can be copied from the system and stored on pen drives, memory sticks or CDs/DVDs
limits on the sending and receiving of certain types of email attachments
Changes to access privileges must be controlled to prevent users retaining them if they transfer between departments or leave the business.
This technique scrambles data, and is used to protect information that is being either held on a computer or transmitted over a network. It uses technologies such as virtual private networks (VPNs) and secure socket layers.
One way to ensure that confidentiality and privacy of message is to make sure that even if they fall into wrong hands cannot be read. this is where cryptography comes into play.
Basic parts of cryptography
Plain text: the original meesage in human readable form
Ciphertext: the palin text message after it has been encrypted into unreadable form
Encryption algorithm: the mathematical formula used to encrypt the plain text into ciphertext.
Key: the secre key used to encrypt and decrypt a message .
Text that has been encrypted and thus can not be read by any one besides the sender and the receiver.
Key (Cipher) : Any method for transforming plain text into cipher text.
Substitution Cipher : Every occurrence of a given letter is replaced systematically by another letter. Say letter plus 2 Substitution will make HELLO as JGNNQ
Ordering of letters in each word is changed in some systematic way. The word HELLO can be written as OLLEH or a more complicated cipher would be:
Break all words into two words
Spell the first word with every other letter beginning with the first letter, then spell the second word with all the remaining letter, HLO EL
Basic infrastructure used in cryptography
Public key / asymmetric cryptography
Private key/ symmetric cryptography.
A big random number is used to make a public-key/private-key pair.
secret key cryptography , also known as symmetric cryptography uses a single secret key for both encryption and decryption. To use symmetric cryptography for communication, both the sender & receiver would have to know the key beforehand, or it would have to be sent along with the message.
Encryption involves applying an operation (an algorithm) to the data to be encrypted using the private key to make them unintelligible. The slightest algorithm (such as an exclusive OR) can make the system nearly tamper proof (there being so such thing as absolute security).
Disadvantages of private key
symmetric encryption requires that a secure channel be used to exchange the key, which seriously diminishes the usefulness of this kind of encryption system.
Symmetric encryption is based on the exchange of a secret (keys). The problem of key distribution therefore arises
Moreover, a user wanting to communicate with several people while ensuring separate confidentiality levels has to use as many private keys as there are people. For a group of N people using a secret-key cryptosystem, it is necessary to distribute a number of keys equal to N * (N-1) / 2 .
Public Key Encryption
Each user gets a pair of keys
1 private; 1 public
Public key is shared with the world and used for encryption
Private key is kept private and used for decryption
There is no way to determine the private key from knowledge of the public key
There is no need to exchange keys secretly
Public key encryption
Public-key encryption (also called asymmetric encryption ) involves a pair of keys--a public key and a private key --associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data. Each public key is published, and the corresponding private key is kept secret. Data encrypted with your public key can be decrypted only with your private key.
Anyone can encrypt using the public key, but only the holder of the private key can decrypt. Security depends on the secrecy of the private key.
Data encrypted with your private key can be decrypted only with your public key. This would not be a desirable way to encrypt sensitive data, however, because it means that anyone with your public key, which is by definition published, could decrypt the data.
Using a private key to encrypt (thus signing) a message; anyone can check the signature using the public key. Validity depends on private key security.
PK Encryption using Digital Signatures and Hash Digests
There is no authentication of sender. The sender could deny sending the message that is repudiation.
There is no assurance that messaged was not altered somehow in transit.
A hash function is used first to create a hash digest( an algorithm that is used to produce a fixed length number called Hash or message digest
How does Alice know that message came from Bob?
Everyone knows Alice’s public key
Bob signs the message
Authentication: Signing a Message
Bob hashes the message
He encrypts the hash, date, and time with his private key and appends it to message (signature)
Then entire message is encrypted with alice’s public key
It can be a simple function to count of 1’s in the message.
It can be complex to produce a 128 bit number that reflects the number of 1’s and 0’s in the message
Result of applying the Hash function are sent by the sender to the recipient
Recipient applies the same hash function to verify the same results are produced.
What is a Digital Signature?
How Does Alice Know Message is From Bob?
Alice decrypts the message and reads the signature
Tries to decrypt the signature with bob’s public key
OK: Must be bob -- only he has the corresponding private key
Not OK: Sent by someone else
Alice cannot repudiate message
Signature is hers
Signature hash matches document
Nobody else could have sent it and Bob could not have made it up
Nobody can intercept the message, modify it, and resend
If so, hash would be incorrect
Potential Problems with Public Key Cryptography
Too hard to keep track of all partners’ public keys
What if partner wants to change public key (perhaps private key was compromised)?
Cannot trust sender to send you their public key, because they could be imposter