Cryptography Simplified – Symmetric Key, Public
Key, Digital Signature, CA, SSL, SET
M. Faisal Naqvi
Research Consultant (...
Obstacle in growth of E-Commerce
Why most people don’t use E-Commerce?
• Lack of trust
• Fraudulent Merchants
• Hacking/Cr...
Technical Requirements of User of E-Commerce
• Confidentiality :- Privacy from third person
• Integrity:- Change in messag...
How Requirements can be Fulfilled?
• Cryptography i.e.
– Encryption (Encoding)
– Decryption (Decoding)
CALL ME
Plain Text
...
Main Cryptographic Techniques
1. Secret Key Cryptography
2. Public Key Cryptography
a) For Confidentiality
b) For Authenti...
1. Secret Key Cryptography
• Also called Symmetric Key Cryptography
• Only one key is used for encryption as well as for
d...
2. Public Key Cryptography
• Also called Asymmetric Key Cryptography
• For each party there is a Key pair i.e.:
1. Private...
2. Public Key Cryptography (Cont...)
• Public Key Cryptography can be used in two ways:
a) Encryption with Pub. Key & Decr...
2. Public Key Cryptography (Cont...)
For Confidentiality
• Sender Encrypts the Message with the Public Key of the
Recipien...
2. Public Key Cryptography (Cont...)
For Authenticity & Integrity of Message
• The Sender Encrypts the Message, with his o...
Achieving Authenticity, Integrity and Confidentiality
simultaneously...
Cipher
Digital Sign
1. Sender’s
Pvt.
Sender
2. Rec...
Achieving Authenticity, Integrity and Confidentiality
simultaneously (Cont…)
1. The Sender Encrypts the Message, with his ...
Need of a Certification Authority (CA)
Issues
• How someone can Publish his Public Key?
• How someone can verify that a Pu...
What CA publish about a Digital Certificate ?
Ibrar
Ahmad
How CA Works?
CA :
• accepts Application to issue Digital Certificate
• verifies Identity of Subscriber
• verifies that su...
What is Public Key Infrastructure (PKI)?
• PKI includes:
– Sender(s)
– Recipient(s)
– and CA(s)
• By using Cryptography to...
Importance of PKI
PKI:
• Provides secure and trusted e-communication
environment.
• Is inevitable for e-commerce, e-busine...
Use of PKI in E-Commerce
Some Protocols based on PKI:
• Secure Socket Layer (SSL)
• Secure Electronic Transaction (SET)
Secure Socket Layer (SSL)
• Most commonly used (e.g. Hotmail, Yahoo)
• Simplest
• only confidentiality and integrity is ac...
Secure Socket Layer Process
Server
Client
2. Server’s Public Key
1. Client Generate Secret Key
3. Secret Key encrypted wit...
Secure Electronic Transaction (SET)
• Most Comprehensive
• Confidentiality, Integrity, Authenticity,
Non Repudiation and A...
SET Protocol Process
• OI = Order Information (Products/Services)
• PI = Payment Information (Credit Card etc.)
• C = Cust...
SET Protocol Process (Cont…)
Customer
Bank
Merchant
1. MPb[CPv{MPb(OI)+BPb(PI)}]
2. BPb[MPv[CPv{MPb(OI)+BPb(PI)}]]
?
Thank
You
Upcoming SlideShare
Loading in …5
×

Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, CA, SSL, SET

3,603 views

Published on

Presented at Seminar at Bahria University June 2007
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, Certification Authority, Secure Socket Layer (SSL), Secure Electronic Transaction (SET)

Published in: Technology, Education
2 Comments
5 Likes
Statistics
Notes
No Downloads
Views
Total views
3,603
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
282
Comments
2
Likes
5
Embeds 0
No embeds

No notes for slide
  • To make understanding simple, concept of digital envelop and hash is intentionally omitted.
  • Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, CA, SSL, SET

    1. 1. Cryptography Simplified – Symmetric Key, Public Key, Digital Signature, CA, SSL, SET M. Faisal Naqvi Research Consultant (Technical), ECAC
    2. 2. Obstacle in growth of E-Commerce Why most people don’t use E-Commerce? • Lack of trust • Fraudulent Merchants • Hacking/Cracking • Credit Card Information Theft • Privacy issues
    3. 3. Technical Requirements of User of E-Commerce • Confidentiality :- Privacy from third person • Integrity:- Change in message during transit should be detected • Authenticity:- Identity of sender should be detected • Non-repudiation:- Denial of sender should not be possible • Anonymity:- Info. of Customer & Transaction should be confidential from dealing party. • Availability
    4. 4. How Requirements can be Fulfilled? • Cryptography i.e. – Encryption (Encoding) – Decryption (Decoding) CALL ME Plain Text E DBMM NF Cipher Text D CALL ME Plain Text Alice Bob
    5. 5. Main Cryptographic Techniques 1. Secret Key Cryptography 2. Public Key Cryptography a) For Confidentiality b) For Authenticity & Integrity
    6. 6. 1. Secret Key Cryptography • Also called Symmetric Key Cryptography • Only one key is used for encryption as well as for decryption • e.g. Digital Encryption Standard (DES) CALL ME Plain Text E DBMM NF Cipher Text D CALL ME Plain Text Alice BobKey=1 Key=1
    7. 7. 2. Public Key Cryptography • Also called Asymmetric Key Cryptography • For each party there is a Key pair i.e.: 1. Private Key (known to owner only) 2. Public Key (Published, known to Everyone) • When we encrypt using Pub. Key it can only be decrypted using Pvt. Key and vice versa. • e.g. Rivest Shamir Adelman (RSA) Algorithm
    8. 8. 2. Public Key Cryptography (Cont...) • Public Key Cryptography can be used in two ways: a) Encryption with Pub. Key & Decryption with Pvt. Key (to achieve Confidentiality). b) Encryption with Pvt. Key & Decryption with Pub. Key (to achieve Authenticity and Integrity)
    9. 9. 2. Public Key Cryptography (Cont...) For Confidentiality • Sender Encrypts the Message with the Public Key of the Recipient • The Recipient Decrypts the Encrypted Message, with his own Private Key 10,000 Plain Text E 5,000 Cipher Text D 10,000 Plain Text Bob Bob’s Public Key=0.5 Bob’s Private Key=2Public
    10. 10. 2. Public Key Cryptography (Cont...) For Authenticity & Integrity of Message • The Sender Encrypts the Message, with his own Private Key. • The Recipient Decrypts the Encrypted Message with the Public Key of the Sender. 10,000 Plain Text E 20,000 Cipher Text D 10,000 Plain Text Bob Bob’s Private Key=2 Bob’s Public Key=0.5 Public
    11. 11. Achieving Authenticity, Integrity and Confidentiality simultaneously... Cipher Digital Sign 1. Sender’s Pvt. Sender 2. Recipient’s Pub. 3. Recipient’s Pvt. 4. Sender’s Pub. Doc. Digital Sign Doc. Recipient
    12. 12. Achieving Authenticity, Integrity and Confidentiality simultaneously (Cont…) 1. The Sender Encrypts the Message, with his own Pvt. Key. (for Authenticity and Integrity) 2. Then Sender Encrypts the result, with the Pub. Key of Recipient. (For confidentiality) 3. The Recipient decrypts the cipher, with his own Pvt. Key (to open confidentiality) 4. Then Recipient decrypts the result, with the Pub. Key of Sender (to Authenticate)
    13. 13. Need of a Certification Authority (CA) Issues • How someone can Publish his Public Key? • How someone can verify that a Public Key belongs to a particular Person? Solution • Public Key can be Published through a Third Party, Trusted by both Sender & Recipient. • This Trusted Third Party is called Certification Authority (CA) • CA verifies and certifies, by issuing a Digital Certificate, that a particular “Public Key” belongs to a “Particular Person” and publishes the same through Web.
    14. 14. What CA publish about a Digital Certificate ? Ibrar Ahmad
    15. 15. How CA Works? CA : • accepts Application to issue Digital Certificate • verifies Identity of Subscriber • verifies that subscriber has corresponding Pvt. key • generates Digital Certificate • publishes Digital Certificate of its subscriber on its web site so that anyone can download Digital Cert. of any other person from the CA’s web site • accepts Request to Revoke the Certificate • publishes Certificate Revocation List (CRL) so that anyone can check whether Cert. is Revoked
    16. 16. What is Public Key Infrastructure (PKI)? • PKI includes: – Sender(s) – Recipient(s) – and CA(s) • By using Cryptography to fulfill all requirements jointly or severally: – Confidentiality – Integrity – Authenticity – Non-repudiation – Reliability – Accountability – Anonymity
    17. 17. Importance of PKI PKI: • Provides secure and trusted e-communication environment. • Is inevitable for e-commerce, e-business & e- governance etc.
    18. 18. Use of PKI in E-Commerce Some Protocols based on PKI: • Secure Socket Layer (SSL) • Secure Electronic Transaction (SET)
    19. 19. Secure Socket Layer (SSL) • Most commonly used (e.g. Hotmail, Yahoo) • Simplest • only confidentiality and integrity is achieved • Authenticity is not the part of Protocol • Only server’s Digital Certificate is required • Not a payment protocol specifically • For any secure communication
    20. 20. Secure Socket Layer Process Server Client 2. Server’s Public Key 1. Client Generate Secret Key 3. Secret Key encrypted with Server’s Pub. Key 4. Server decrypts Secret Key using its Pvt. Key 5. Communicate securely using secret key
    21. 21. Secure Electronic Transaction (SET) • Most Comprehensive • Confidentiality, Integrity, Authenticity, Non Repudiation and Anonymity/Privacy can also be achieved • Comparatively Complex • Digital Certificates of Merchant, Bank and Customer is required • Specifically a Payment Protocol
    22. 22. SET Protocol Process • OI = Order Information (Products/Services) • PI = Payment Information (Credit Card etc.) • C = Customer • M = Merchant • B = Bank • Pb = Public • Pv = Private
    23. 23. SET Protocol Process (Cont…) Customer Bank Merchant 1. MPb[CPv{MPb(OI)+BPb(PI)}] 2. BPb[MPv[CPv{MPb(OI)+BPb(PI)}]]
    24. 24. ?
    25. 25. Thank You

    ×