Successfully reported this slideshow.
Your SlideShare is downloading. ×


Upcoming SlideShare
Ep22 berg
Ep22 berg
Loading in …3

Check these out next

1 of 51 Ad

More Related Content

Recently uploaded (20)



  1. 1. 1 Public Key Infrastructure
  2. 2. Traditional Commerce Electronic Commerce Type of Commerce 2
  3. 3. Traditional Commerce In the traditional way; The fact that a document is written, original, and sealed is the reason for its validity. The parties negotiate and sign documents phisically. 3
  4. 4. E-commerce means sharing information, maintaining commercial communications, and conducting commercial exchanges through communication networks. One of the important infrastructures of e-commerce is creating a safe space for exchanging commercial data in the cyber environment. E-commerce models are:  G2G  G2C  G2B  B2B  C2C  B2C 4 Electronic Commerce
  5. 5. Security Attacks Security Services Security Mechanism Requirements 5 Safe Commerce Requirements
  6. 6. (Security Attacks) Interruption Interception Modification Fabrication 6 Security Attacks
  7. 7. Destination Source 7 Secure Data Transfer
  8. 8. Source Destination Interruption 8
  9. 9. Source Destination Third system Interception 9
  10. 10. Modification 10 Source Destination Third system
  11. 11. Fabrication 11 Third system Source Destination
  12. 12. (Authentication) (Integrity) (Non-Repudiation) (Confidentiality) (Security Services) 12 Security Services
  13. 13. encryption authentication auditing authorization (Security Mechanism) 13 Security Mechanisms
  14. 14.  Privacy  Authentication  Integrity  None Repudiation P.A.I.N. 14 E-commerce Security
  15. 15. 15 Cryptography
  16. 16.  Cryptography is a science that encrypts data using mathematics and can return it to its normal state again.  This science realizes the possibility of storing information as well as transferring information on an insecure medium.  Encryption is done using mathematical algorithms.  In a system, the message is encrypted at the source. After that, the encrypted message is transferred to the receiver and there it is decoded to get the original message. 16 Cryptography
  17. 17. Cryptographical Algorithms (Symmetric) (Asymmetric) (Hash) 17 Cryptographical Algorithms
  18. 18. Symmetric Algorithms  In secret key encryption, which is known as symmetric encryption, a key is used to encrypt and decrypt the message. Therefore, the sender and receiver of the message must have a common secret, which is the key.  Des. Triple Des and AES are the famous ones, it have so many usages in financial systems for Credit card PINs and Telecommunications systems. 18
  19. 19.  It is used to encrypt a large amount of information.  when used together with a Digital certificate; It keeps information confidential.  when used with an electronic signature; It guarantees the integrity of the message. 19 Symmetric algorithms Usages
  20. 20. 20 Symmetric algorithms
  21. 21. Symmetric keys must be distributed through a secure channel and must be changed periodically. Example: n*(n-1)/2 Parties Needed Keys 4 6 6 15 12 66 1000 499500 21 Key Managment
  22. 22.  Pros  High-Speed encryption and decryption  Fast key generation  Cons  Multiplicity of keys for members of each relationship  Distributing the key between the communication parties  Usages  Encrypting a large amount of information when stored on an insecure medium  Data encryption when transmitted over insecure media 22 Symmetric algorithms
  23. 23. Asymmetric Algorithms This method uses two keys. One key is for encryption and another is for decryption.  Two keys are mathematically related in such a way that the data encrypted with each one can be decrypted with the other.  Each user has two keys : Public Key and Private Key. 23
  24. 24. 24 Asymmetric Algorithms
  25. 25. 25 Asymmetric Algorithms
  26. 26.  Prons  No need to distribute and send private keys  Cons  Low speed in high data volume  The complexity of key generation  Usages  In electronic signature technology 26 Asymmetric algorithms Translation results In electronic signature technology Translation results In electronic signature technology
  27. 27.  To encrypt the data for each participating party, only the public key of that participant is needed, as a result, only the confirmation of the public key of the participants is required.  The most important features of the asymmetric technique are non-repudiation, electronic signature, and confirmation of the correct data source. 27 Asymmetric algorithms
  28. 28. Hash algorithms, unlike the two mentioned algorithms, do not use keys and perform one-way encryption on information. The performance of these functions on the data is such that by applying a Hash function on a text, an abstract or digest of the text is obtained. 28 Hash Algorithms
  29. 29. Input Output Digest 29 Hash Algorithms
  30. 30.  Hash is a process that mathematically reduces the volume of a stream of data to a fixed length. (usually 128 or 160 bits)  The hash function is similar to a person's fingerprint. . 30 Hash Algorithms
  31. 31. Input Output Digest 31 Hash Algorithms
  32. 32. • It is not possible to deduce the input from the output. • It is not possible to find two inputs that produce the same output. 32 Hash Algorithms
  33. 33.  Pros • No need to generate and send a key • High Speed  Cons • Guarantee the integrity of the message 33 Hash Algorithms
  34. 34. 34 Digital Signature
  35. 35. ‫تعريف‬ •Digital Signature – It is not like a handwritten signature. – It is always different. – It is based on encryption. •Manual Signature –It almost always looks the same. –It can be faked. 35 Digital Signature
  36. 36. Message Hash Function Message Digest hash algorithm Message Digital Signature Digital Signature Sender Private Key Encrypted Digest 160 bit Value 36 Digital Signature
  37. 37. 37 Digital Signature verification
  38. 38. 38 Digital Signature
  39. 39. Alice BOB Alice PVK Packet BOB PBK BOB PVK P Random Key Random Key ALICE PBK ‫؟‬ 39 Digital Signature & Confidentiality
  40. 40. Alice Packet BOB PBK BILL PBK TOM PBK BOB PVK BILL PVK TOM PVK 40 Sending for multiple recipients
  41. 41.  It is issued and signed by a trusted entity.  It is based on the identity confirmation made by a center.  It contains a set of information and the public key of a person or organization.  Its use is recorded in the certificate.  It has a specific and limited validity period. Digital Certificate
  42. 42.  There are centers that are responsible for issuing, protecting, publishing, and revoking digital certificates.  The public keys of these companies are located in Internet browsers by default.  Verification of people's identity is done hierarchically:  Root Certificate Authority Root CA • Sub CA • Registration Authority RA Certification Authority
  43. 43. RA RA RA RA RA Certificate request Root CA CRL Valid Intermediate CA Intermediate CA CA & RA
  44. 44. CA Responsibilities  Certificate Generation  Certificate Issuance  Certificate Relocation  Certificate Renewal  Database management  Compilation of security policies
  45. 45. RA Signature Owner CA Certificate Request
  46. 46. Private Key Location
  47. 47. X.509 Standard 47
  48. 48. Certificate Life Cycle 48 CA RA End Entity Directory Services Verification of Applicant Certificate Archiving Certificate Expiration Certificate Revocation Certificate Publication Certificate Generation
  49. 49. 49 GSMA Certificate Chain
  50. 50. 50 Hardware Security Module  Hardware security modules (HSM) perform cryptographic operations, protected by hardware (PCI boards, SCSI boxes, smart cards, etc.)  These operations include:  Random number generation  Key generation (asymmetric and symmetric)  Private key hiding (security) from attack (no unencrypted private keys in software or memory)  Private keys used for signing and decryption  Private keys used in PKI for storing Root Keys
  51. 51. 51 Why HSM?  A number of public key operations require the use of private keys as part of various processes:  Cryptographically or digitally signing an object, a file, etc.  Decrypting an encrypted object or file  These processes happen in active memory, which is vulnerable to attack and copying of a private key in open use, unencrypted