Security in e-commerce Ahmad allahbakhshe
Introduction Security in e-commerce  subject new  Security in e-commerce such as threats, risks,… Imporatance subject  in Security e-commerce subject Inter network Security
Mechanisms Cryptography types Cryptography   Principles of encryption, the encryption two type Mechanisms Cryptography : Symmetric Cryptosystem Asymmetric Cryptosystem
Method Symmetric Method Symmetric  two type: Stream cipher Block cipher
Hash Functions Characteristics Given M, it is easy to compute h Given h, it is hard to compute M such that H(M)= h One-way characteristic Given M, it is hard to find another message , M`, such that H(M)=H(M`) Also called weak collision resistance It is hard to find two random messages, M and M` , such that H(M)=H(M`)
Hash Functions f f f Y 0   Y 1   Y m-1 IV=CV 0   CV 1   CV m-1 n  n  n b  b  b … n  n CV m =H(M)
MD5 Produces 128-bit hash codes The input is processed in 512-bit blocks Input message is padded to be an integer multiple of 448 (512-64) Padding is 1-bit followed by 0s Append a 64-bit representation of length of the input If input is greater than 2 64  only the low-order 64 bits of the length are used Initialise the MD buffer (128 bits) to a fixed value This buffer is used to hold intermediate and final results of the hash function (chaining variable) Process all m 512-bits blocks with H MD5  compression
Strength of MD5 Every bit of the hash code is a function of every bit in the input Brute force attack complexity is 2 128 Birthday attack complexity is 2 64 Considered cryptanalytically vulnerable
Encryption algorithms 1)DES  2) AES
History of DES IBM develops  Lucifer  for banking systems  (1970’s ) NIST and NSA evaluate and modify Lucifer  (1974) Modified Lucifer adopted as federal standard  (1976)  Name changed to Data Encryption Standard (DES) Defined in FIPS (46-3) and ANSI standard X9.32 NIST defines Triple DES (3DES)    (1999)  Single DES use deprecated  - only legacy systems. NIST approves Advanced Encryption Std. (AES)  (2001) AES which will replaces DES and 3DES.
DES Block length =  64 bits  (L,R of 32 bits each.) Key Length =  56 bits  (8 parity bits) 16 subkeys of 48 bits each are created for the 16 rounds
DES Block length is same as DES but use 3 DES steps. Key length =  168 bits   Uses a 56 bit key for each of the 3 DES stages Keys may be independent or related if k 1  = k 2  = k 3  3DES is compatible with DES.
AES The RSA Cryptosystem Proposed by Rivest, Shamir, and Adleman (1977) Used for encryption and signature schemes Based on the intractability of the integer factorization problem Key generation Let p, q be large prime, n=pq and   =(p-1)(q-1) Choose randomly e s.t. gcd(e,  )=1 Compute d    e -1  mod   Public-key: (e, n) Private-key: (d,n) RSA function: f(m)=m e  mod n
AES Key generation Let p, q be large prime, n=pq and   =(p-1)(q-1) Choose randomly e s.t. gcd(e,  )=1 Compute d    e -1  mod   Public-key: (e, n) Private-key: (d,n) RSA function: f(m)=m e  mod n
AES Encryption Decryption M E C KU a E KUa (M)= M e  (mod n) D KR a D KRa (C)= C d   (mod n) M n = pq d*e = 1 (mod ø(n)) Private key KRa = (d, n) Public key KUa = (e, n)
Public Key Here we go again!! Exchange key in person Verify the pubic key Via telephone  using the key’s fingerprint, which is considerably shorter Obtain public key through a trusted third party Person or authority
Types of attack Ciphertext-only attack The attacker only has a few ciphertexts to use Known-plaintext attack The attacker possesses a few ciphertexts and the relative plaintexts Chosen-plaintext attack Like in known-plaintext plus the attacker can choose the plaintext that gets encrypted (more powerful) Adaptive-chosen-plaintext attack Like in chosen-plaintext attack plus the attackers can modify the choice based on the results of previous encryption
Brute Force Attacks All cryptosystems can be broken with a ciphertext-only attack aka Brute Force Attack It doesn't apply to OTP Brute force attack Try all possible keys Try all possible plaintext (Dictionary attack for passwords) Complexity Complexity of the attack Data Complexity, Processing Complexity, Storage requirements
Firewalls A firewall is a barrier placed between the private network and the outside world. All incoming and outgoing traffic must pass through it. Types firewall : Router-Based Host Based
Secure Protocols SSL SET S/MIME TLS SSH And …
SSL Originally designed for TCP Assumes reliable delivery of packets Cannot run on UDP or IP Other SSL variants work over UDP Microsoft’s STLP WAP Forum’s WTLS
SSL Three purposes: Agree on a set of  algorithms  to be used in the communication Establish the key to be used with the above algorithms Optionally authenticate the client
SET Developed by Visa and MasterCard Designed to protect credit card transactions Confidentiality: all messages encrypted Trust: all parties must have digital certificates Privacy: information made available only when and where necessary
SET
S/MIME Uses encryption both symmetric and public key strategies Symmetric key is transmitted with the message Shared secret is encoded using public key of the recipient Uses digital signatures to protect against tampering and forgery
S/MIME Problems with RFC 822 Cannot send binaries and executables Limited to 7-bit ASCII Oversized emails could be rejected Encoding problems MIME introduces five new header fields Allows new content and multiple content Defines transfer encodings for message bodies
S/MIME Versions Version 2 widely implemented but limited 40-bit keys (the RC2 algorithm) RSA-patented symmetric algorithms Version 3 currently in IETF draft uses Diffie-Hellman instead of RSA technology support for strong encryption
TLS The TLS protocol comes from lessons learned by the SSL and PCT protocols Very similar to the SSL v3 protocol The TLS v1.0 protocol is described in RFC2246 The TLS protocol is composed by two layers: TLS record protocol TLS handshake protocol
TLS The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. Goals of TLS Cryptographic security  Interoperability Extensibility  Relative efficiency
SSH SSH provides secure replacements for  rsh, rlogin ,  rcp, ftp,  and  telnet,  all of which transmit data over the network as clear text The SSH protocol was developed in 1995 to address the various security issues associated with the "r-commands"  Developed by Tatu Ylönen, a researcher at the Helsinki University of Technology
SSH SSH protocol is based on a  client/server  architecture A user who wants to connect to a remote host will execute the ssh command (the client) on his local machine It will connect to the remote computer's ssh daemon (the server) There are two primary versions of the SSH protocol SSH-1 SSH-2
Payment Gatway Decrypt the digital license to obtain and decrypt the symmetric key block Verify the sign vendor Decrypt digital pay to obtain and decrypt the symmetric key block
IPSec—IP Security Provide encryption and integrity protection to IP packets (and authentication of two peers). AH (Authentication Header) An additional header, provides integrity protection ESP (Encapsulating Security Payload) Also an addition header, provides encryption and integrity protection IKE (Internet Key Exchange) Establishing session keys (used for AH & ESP) as well as authentication. Both AH and ESP are called IPSec Headers. Authentication: users and data.
Security Associations (SA) Provide encryption and integrity protection to IP packets (and authentication of two peers). AH (Authentication Header) An additional header, provides integrity protection ESP (Encapsulating Security Payload) Also an addition header, provides encryption and integrity protection IKE (Internet Key Exchange) Establishing session keys (used for AH & ESP) as well as authentication. Both AH and ESP are called IPSec Headers. Authentication: users and data.
IPSec mode usage Transport mode is used when IPSec is used end-to-end Tunnel mode is used between firewalls or endnode and firewall. (Example) Combination of multiple modes In tunnel mode, the original IP packet will be kept intact ( not really ?).
IKE phases Phase 1 Mutual authentication and establishes session keys (used in phase 2) by key exchange, called IKE SA How about authentication:  Pre-shared secret key  Public encryption key  Public signature key  Establishes session key Diffie-Hellman key exchange,  protected by above keys.
IKE phases Phase 2 Establish  multiple  session keys, such as ESP SA, AH SA, …
IKE phase 1—main mode Alice Bob Crypto suites I support Crypto suite I choose g a  mod p g b  mod p g ab  mod p{“Alice”, proof I am Alice} g ab  mod p{“Bob”, proof I am Bob}
IKE phase 2 Any party can initiate a quick mode exchange to set up an ESP SA or AH SA Negotiating crypto parameters Optionally doing a Diffie-Hellman exchange (if  perfect forward secrecy   is desired) Negotiating what traffic will be sent on the SA
Thank you

Moein

  • 1.
    Security in e-commerceAhmad allahbakhshe
  • 2.
    Introduction Security ine-commerce subject new Security in e-commerce such as threats, risks,… Imporatance subject in Security e-commerce subject Inter network Security
  • 3.
    Mechanisms Cryptography typesCryptography Principles of encryption, the encryption two type Mechanisms Cryptography : Symmetric Cryptosystem Asymmetric Cryptosystem
  • 4.
    Method Symmetric MethodSymmetric two type: Stream cipher Block cipher
  • 5.
    Hash Functions CharacteristicsGiven M, it is easy to compute h Given h, it is hard to compute M such that H(M)= h One-way characteristic Given M, it is hard to find another message , M`, such that H(M)=H(M`) Also called weak collision resistance It is hard to find two random messages, M and M` , such that H(M)=H(M`)
  • 6.
    Hash Functions ff f Y 0 Y 1 Y m-1 IV=CV 0 CV 1 CV m-1 n n n b b b … n n CV m =H(M)
  • 7.
    MD5 Produces 128-bithash codes The input is processed in 512-bit blocks Input message is padded to be an integer multiple of 448 (512-64) Padding is 1-bit followed by 0s Append a 64-bit representation of length of the input If input is greater than 2 64 only the low-order 64 bits of the length are used Initialise the MD buffer (128 bits) to a fixed value This buffer is used to hold intermediate and final results of the hash function (chaining variable) Process all m 512-bits blocks with H MD5 compression
  • 8.
    Strength of MD5Every bit of the hash code is a function of every bit in the input Brute force attack complexity is 2 128 Birthday attack complexity is 2 64 Considered cryptanalytically vulnerable
  • 9.
  • 10.
    History of DESIBM develops Lucifer for banking systems (1970’s ) NIST and NSA evaluate and modify Lucifer (1974) Modified Lucifer adopted as federal standard (1976) Name changed to Data Encryption Standard (DES) Defined in FIPS (46-3) and ANSI standard X9.32 NIST defines Triple DES (3DES) (1999) Single DES use deprecated - only legacy systems. NIST approves Advanced Encryption Std. (AES) (2001) AES which will replaces DES and 3DES.
  • 11.
    DES Block length= 64 bits (L,R of 32 bits each.) Key Length = 56 bits (8 parity bits) 16 subkeys of 48 bits each are created for the 16 rounds
  • 12.
    DES Block lengthis same as DES but use 3 DES steps. Key length = 168 bits Uses a 56 bit key for each of the 3 DES stages Keys may be independent or related if k 1 = k 2 = k 3 3DES is compatible with DES.
  • 13.
    AES The RSACryptosystem Proposed by Rivest, Shamir, and Adleman (1977) Used for encryption and signature schemes Based on the intractability of the integer factorization problem Key generation Let p, q be large prime, n=pq and  =(p-1)(q-1) Choose randomly e s.t. gcd(e,  )=1 Compute d  e -1 mod  Public-key: (e, n) Private-key: (d,n) RSA function: f(m)=m e mod n
  • 14.
    AES Key generationLet p, q be large prime, n=pq and  =(p-1)(q-1) Choose randomly e s.t. gcd(e,  )=1 Compute d  e -1 mod  Public-key: (e, n) Private-key: (d,n) RSA function: f(m)=m e mod n
  • 15.
    AES Encryption DecryptionM E C KU a E KUa (M)= M e (mod n) D KR a D KRa (C)= C d (mod n) M n = pq d*e = 1 (mod ø(n)) Private key KRa = (d, n) Public key KUa = (e, n)
  • 16.
    Public Key Herewe go again!! Exchange key in person Verify the pubic key Via telephone using the key’s fingerprint, which is considerably shorter Obtain public key through a trusted third party Person or authority
  • 17.
    Types of attackCiphertext-only attack The attacker only has a few ciphertexts to use Known-plaintext attack The attacker possesses a few ciphertexts and the relative plaintexts Chosen-plaintext attack Like in known-plaintext plus the attacker can choose the plaintext that gets encrypted (more powerful) Adaptive-chosen-plaintext attack Like in chosen-plaintext attack plus the attackers can modify the choice based on the results of previous encryption
  • 18.
    Brute Force AttacksAll cryptosystems can be broken with a ciphertext-only attack aka Brute Force Attack It doesn't apply to OTP Brute force attack Try all possible keys Try all possible plaintext (Dictionary attack for passwords) Complexity Complexity of the attack Data Complexity, Processing Complexity, Storage requirements
  • 19.
    Firewalls A firewallis a barrier placed between the private network and the outside world. All incoming and outgoing traffic must pass through it. Types firewall : Router-Based Host Based
  • 20.
    Secure Protocols SSLSET S/MIME TLS SSH And …
  • 21.
    SSL Originally designedfor TCP Assumes reliable delivery of packets Cannot run on UDP or IP Other SSL variants work over UDP Microsoft’s STLP WAP Forum’s WTLS
  • 22.
    SSL Three purposes:Agree on a set of algorithms to be used in the communication Establish the key to be used with the above algorithms Optionally authenticate the client
  • 23.
    SET Developed byVisa and MasterCard Designed to protect credit card transactions Confidentiality: all messages encrypted Trust: all parties must have digital certificates Privacy: information made available only when and where necessary
  • 24.
  • 25.
    S/MIME Uses encryptionboth symmetric and public key strategies Symmetric key is transmitted with the message Shared secret is encoded using public key of the recipient Uses digital signatures to protect against tampering and forgery
  • 26.
    S/MIME Problems withRFC 822 Cannot send binaries and executables Limited to 7-bit ASCII Oversized emails could be rejected Encoding problems MIME introduces five new header fields Allows new content and multiple content Defines transfer encodings for message bodies
  • 27.
    S/MIME Versions Version2 widely implemented but limited 40-bit keys (the RC2 algorithm) RSA-patented symmetric algorithms Version 3 currently in IETF draft uses Diffie-Hellman instead of RSA technology support for strong encryption
  • 28.
    TLS The TLSprotocol comes from lessons learned by the SSL and PCT protocols Very similar to the SSL v3 protocol The TLS v1.0 protocol is described in RFC2246 The TLS protocol is composed by two layers: TLS record protocol TLS handshake protocol
  • 29.
    TLS The primarygoal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. Goals of TLS Cryptographic security Interoperability Extensibility Relative efficiency
  • 30.
    SSH SSH providessecure replacements for rsh, rlogin , rcp, ftp, and telnet, all of which transmit data over the network as clear text The SSH protocol was developed in 1995 to address the various security issues associated with the "r-commands" Developed by Tatu Ylönen, a researcher at the Helsinki University of Technology
  • 31.
    SSH SSH protocolis based on a client/server architecture A user who wants to connect to a remote host will execute the ssh command (the client) on his local machine It will connect to the remote computer's ssh daemon (the server) There are two primary versions of the SSH protocol SSH-1 SSH-2
  • 32.
    Payment Gatway Decryptthe digital license to obtain and decrypt the symmetric key block Verify the sign vendor Decrypt digital pay to obtain and decrypt the symmetric key block
  • 33.
    IPSec—IP Security Provideencryption and integrity protection to IP packets (and authentication of two peers). AH (Authentication Header) An additional header, provides integrity protection ESP (Encapsulating Security Payload) Also an addition header, provides encryption and integrity protection IKE (Internet Key Exchange) Establishing session keys (used for AH & ESP) as well as authentication. Both AH and ESP are called IPSec Headers. Authentication: users and data.
  • 34.
    Security Associations (SA)Provide encryption and integrity protection to IP packets (and authentication of two peers). AH (Authentication Header) An additional header, provides integrity protection ESP (Encapsulating Security Payload) Also an addition header, provides encryption and integrity protection IKE (Internet Key Exchange) Establishing session keys (used for AH & ESP) as well as authentication. Both AH and ESP are called IPSec Headers. Authentication: users and data.
  • 35.
    IPSec mode usageTransport mode is used when IPSec is used end-to-end Tunnel mode is used between firewalls or endnode and firewall. (Example) Combination of multiple modes In tunnel mode, the original IP packet will be kept intact ( not really ?).
  • 36.
    IKE phases Phase1 Mutual authentication and establishes session keys (used in phase 2) by key exchange, called IKE SA How about authentication: Pre-shared secret key Public encryption key Public signature key Establishes session key Diffie-Hellman key exchange, protected by above keys.
  • 37.
    IKE phases Phase2 Establish multiple session keys, such as ESP SA, AH SA, …
  • 38.
    IKE phase 1—mainmode Alice Bob Crypto suites I support Crypto suite I choose g a mod p g b mod p g ab mod p{“Alice”, proof I am Alice} g ab mod p{“Bob”, proof I am Bob}
  • 39.
    IKE phase 2Any party can initiate a quick mode exchange to set up an ESP SA or AH SA Negotiating crypto parameters Optionally doing a Diffie-Hellman exchange (if perfect forward secrecy is desired) Negotiating what traffic will be sent on the SA
  • 40.