Upcoming SlideShare
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Standard text messaging rates apply

# Moein

440

Published on

secrity moein

secrity moein

Published in: Technology, Education
0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

• Be the first to like this

Views
Total Views
440
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
20
0
Likes
0
Embeds 0
No embeds

No notes for slide

### Transcript

• 1. Security in e-commerce Ahmad allahbakhshe
• 2. Introduction
• Security in e-commerce subject new
• Security in e-commerce such as threats, risks,…
• Imporatance subject in Security e-commerce subject Inter network Security
• 3. Mechanisms Cryptography types
• Cryptography Principles of encryption, the encryption
• two type Mechanisms Cryptography :
• Symmetric Cryptosystem
• Asymmetric Cryptosystem
• 4. Method Symmetric
• Method Symmetric two type:
• Stream cipher
• Block cipher
• 5. Hash Functions
• Characteristics
• Given M, it is easy to compute h
• Given h, it is hard to compute M such that H(M)= h
• One-way characteristic
• Given M, it is hard to find another message , M`, such that H(M)=H(M`)
• Also called weak collision resistance
• It is hard to find two random messages, M and M` , such that H(M)=H(M`)
• 6. Hash Functions f f f Y 0 Y 1 Y m-1 IV=CV 0 CV 1 CV m-1 n n n b b b … n n CV m =H(M)
• 7. MD5
• Produces 128-bit hash codes
• The input is processed in 512-bit blocks
• Input message is padded to be an integer multiple of 448 (512-64)
• Padding is 1-bit followed by 0s
• Append a 64-bit representation of length of the input
• If input is greater than 2 64 only the low-order 64 bits of the length are used
• Initialise the MD buffer (128 bits) to a fixed value
• This buffer is used to hold intermediate and final results of the hash function (chaining variable)
• Process all m 512-bits blocks with H MD5 compression
• 8. Strength of MD5
• Every bit of the hash code is a function of every bit in the input
• Brute force attack complexity is 2 128
• Birthday attack complexity is 2 64
• Considered cryptanalytically vulnerable
• 9. Encryption algorithms
• 1)DES
• 2) AES
• 10. History of DES
• IBM develops Lucifer for banking systems (1970’s )
• NIST and NSA evaluate and modify Lucifer (1974)
• Modified Lucifer adopted as federal standard (1976)
• Name changed to Data Encryption Standard (DES)
• Defined in FIPS (46-3) and ANSI standard X9.32
• NIST defines Triple DES (3DES) (1999)
• Single DES use deprecated - only legacy systems.
• NIST approves Advanced Encryption Std. (AES) (2001)
• AES which will replaces DES and 3DES.
• 11. DES
• Block length = 64 bits (L,R of 32 bits each.)
• Key Length = 56 bits (8 parity bits)
• 16 subkeys of 48 bits each are created for the 16 rounds
• 12. DES
• Block length is same as DES but use 3 DES steps.
• Key length = 168 bits
• Uses a 56 bit key for each of the 3 DES stages
• Keys may be independent or related
• if k 1 = k 2 = k 3 3DES is compatible with DES.
• 13. AES
• The RSA Cryptosystem
• Proposed by Rivest, Shamir, and Adleman (1977)
• Used for encryption and signature schemes
• Based on the intractability of the integer factorization problem
• Key generation
• Let p, q be large prime, n=pq and  =(p-1)(q-1)
• Choose randomly e s.t. gcd(e,  )=1
• Compute d  e -1 mod 
• Public-key: (e, n)
• Private-key: (d,n)
• RSA function: f(m)=m e mod n
• 14. AES
• Key generation
• Let p, q be large prime, n=pq and  =(p-1)(q-1)
• Choose randomly e s.t. gcd(e,  )=1
• Compute d  e -1 mod 
• Public-key: (e, n)
• Private-key: (d,n)
• RSA function: f(m)=m e mod n
• 15. AES Encryption Decryption M E C KU a E KUa (M)= M e (mod n) D KR a D KRa (C)= C d (mod n) M n = pq d*e = 1 (mod ø(n)) Private key KRa = (d, n) Public key KUa = (e, n)
• 16. Public Key
• Here we go again!!
• Exchange key in person
• Verify the pubic key
• Via telephone
• using the key’s fingerprint, which is considerably shorter
• Obtain public key through a trusted third party
• Person or authority
• 17. Types of attack
• Ciphertext-only attack
• The attacker only has a few ciphertexts to use
• Known-plaintext attack
• The attacker possesses a few ciphertexts and the relative plaintexts
• Chosen-plaintext attack
• Like in known-plaintext plus the attacker can choose the plaintext that gets encrypted (more powerful)
• Like in chosen-plaintext attack plus the attackers can modify the choice based on the results of previous encryption
• 18. Brute Force Attacks
• All cryptosystems can be broken with a ciphertext-only attack aka Brute Force Attack
• It doesn't apply to OTP
• Brute force attack
• Try all possible keys
• Try all possible plaintext (Dictionary attack for passwords)
• Complexity
• Complexity of the attack
• Data Complexity, Processing Complexity, Storage requirements
• 19. Firewalls
• A firewall is a barrier placed between the private network and the outside world.
• All incoming and outgoing traffic must pass through it.
• Types firewall :
• Router-Based
• Host Based
• 20. Secure Protocols
• SSL
• SET
• S/MIME
• TLS
• SSH
• And …
• 21. SSL
• Originally designed for TCP
• Assumes reliable delivery of packets
• Cannot run on UDP or IP
• Other SSL variants work over UDP
• Microsoft’s STLP
• WAP Forum’s WTLS
• 22. SSL
• Three purposes:
• Agree on a set of algorithms to be used in the communication
• Establish the key to be used with the above algorithms
• Optionally authenticate the client
• 23. SET
• Developed by Visa and MasterCard
• Designed to protect credit card transactions
• Confidentiality: all messages encrypted
• Trust: all parties must have digital certificates
• Privacy: information made available only when and where necessary
• 24. SET
• 25. S/MIME
• Uses encryption
• both symmetric and public key strategies
• Symmetric key is transmitted with the message
• Shared secret is encoded using public key of the recipient
• Uses digital signatures to protect against tampering and forgery
• 26. S/MIME
• Problems with RFC 822
• Cannot send binaries and executables
• Limited to 7-bit ASCII
• Oversized emails could be rejected
• Encoding problems
• MIME introduces five new header fields
• Allows new content and multiple content
• Defines transfer encodings for message bodies
• 27. S/MIME Versions
• Version 2
• widely implemented but limited
• 40-bit keys (the RC2 algorithm)
• RSA-patented symmetric algorithms
• Version 3
• currently in IETF draft
• uses Diffie-Hellman instead of RSA technology
• support for strong encryption
• 28. TLS
• The TLS protocol comes from lessons learned by the SSL and PCT protocols
• Very similar to the SSL v3 protocol
• The TLS v1.0 protocol is described in RFC2246
• The TLS protocol is composed by two layers:
• TLS record protocol
• TLS handshake protocol
• 29. TLS
• The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications.
• Goals of TLS
• Cryptographic security
• Interoperability
• Extensibility
• Relative efficiency
• 30. SSH
• SSH provides secure replacements for rsh, rlogin , rcp, ftp, and telnet, all of which transmit data over the network as clear text
• The SSH protocol was developed in 1995 to address the various security issues associated with the &quot;r-commands&quot;
• Developed by Tatu Ylönen, a researcher at the Helsinki University of Technology
• 31. SSH
• SSH protocol is based on a client/server architecture
• A user who wants to connect to a remote host will execute the ssh command (the client) on his local machine
• It will connect to the remote computer's ssh daemon (the server)
• There are two primary versions of the SSH protocol
• SSH-1
• SSH-2
• 32. Payment Gatway
• Decrypt the digital license to obtain and decrypt the symmetric key block
• Verify the sign vendor
• Decrypt digital pay to obtain and decrypt the symmetric key block
• 33. IPSec—IP Security
• Provide encryption and integrity protection to IP packets (and authentication of two peers).
• IKE (Internet Key Exchange)
• Establishing session keys (used for AH & ESP) as well as authentication.
• Both AH and ESP are called IPSec Headers.
• Authentication: users and data.
• 34. Security Associations (SA)
• Provide encryption and integrity protection to IP packets (and authentication of two peers).
• IKE (Internet Key Exchange)
• Establishing session keys (used for AH & ESP) as well as authentication.
• Both AH and ESP are called IPSec Headers.
• Authentication: users and data.
• 35. IPSec mode usage
• Transport mode is used when IPSec is used end-to-end
• Tunnel mode is used between firewalls or endnode and firewall. (Example)
• Combination of multiple modes
• In tunnel mode, the original IP packet will be kept intact ( not really ?).
• 36. IKE phases
• Phase 1
• Mutual authentication and establishes session keys (used in phase 2) by key exchange, called IKE SA
• Pre-shared secret key
• Public encryption key
• Public signature key
• Establishes session key
• Diffie-Hellman key exchange,
• protected by above keys.
• 37. IKE phases
• Phase 2
• Establish multiple session keys, such as ESP SA, AH SA, …
• 38. IKE phase 1—main mode Alice Bob Crypto suites I support Crypto suite I choose g a mod p g b mod p g ab mod p{“Alice”, proof I am Alice} g ab mod p{“Bob”, proof I am Bob}
• 39. IKE phase 2
• Any party can initiate a quick mode exchange to set up an ESP SA or AH SA
• Negotiating crypto parameters
• Optionally doing a Diffie-Hellman exchange (if perfect forward secrecy is desired)
• Negotiating what traffic will be sent on the SA
• 40.
• Thank you