SlideShare a Scribd company logo

Online Shopping Encryption Guide

Download as PPTX, PDF
C
Casey Husseman
1 of 22
BUSINESS CONSULTANTS DEEP TECHNOLOGISTS Encryption and Why You Can Buy Things Online KTS by Casey Husseman 1
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Overview of How Online Shopping Works  Where Does Your Credit Card Number Go?  Encryption  Definition  Example (Caesar Cipher)  Intro to Modular Arithmetic  Encryption in Computers Today  Public Key  RSA  Digital Signatures  Problems with Encryption  The Future  Quantum Computers Outline 2
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Go to Amazon.com Add item to your cart Send your credit card to Amazon Amazon charges you for purchase Amazon sends you your item Overview of How Online Shopping Works 3
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Go to Amazon.com Add item to your cart Send your credit card to Amazon Amazon charges you for purchase Amazon sends you your item Overview of How Online Shopping Works 4
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Internet connections are not a straight shot from your laptop to the website  Information must jump from server to server on the internet  Some of these servers are privately owned and operated  What is stopping everyone who handles your data from stealing your credit card number? Where Does Your Credit Card Number Go? 5
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Encryption is the translation of data into a secret code using a cipher. Encryption Definition 6
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Encryption Example (Caesar Cipher) 7 Julius Caesar (100 BCE – 44 CE) famously used a “shift cipher” to communicate secret messages with his generals. He wrote the messages, then transposed each letter three positions backwards in the alphabet. WEST MONROE PARTNERS TBPQ JLKOLB MXOQKBOP
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Modular Arithmetic 8 Numbers are congruent modulo m if their difference (a – b) is divisible by m. We can write this as a ≡ b mod m or a = b + k*m for some k. The goal is to find the congruent number smaller than m.
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  For an example, think of clocks: Modular Arithmetic 9 Numbers are congruent modulo m if their difference (a – b) is divisible by m. We can write this as a ≡ b mod m or a = b + k*m for some k. The goal is to find the congruent number smaller than m.
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  For an example, think of clocks: Modular Arithmetic 10 Numbers are congruent modulo m if their difference (a – b) is divisible by m. We can write this as a ≡ b mod m or a = b + k*m for some k. The goal is to find the congruent number smaller than m. 8:00 + 6:00 = 14:00 14:00 = 2:00 + 12:00 14:00 ≡ 2:00 mod 12:00
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  For an example, think of clocks: Modular Arithmetic 11 Numbers are congruent modulo m if their difference (a – b) is divisible by m. We can write this as a ≡ b mod m or a = b + k*m for some k. The goal is to find the congruent number smaller than m. 8:00 + 6:00 = 14:00 14:00 = 2:00 + 12:00 14:00 ≡ 2:00 mod 12:00 8 + 6 = 14 14 = 2 + 1*12 14 ≡ 2 mod 12
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Using mods sets limits  For clocks, you never write more than 12 hours  For words/messages, you never write more than the 26 letters  This lets encrypted messages be the same size as the original message Modular Arithmetic, Why Do We Care? 12
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Messages are composed of 1’s and 0’s 1’s and 0’s are then encrypted (still in 1’s and 0’s) Message is decrypted by receiver How Computers Use Encryption 13  Computers send messages in binary “binary” = 01100010 01101001 01101110 01100001 01110010 01111001 011001000110111 100100000011011 100110111101110 100001000000111 001001100101011 000010110010000 001001110010001 101111001000000 110110100101111 011101000010000 010010001111001 010110000101101 011001000110111 100100000011011 100110111101110 100001000000111 001001100101011 000010110010000
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  We can imagine long strings of binary as numbers  We can manipulate the numbers using math formulas (ciphers)  The encrypted numbers can be decrypted by the intended recipient Numbers Simplification 14 235921528402397 512339522023178 235921528402397 Encryption Cipher Decryption Cipher
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Each user has a public and private key pair  The public key is used for encryption  The private key is used for decryption  Each user keeps their private key private, and makes their public key public Public Key Encryption 15 235921528402397 512339522023178 235921528402397 (Encryption) Public Key Used 287367198201 (Decryption) Private Key Used 832984805387
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  First, Amazon decides on the parameter N (parameters are also public)  Amazon uses N to generates public key e and private key d  You take your message m and compute your encrypted message c by Encryption: c ≡ me mod N  You send Amazon your encrypted message c  Amazon uses its private key to reconstruct m by Decryption: m ≡ cd mod N  This process works because the private key d is the inverse of the public key e Math: m ≡ (me)d mod N RSA Encryption 16
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Signatures are used to prove identity  Identity means you have the private key for an associated public key  For each user’s public and private key pair,  The private key is used for signing  The public key is used for authentication Digital Signatures Using Public Key 17 235921528402397 432539121127771 235921528402397 (Signing) Private Key Used 832984805387 (Authentication) Public Key Used 287367198201
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Like encryption, Amazon decides on the parameter N and uses N to generates public key e and private key d  Amazon takes the message to be signed m and computes the signature s by Signing: s ≡ md mod N  Amazon sends m and s together  You then use Amazon’s public key to construct m’ by Authentication: m’ ≡ se mod N  If m’ is congruent to m, then s must have been generated by Amazon’s private key Math: m’ ≡ (md)e ≡ m mod N Digital Signatures with RSA 18
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Public key encryption is based on assumption that underlying math is “hard”  Hard means it will take millions of years to break with the most sophisticated algorithms  RSA relies on the Discrete Log Problem  For large numbers g, h, p (upward of 100 digits), this is currently sufficiently hard  The ciphers in RSA (both the encryption and decryption) are considered one-way functions Problems with Public Key Encryption 19 The Discrete Log Problem is to determine integer x given g, h, and p where gx ≡ h mod p.
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  A quantum computer uses phenomena such as superposition and quantum entanglement to perform calculations at incredible speeds  There exist quantum algorithms (Shor’s algorithm) can break the Discrete Log Problem  Quantum computers will be the end of public key encryption  Early versions are in (limited) operation right now! Quantum Computers 20
© 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Lattice cryptography is one promising alternative  Lattices use real numbers (not integers) and linear combinations with modular arithmetic  There do not (presently) exist quantum algorithms for solving lattice problems  Eventually, we must move away from using “one-way” functions for encryption  The coolest part: These discussions are happening RIGHT NOW! The Future 21
Thank You

Recommended

Ethereum Contracts - Coinfest 2015
Ethereum Contracts - Coinfest 2015Ethereum Contracts - Coinfest 2015
Ethereum Contracts - Coinfest 2015Rhea Myers
 
OCSoverall
OCSoverallOCSoverall
OCSoverallSachin Hundare
 
Pp Pres Retailer 1.1
Pp Pres Retailer 1.1Pp Pres Retailer 1.1
Pp Pres Retailer 1.1MikeBemis
 
How (not) to spend $15k per month with AWS Athena.pdf
How (not) to spend $15k per month with AWS Athena.pdfHow (not) to spend $15k per month with AWS Athena.pdf
How (not) to spend $15k per month with AWS Athena.pdfIvica Kolenkaš
 
Technology, Process, and Strategy
Technology, Process, and StrategyTechnology, Process, and Strategy
Technology, Process, and Strategyereddick
 
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEs
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEsCloud Expo May 09 Richard Britton, Cloud Computing for SMEs
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEsEasynet Connect
 
GopherCon UK 2018 - Orchestration of microservices
GopherCon UK 2018 - Orchestration of microservicesGopherCon UK 2018 - Orchestration of microservices
GopherCon UK 2018 - Orchestration of microservicesBernd Ruecker
 
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...TigerGraph
 

Recommended

Ethereum Contracts - Coinfest 2015
Ethereum Contracts - Coinfest 2015Ethereum Contracts - Coinfest 2015
Ethereum Contracts - Coinfest 2015Rhea Myers
 
OCSoverall
OCSoverallOCSoverall
OCSoverallSachin Hundare
 
Pp Pres Retailer 1.1
Pp Pres Retailer 1.1Pp Pres Retailer 1.1
Pp Pres Retailer 1.1MikeBemis
 
How (not) to spend $15k per month with AWS Athena.pdf
How (not) to spend $15k per month with AWS Athena.pdfHow (not) to spend $15k per month with AWS Athena.pdf
How (not) to spend $15k per month with AWS Athena.pdfIvica Kolenkaš
 
Technology, Process, and Strategy
Technology, Process, and StrategyTechnology, Process, and Strategy
Technology, Process, and Strategyereddick
 
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEs
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEsCloud Expo May 09 Richard Britton, Cloud Computing for SMEs
Cloud Expo May 09 Richard Britton, Cloud Computing for SMEsEasynet Connect
 
GopherCon UK 2018 - Orchestration of microservices
GopherCon UK 2018 - Orchestration of microservicesGopherCon UK 2018 - Orchestration of microservices
GopherCon UK 2018 - Orchestration of microservicesBernd Ruecker
 
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...TigerGraph
 
Marvin and Me
Marvin and MeMarvin and Me
Marvin and MeBrian Moran
 
Data Collection without Privacy Side Effects
Data Collection without Privacy Side EffectsData Collection without Privacy Side Effects
Data Collection without Privacy Side EffectsJosep M. Pujol
 
Spot On3 D P Pres General 2.0
Spot On3 D P Pres General 2.0Spot On3 D P Pres General 2.0
Spot On3 D P Pres General 2.0MikeBemis
 
CCNA R&S-17-Analyzing Subnet Masks
CCNA R&S-17-Analyzing Subnet MasksCCNA R&S-17-Analyzing Subnet Masks
CCNA R&S-17-Analyzing Subnet MasksAmir Jafari
 
Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...
Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...
Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...Shelley Reece
 
Fighting financial fraud at Danske Bank with artificial intelligence
Fighting financial fraud at Danske Bank with artificial intelligenceFighting financial fraud at Danske Bank with artificial intelligence
Fighting financial fraud at Danske Bank with artificial intelligenceRon Bodkin
 
Lessons Learned from Making Resilient Apps with Azure Mobile App Services
Lessons Learned from Making Resilient Apps with Azure Mobile App ServicesLessons Learned from Making Resilient Apps with Azure Mobile App Services
Lessons Learned from Making Resilient Apps with Azure Mobile App ServicesMatthew Soucoup
 
Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...
Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...
Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...Amazon Web Services
 
The Lima Consulting Group Digital Transformation Maturity Model Presented at ...
The Lima Consulting Group Digital Transformation Maturity Model Presented at ...The Lima Consulting Group Digital Transformation Maturity Model Presented at ...
The Lima Consulting Group Digital Transformation Maturity Model Presented at ...Lima Consulting Group
 
VRM + CRM and why individuals need their own X-wing vehicles
VRM + CRM and why individuals need their own X-wing vehiclesVRM + CRM and why individuals need their own X-wing vehicles
VRM + CRM and why individuals need their own X-wing vehiclesDoc Searls
 
2011 04 06_sugarcon1
2011 04 06_sugarcon12011 04 06_sugarcon1
2011 04 06_sugarcon1Doc Searls
 
2011 04 06_sugarcon1
2011 04 06_sugarcon12011 04 06_sugarcon1
2011 04 06_sugarcon1Doc Searls
 
Crypto-Currency - Strategic Review v3
Crypto-Currency - Strategic Review v3Crypto-Currency - Strategic Review v3
Crypto-Currency - Strategic Review v3Bryan Starbuck
 
Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?
Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?
Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?Tealium
 
Event email campaign takedown 18 x your results!
Event email campaign takedown 18 x your results!Event email campaign takedown 18 x your results!
Event email campaign takedown 18 x your results!AnastasiaVoytehina
 
Demystifying Smart Contracts
Demystifying Smart ContractsDemystifying Smart Contracts
Demystifying Smart ContractsBernard Peh
 
Case story CCV Belgium
Case story CCV BelgiumCase story CCV Belgium
Case story CCV BelgiumRealDolmenCRM
 
TXGX 2019_Colin_Account and Transaction Model in Klaytn
TXGX 2019_Colin_Account and Transaction Model in KlaytnTXGX 2019_Colin_Account and Transaction Model in Klaytn
TXGX 2019_Colin_Account and Transaction Model in KlaytnKlaytn
 
Legal IT Leaders Think Tank
Legal IT Leaders Think TankLegal IT Leaders Think Tank
Legal IT Leaders Think Tankdansimms
 
CRM Data Migration: Swift and Secure Transition with Data2CRM
CRM Data Migration: Swift and Secure Transition with Data2CRM CRM Data Migration: Swift and Secure Transition with Data2CRM
CRM Data Migration: Swift and Secure Transition with Data2CRM Data2CRM.Migration
 

More Related Content

Similar to Online Shopping Encryption Guide

Data Collection without Privacy Side Effects
Data Collection without Privacy Side EffectsData Collection without Privacy Side Effects
Data Collection without Privacy Side EffectsJosep M. Pujol
 
Spot On3 D P Pres General 2.0
Spot On3 D P Pres General 2.0Spot On3 D P Pres General 2.0
Spot On3 D P Pres General 2.0MikeBemis
 
CCNA R&S-17-Analyzing Subnet Masks
CCNA R&S-17-Analyzing Subnet MasksCCNA R&S-17-Analyzing Subnet Masks
CCNA R&S-17-Analyzing Subnet MasksAmir Jafari
 
Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...
Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...
Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...Shelley Reece
 
Fighting financial fraud at Danske Bank with artificial intelligence
Fighting financial fraud at Danske Bank with artificial intelligenceFighting financial fraud at Danske Bank with artificial intelligence
Fighting financial fraud at Danske Bank with artificial intelligenceRon Bodkin
 
Lessons Learned from Making Resilient Apps with Azure Mobile App Services
Lessons Learned from Making Resilient Apps with Azure Mobile App ServicesLessons Learned from Making Resilient Apps with Azure Mobile App Services
Lessons Learned from Making Resilient Apps with Azure Mobile App ServicesMatthew Soucoup
 
Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...
Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...
Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...Amazon Web Services
 
The Lima Consulting Group Digital Transformation Maturity Model Presented at ...
The Lima Consulting Group Digital Transformation Maturity Model Presented at ...The Lima Consulting Group Digital Transformation Maturity Model Presented at ...
The Lima Consulting Group Digital Transformation Maturity Model Presented at ...Lima Consulting Group
 
VRM + CRM and why individuals need their own X-wing vehicles
VRM + CRM and why individuals need their own X-wing vehiclesVRM + CRM and why individuals need their own X-wing vehicles
VRM + CRM and why individuals need their own X-wing vehiclesDoc Searls
 
2011 04 06_sugarcon1
2011 04 06_sugarcon12011 04 06_sugarcon1
2011 04 06_sugarcon1Doc Searls
 
2011 04 06_sugarcon1
2011 04 06_sugarcon12011 04 06_sugarcon1
2011 04 06_sugarcon1Doc Searls
 
Crypto-Currency - Strategic Review v3
Crypto-Currency - Strategic Review v3Crypto-Currency - Strategic Review v3
Crypto-Currency - Strategic Review v3Bryan Starbuck
 
Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?
Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?
Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?Tealium
 
Event email campaign takedown 18 x your results!
Event email campaign takedown 18 x your results!Event email campaign takedown 18 x your results!
Event email campaign takedown 18 x your results!AnastasiaVoytehina
 
Demystifying Smart Contracts
Demystifying Smart ContractsDemystifying Smart Contracts
Demystifying Smart ContractsBernard Peh
 
Case story CCV Belgium
Case story CCV BelgiumCase story CCV Belgium
Case story CCV BelgiumRealDolmenCRM
 
TXGX 2019_Colin_Account and Transaction Model in Klaytn
TXGX 2019_Colin_Account and Transaction Model in KlaytnTXGX 2019_Colin_Account and Transaction Model in Klaytn
TXGX 2019_Colin_Account and Transaction Model in KlaytnKlaytn
 
Legal IT Leaders Think Tank
Legal IT Leaders Think TankLegal IT Leaders Think Tank
Legal IT Leaders Think Tankdansimms
 
CRM Data Migration: Swift and Secure Transition with Data2CRM
CRM Data Migration: Swift and Secure Transition with Data2CRM CRM Data Migration: Swift and Secure Transition with Data2CRM
CRM Data Migration: Swift and Secure Transition with Data2CRM Data2CRM.Migration
 

Similar to Online Shopping Encryption Guide (20)

Marvin and Me
Marvin and MeMarvin and Me
Marvin and Me
 
Data Collection without Privacy Side Effects
Data Collection without Privacy Side EffectsData Collection without Privacy Side Effects
Data Collection without Privacy Side Effects
 
Spot On3 D P Pres General 2.0
Spot On3 D P Pres General 2.0Spot On3 D P Pres General 2.0
Spot On3 D P Pres General 2.0
 
CCNA R&S-17-Analyzing Subnet Masks
CCNA R&S-17-Analyzing Subnet MasksCCNA R&S-17-Analyzing Subnet Masks
CCNA R&S-17-Analyzing Subnet Masks
 
Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...
Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...
Building Better Products: Mixing Qualitative & Quantitative Data with Storybo...
 
Fighting financial fraud at Danske Bank with artificial intelligence
Fighting financial fraud at Danske Bank with artificial intelligenceFighting financial fraud at Danske Bank with artificial intelligence
Fighting financial fraud at Danske Bank with artificial intelligence
 
Lessons Learned from Making Resilient Apps with Azure Mobile App Services
Lessons Learned from Making Resilient Apps with Azure Mobile App ServicesLessons Learned from Making Resilient Apps with Azure Mobile App Services
Lessons Learned from Making Resilient Apps with Azure Mobile App Services
 
Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...
Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...
Financial Svcs: Mine Actionable Insights from Customer Interactions Using Mac...
 
The Lima Consulting Group Digital Transformation Maturity Model Presented at ...
The Lima Consulting Group Digital Transformation Maturity Model Presented at ...The Lima Consulting Group Digital Transformation Maturity Model Presented at ...
The Lima Consulting Group Digital Transformation Maturity Model Presented at ...
 
VRM + CRM and why individuals need their own X-wing vehicles
VRM + CRM and why individuals need their own X-wing vehiclesVRM + CRM and why individuals need their own X-wing vehicles
VRM + CRM and why individuals need their own X-wing vehicles
 
2011 04 06_sugarcon1
2011 04 06_sugarcon12011 04 06_sugarcon1
2011 04 06_sugarcon1
 
2011 04 06_sugarcon1
2011 04 06_sugarcon12011 04 06_sugarcon1
2011 04 06_sugarcon1
 
Crypto-Currency - Strategic Review v3
Crypto-Currency - Strategic Review v3Crypto-Currency - Strategic Review v3
Crypto-Currency - Strategic Review v3
 
Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?
Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?
Third-Party Cookie Loss Masterclass 2: Dude, What About My DMP?
 
Event email campaign takedown 18 x your results!
Event email campaign takedown 18 x your results!Event email campaign takedown 18 x your results!
Event email campaign takedown 18 x your results!
 
Demystifying Smart Contracts
Demystifying Smart ContractsDemystifying Smart Contracts
Demystifying Smart Contracts
 
Case story CCV Belgium
Case story CCV BelgiumCase story CCV Belgium
Case story CCV Belgium
 
TXGX 2019_Colin_Account and Transaction Model in Klaytn
TXGX 2019_Colin_Account and Transaction Model in KlaytnTXGX 2019_Colin_Account and Transaction Model in Klaytn
TXGX 2019_Colin_Account and Transaction Model in Klaytn
 
Legal IT Leaders Think Tank
Legal IT Leaders Think TankLegal IT Leaders Think Tank
Legal IT Leaders Think Tank
 
CRM Data Migration: Swift and Secure Transition with Data2CRM
CRM Data Migration: Swift and Secure Transition with Data2CRM CRM Data Migration: Swift and Secure Transition with Data2CRM
CRM Data Migration: Swift and Secure Transition with Data2CRM
 

Online Shopping Encryption Guide

  • 1. BUSINESS CONSULTANTS DEEP TECHNOLOGISTS Encryption and Why You Can Buy Things Online KTS by Casey Husseman 1
  • 2. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Overview of How Online Shopping Works  Where Does Your Credit Card Number Go?  Encryption  Definition  Example (Caesar Cipher)  Intro to Modular Arithmetic  Encryption in Computers Today  Public Key  RSA  Digital Signatures  Problems with Encryption  The Future  Quantum Computers Outline 2
  • 3. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Go to Amazon.com Add item to your cart Send your credit card to Amazon Amazon charges you for purchase Amazon sends you your item Overview of How Online Shopping Works 3
  • 4. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Go to Amazon.com Add item to your cart Send your credit card to Amazon Amazon charges you for purchase Amazon sends you your item Overview of How Online Shopping Works 4
  • 5. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Internet connections are not a straight shot from your laptop to the website  Information must jump from server to server on the internet  Some of these servers are privately owned and operated  What is stopping everyone who handles your data from stealing your credit card number? Where Does Your Credit Card Number Go? 5
  • 6. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Encryption is the translation of data into a secret code using a cipher. Encryption Definition 6
  • 7. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Encryption Example (Caesar Cipher) 7 Julius Caesar (100 BCE – 44 CE) famously used a “shift cipher” to communicate secret messages with his generals. He wrote the messages, then transposed each letter three positions backwards in the alphabet. WEST MONROE PARTNERS TBPQ JLKOLB MXOQKBOP
  • 8. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Modular Arithmetic 8 Numbers are congruent modulo m if their difference (a – b) is divisible by m. We can write this as a ≡ b mod m or a = b + k*m for some k. The goal is to find the congruent number smaller than m.
  • 9. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  For an example, think of clocks: Modular Arithmetic 9 Numbers are congruent modulo m if their difference (a – b) is divisible by m. We can write this as a ≡ b mod m or a = b + k*m for some k. The goal is to find the congruent number smaller than m.
  • 10. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  For an example, think of clocks: Modular Arithmetic 10 Numbers are congruent modulo m if their difference (a – b) is divisible by m. We can write this as a ≡ b mod m or a = b + k*m for some k. The goal is to find the congruent number smaller than m. 8:00 + 6:00 = 14:00 14:00 = 2:00 + 12:00 14:00 ≡ 2:00 mod 12:00
  • 11. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  For an example, think of clocks: Modular Arithmetic 11 Numbers are congruent modulo m if their difference (a – b) is divisible by m. We can write this as a ≡ b mod m or a = b + k*m for some k. The goal is to find the congruent number smaller than m. 8:00 + 6:00 = 14:00 14:00 = 2:00 + 12:00 14:00 ≡ 2:00 mod 12:00 8 + 6 = 14 14 = 2 + 1*12 14 ≡ 2 mod 12
  • 12. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Using mods sets limits  For clocks, you never write more than 12 hours  For words/messages, you never write more than the 26 letters  This lets encrypted messages be the same size as the original message Modular Arithmetic, Why Do We Care? 12
  • 13. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited. Messages are composed of 1’s and 0’s 1’s and 0’s are then encrypted (still in 1’s and 0’s) Message is decrypted by receiver How Computers Use Encryption 13  Computers send messages in binary “binary” = 01100010 01101001 01101110 01100001 01110010 01111001 011001000110111 100100000011011 100110111101110 100001000000111 001001100101011 000010110010000 001001110010001 101111001000000 110110100101111 011101000010000 010010001111001 010110000101101 011001000110111 100100000011011 100110111101110 100001000000111 001001100101011 000010110010000
  • 14. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  We can imagine long strings of binary as numbers  We can manipulate the numbers using math formulas (ciphers)  The encrypted numbers can be decrypted by the intended recipient Numbers Simplification 14 235921528402397 512339522023178 235921528402397 Encryption Cipher Decryption Cipher
  • 15. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Each user has a public and private key pair  The public key is used for encryption  The private key is used for decryption  Each user keeps their private key private, and makes their public key public Public Key Encryption 15 235921528402397 512339522023178 235921528402397 (Encryption) Public Key Used 287367198201 (Decryption) Private Key Used 832984805387
  • 16. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  First, Amazon decides on the parameter N (parameters are also public)  Amazon uses N to generates public key e and private key d  You take your message m and compute your encrypted message c by Encryption: c ≡ me mod N  You send Amazon your encrypted message c  Amazon uses its private key to reconstruct m by Decryption: m ≡ cd mod N  This process works because the private key d is the inverse of the public key e Math: m ≡ (me)d mod N RSA Encryption 16
  • 17. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Signatures are used to prove identity  Identity means you have the private key for an associated public key  For each user’s public and private key pair,  The private key is used for signing  The public key is used for authentication Digital Signatures Using Public Key 17 235921528402397 432539121127771 235921528402397 (Signing) Private Key Used 832984805387 (Authentication) Public Key Used 287367198201
  • 18. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Like encryption, Amazon decides on the parameter N and uses N to generates public key e and private key d  Amazon takes the message to be signed m and computes the signature s by Signing: s ≡ md mod N  Amazon sends m and s together  You then use Amazon’s public key to construct m’ by Authentication: m’ ≡ se mod N  If m’ is congruent to m, then s must have been generated by Amazon’s private key Math: m’ ≡ (md)e ≡ m mod N Digital Signatures with RSA 18
  • 19. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Public key encryption is based on assumption that underlying math is “hard”  Hard means it will take millions of years to break with the most sophisticated algorithms  RSA relies on the Discrete Log Problem  For large numbers g, h, p (upward of 100 digits), this is currently sufficiently hard  The ciphers in RSA (both the encryption and decryption) are considered one-way functions Problems with Public Key Encryption 19 The Discrete Log Problem is to determine integer x given g, h, and p where gx ≡ h mod p.
  • 20. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  A quantum computer uses phenomena such as superposition and quantum entanglement to perform calculations at incredible speeds  There exist quantum algorithms (Shor’s algorithm) can break the Discrete Log Problem  Quantum computers will be the end of public key encryption  Early versions are in (limited) operation right now! Quantum Computers 20
  • 21. © 2015 West Monroe Partners | Reproduction and distribution without West Monroe Partners prior consent is prohibited.  Lattice cryptography is one promising alternative  Lattices use real numbers (not integers) and linear combinations with modular arithmetic  There do not (presently) exist quantum algorithms for solving lattice problems  Eventually, we must move away from using “one-way” functions for encryption  The coolest part: These discussions are happening RIGHT NOW! The Future 21

Editor's Notes

  1. “Is it safe to send your credit card number across the internet?”
  2. Cipher is the type of transformation
  3. Explain the upper limit of 26 letters.
  4. WHY DO WE CARE
  5. WHY DO WE CARE
  6. WHY DO WE CARE
  7. WHY DO WE CARE
  8. Messages are the same size when the encryption process is applied
  9. These are 2 different ciphers
  10. Public key is available to everyone, like a universal ID Flow is left to right This uses AMAZON’S KEY PAIR Remember, 2 different ciphers
  11. Published in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman Generally 1-4k bit 2^1000 = 1.071509e+301
  12. Flow is left to right This uses AMAZON’S KEY PAIR
  13. The DLP is the reverse of our cipher functions There exists FAST algorithms for one-direction of the function
  14. Highlight how public key is available to everyone, like a universal ID