Your SlideShare is downloading. ×
Moein
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Moein

440

Published on

secrity moein

secrity moein

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
440
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security in e-commerce Ahmad allahbakhshe
  • 2. Introduction
    • Security in e-commerce subject new
    • Security in e-commerce such as threats, risks,…
    • Imporatance subject in Security e-commerce subject Inter network Security
  • 3. Mechanisms Cryptography types
    • Cryptography Principles of encryption, the encryption
    • two type Mechanisms Cryptography :
    • Symmetric Cryptosystem
    • Asymmetric Cryptosystem
  • 4. Method Symmetric
    • Method Symmetric two type:
    • Stream cipher
    • Block cipher
  • 5. Hash Functions
    • Characteristics
      • Given M, it is easy to compute h
      • Given h, it is hard to compute M such that H(M)= h
        • One-way characteristic
      • Given M, it is hard to find another message , M`, such that H(M)=H(M`)
        • Also called weak collision resistance
      • It is hard to find two random messages, M and M` , such that H(M)=H(M`)
  • 6. Hash Functions f f f Y 0 Y 1 Y m-1 IV=CV 0 CV 1 CV m-1 n n n b b b … n n CV m =H(M)
  • 7. MD5
    • Produces 128-bit hash codes
    • The input is processed in 512-bit blocks
      • Input message is padded to be an integer multiple of 448 (512-64)
        • Padding is 1-bit followed by 0s
      • Append a 64-bit representation of length of the input
        • If input is greater than 2 64 only the low-order 64 bits of the length are used
      • Initialise the MD buffer (128 bits) to a fixed value
        • This buffer is used to hold intermediate and final results of the hash function (chaining variable)
      • Process all m 512-bits blocks with H MD5 compression
  • 8. Strength of MD5
    • Every bit of the hash code is a function of every bit in the input
      • Brute force attack complexity is 2 128
      • Birthday attack complexity is 2 64
    • Considered cryptanalytically vulnerable
  • 9. Encryption algorithms
    • 1)DES
    • 2) AES
  • 10. History of DES
    • IBM develops Lucifer for banking systems (1970’s )
      • NIST and NSA evaluate and modify Lucifer (1974)
    • Modified Lucifer adopted as federal standard (1976)
      • Name changed to Data Encryption Standard (DES)
      • Defined in FIPS (46-3) and ANSI standard X9.32
    • NIST defines Triple DES (3DES) (1999)
      • Single DES use deprecated - only legacy systems.
    • NIST approves Advanced Encryption Std. (AES) (2001)
      • AES which will replaces DES and 3DES.
  • 11. DES
    • Block length = 64 bits (L,R of 32 bits each.)
    • Key Length = 56 bits (8 parity bits)
      • 16 subkeys of 48 bits each are created for the 16 rounds
  • 12. DES
    • Block length is same as DES but use 3 DES steps.
    • Key length = 168 bits
      • Uses a 56 bit key for each of the 3 DES stages
    • Keys may be independent or related
      • if k 1 = k 2 = k 3 3DES is compatible with DES.
  • 13. AES
    • The RSA Cryptosystem
      • Proposed by Rivest, Shamir, and Adleman (1977)
      • Used for encryption and signature schemes
      • Based on the intractability of the integer factorization problem
      • Key generation
        • Let p, q be large prime, n=pq and  =(p-1)(q-1)
        • Choose randomly e s.t. gcd(e,  )=1
        • Compute d  e -1 mod 
        • Public-key: (e, n)
        • Private-key: (d,n)
        • RSA function: f(m)=m e mod n
  • 14. AES
      • Key generation
        • Let p, q be large prime, n=pq and  =(p-1)(q-1)
        • Choose randomly e s.t. gcd(e,  )=1
        • Compute d  e -1 mod 
        • Public-key: (e, n)
        • Private-key: (d,n)
        • RSA function: f(m)=m e mod n
  • 15. AES Encryption Decryption M E C KU a E KUa (M)= M e (mod n) D KR a D KRa (C)= C d (mod n) M n = pq d*e = 1 (mod ø(n)) Private key KRa = (d, n) Public key KUa = (e, n)
  • 16. Public Key
    • Here we go again!!
    • Exchange key in person
    • Verify the pubic key
      • Via telephone
        • using the key’s fingerprint, which is considerably shorter
    • Obtain public key through a trusted third party
      • Person or authority
  • 17. Types of attack
    • Ciphertext-only attack
      • The attacker only has a few ciphertexts to use
    • Known-plaintext attack
      • The attacker possesses a few ciphertexts and the relative plaintexts
    • Chosen-plaintext attack
      • Like in known-plaintext plus the attacker can choose the plaintext that gets encrypted (more powerful)
    • Adaptive-chosen-plaintext attack
      • Like in chosen-plaintext attack plus the attackers can modify the choice based on the results of previous encryption
  • 18. Brute Force Attacks
    • All cryptosystems can be broken with a ciphertext-only attack aka Brute Force Attack
      • It doesn't apply to OTP
    • Brute force attack
      • Try all possible keys
      • Try all possible plaintext (Dictionary attack for passwords)
      • Complexity
    • Complexity of the attack
      • Data Complexity, Processing Complexity, Storage requirements
  • 19. Firewalls
    • A firewall is a barrier placed between the private network and the outside world.
    • All incoming and outgoing traffic must pass through it.
    • Types firewall :
    • Router-Based
    • Host Based
  • 20. Secure Protocols
    • SSL
    • SET
    • S/MIME
    • TLS
    • SSH
    • And …
  • 21. SSL
    • Originally designed for TCP
      • Assumes reliable delivery of packets
      • Cannot run on UDP or IP
    • Other SSL variants work over UDP
      • Microsoft’s STLP
      • WAP Forum’s WTLS
  • 22. SSL
    • Three purposes:
      • Agree on a set of algorithms to be used in the communication
      • Establish the key to be used with the above algorithms
      • Optionally authenticate the client
  • 23. SET
    • Developed by Visa and MasterCard
    • Designed to protect credit card transactions
    • Confidentiality: all messages encrypted
    • Trust: all parties must have digital certificates
    • Privacy: information made available only when and where necessary
  • 24. SET
  • 25. S/MIME
    • Uses encryption
      • both symmetric and public key strategies
    • Symmetric key is transmitted with the message
    • Shared secret is encoded using public key of the recipient
    • Uses digital signatures to protect against tampering and forgery
  • 26. S/MIME
    • Problems with RFC 822
      • Cannot send binaries and executables
      • Limited to 7-bit ASCII
      • Oversized emails could be rejected
      • Encoding problems
    • MIME introduces five new header fields
      • Allows new content and multiple content
      • Defines transfer encodings for message bodies
  • 27. S/MIME Versions
    • Version 2
      • widely implemented but limited
        • 40-bit keys (the RC2 algorithm)
        • RSA-patented symmetric algorithms
    • Version 3
      • currently in IETF draft
        • uses Diffie-Hellman instead of RSA technology
        • support for strong encryption
  • 28. TLS
    • The TLS protocol comes from lessons learned by the SSL and PCT protocols
    • Very similar to the SSL v3 protocol
    • The TLS v1.0 protocol is described in RFC2246
    • The TLS protocol is composed by two layers:
      • TLS record protocol
      • TLS handshake protocol
  • 29. TLS
    • The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications.
    • Goals of TLS
      • Cryptographic security
      • Interoperability
      • Extensibility
      • Relative efficiency
  • 30. SSH
    • SSH provides secure replacements for rsh, rlogin , rcp, ftp, and telnet, all of which transmit data over the network as clear text
    • The SSH protocol was developed in 1995 to address the various security issues associated with the "r-commands"
    • Developed by Tatu Ylönen, a researcher at the Helsinki University of Technology
  • 31. SSH
    • SSH protocol is based on a client/server architecture
      • A user who wants to connect to a remote host will execute the ssh command (the client) on his local machine
      • It will connect to the remote computer's ssh daemon (the server)
    • There are two primary versions of the SSH protocol
      • SSH-1
      • SSH-2
  • 32. Payment Gatway
    • Decrypt the digital license to obtain and decrypt the symmetric key block
    • Verify the sign vendor
    • Decrypt digital pay to obtain and decrypt the symmetric key block
  • 33. IPSec—IP Security
    • Provide encryption and integrity protection to IP packets (and authentication of two peers).
      • AH (Authentication Header)
        • An additional header, provides integrity protection
      • ESP (Encapsulating Security Payload)
        • Also an addition header, provides encryption and integrity protection
      • IKE (Internet Key Exchange)
        • Establishing session keys (used for AH & ESP) as well as authentication.
      • Both AH and ESP are called IPSec Headers.
      • Authentication: users and data.
  • 34. Security Associations (SA)
    • Provide encryption and integrity protection to IP packets (and authentication of two peers).
      • AH (Authentication Header)
        • An additional header, provides integrity protection
      • ESP (Encapsulating Security Payload)
        • Also an addition header, provides encryption and integrity protection
      • IKE (Internet Key Exchange)
        • Establishing session keys (used for AH & ESP) as well as authentication.
      • Both AH and ESP are called IPSec Headers.
      • Authentication: users and data.
  • 35. IPSec mode usage
    • Transport mode is used when IPSec is used end-to-end
    • Tunnel mode is used between firewalls or endnode and firewall. (Example)
    • Combination of multiple modes
    • In tunnel mode, the original IP packet will be kept intact ( not really ?).
  • 36. IKE phases
    • Phase 1
      • Mutual authentication and establishes session keys (used in phase 2) by key exchange, called IKE SA
        • How about authentication:
          • Pre-shared secret key
          • Public encryption key
          • Public signature key
        • Establishes session key
          • Diffie-Hellman key exchange,
          • protected by above keys.
  • 37. IKE phases
    • Phase 2
      • Establish multiple session keys, such as ESP SA, AH SA, …
  • 38. IKE phase 1—main mode Alice Bob Crypto suites I support Crypto suite I choose g a mod p g b mod p g ab mod p{“Alice”, proof I am Alice} g ab mod p{“Bob”, proof I am Bob}
  • 39. IKE phase 2
    • Any party can initiate a quick mode exchange to set up an ESP SA or AH SA
      • Negotiating crypto parameters
      • Optionally doing a Diffie-Hellman exchange (if perfect forward secrecy is desired)
      • Negotiating what traffic will be sent on the SA
  • 40.
      • Thank you

×