The document discusses various topics related to security in e-commerce including cryptography mechanisms like symmetric and asymmetric encryption, hashing functions, and encryption algorithms like DES, AES, and RSA. It also covers security protocols like SSL/TLS, SET, S/MIME, and SSH. IPSec and its components AH, ESP and IKE are explained. The IKE phases including phase 1 for mutual authentication and phase 2 for establishing session keys are summarized.

1. Security in e-commerce Ahmad allahbakhshe

2. Introduction Security in e-commerce subject new Security in e-commerce such as threats, risks,… Imporatance subject in Security e-commerce subject Inter network Security

3. Mechanisms Cryptography types Cryptography Principles of encryption, the encryption two type Mechanisms Cryptography : Symmetric Cryptosystem Asymmetric Cryptosystem

4. Method Symmetric Method Symmetric two type: Stream cipher Block cipher

5. Hash Functions Characteristics Given M, it is easy to compute h Given h, it is hard to compute M such that H(M)= h One-way characteristic Given M, it is hard to find another message , M`, such that H(M)=H(M`) Also called weak collision resistance It is hard to find two random messages, M and M` , such that H(M)=H(M`)

6. Hash Functions f f f Y 0 Y 1 Y m-1 IV=CV 0 CV 1 CV m-1 n n n b b b … n n CV m =H(M)

7. MD5 Produces 128-bit hash codes The input is processed in 512-bit blocks Input message is padded to be an integer multiple of 448 (512-64) Padding is 1-bit followed by 0s Append a 64-bit representation of length of the input If input is greater than 2 64 only the low-order 64 bits of the length are used Initialise the MD buffer (128 bits) to a fixed value This buffer is used to hold intermediate and final results of the hash function (chaining variable) Process all m 512-bits blocks with H MD5 compression

8. Strength of MD5 Every bit of the hash code is a function of every bit in the input Brute force attack complexity is 2 128 Birthday attack complexity is 2 64 Considered cryptanalytically vulnerable

9. Encryption algorithms 1)DES 2) AES

10. History of DES IBM develops Lucifer for banking systems (1970’s ) NIST and NSA evaluate and modify Lucifer (1974) Modified Lucifer adopted as federal standard (1976) Name changed to Data Encryption Standard (DES) Defined in FIPS (46-3) and ANSI standard X9.32 NIST defines Triple DES (3DES) (1999) Single DES use deprecated - only legacy systems. NIST approves Advanced Encryption Std. (AES) (2001) AES which will replaces DES and 3DES.

11. DES Block length = 64 bits (L,R of 32 bits each.) Key Length = 56 bits (8 parity bits) 16 subkeys of 48 bits each are created for the 16 rounds

12. DES Block length is same as DES but use 3 DES steps. Key length = 168 bits Uses a 56 bit key for each of the 3 DES stages Keys may be independent or related if k 1 = k 2 = k 3 3DES is compatible with DES.

13. AES The RSA Cryptosystem Proposed by Rivest, Shamir, and Adleman (1977) Used for encryption and signature schemes Based on the intractability of the integer factorization problem Key generation Let p, q be large prime, n=pq and  =(p-1)(q-1) Choose randomly e s.t. gcd(e,  )=1 Compute d  e -1 mod  Public-key: (e, n) Private-key: (d,n) RSA function: f(m)=m e mod n

14. AES Key generation Let p, q be large prime, n=pq and  =(p-1)(q-1) Choose randomly e s.t. gcd(e,  )=1 Compute d  e -1 mod  Public-key: (e, n) Private-key: (d,n) RSA function: f(m)=m e mod n

15. AES Encryption Decryption M E C KU a E KUa (M)= M e (mod n) D KR a D KRa (C)= C d (mod n) M n = pq d*e = 1 (mod ø(n)) Private key KRa = (d, n) Public key KUa = (e, n)

16. Public Key Here we go again!! Exchange key in person Verify the pubic key Via telephone using the key’s fingerprint, which is considerably shorter Obtain public key through a trusted third party Person or authority

17. Types of attack Ciphertext-only attack The attacker only has a few ciphertexts to use Known-plaintext attack The attacker possesses a few ciphertexts and the relative plaintexts Chosen-plaintext attack Like in known-plaintext plus the attacker can choose the plaintext that gets encrypted (more powerful) Adaptive-chosen-plaintext attack Like in chosen-plaintext attack plus the attackers can modify the choice based on the results of previous encryption

18. Brute Force Attacks All cryptosystems can be broken with a ciphertext-only attack aka Brute Force Attack It doesn't apply to OTP Brute force attack Try all possible keys Try all possible plaintext (Dictionary attack for passwords) Complexity Complexity of the attack Data Complexity, Processing Complexity, Storage requirements

19. Firewalls A firewall is a barrier placed between the private network and the outside world. All incoming and outgoing traffic must pass through it. Types firewall : Router-Based Host Based

20. Secure Protocols SSL SET S/MIME TLS SSH And …

21. SSL Originally designed for TCP Assumes reliable delivery of packets Cannot run on UDP or IP Other SSL variants work over UDP Microsoft’s STLP WAP Forum’s WTLS

22. SSL Three purposes: Agree on a set of algorithms to be used in the communication Establish the key to be used with the above algorithms Optionally authenticate the client

23. SET Developed by Visa and MasterCard Designed to protect credit card transactions Confidentiality: all messages encrypted Trust: all parties must have digital certificates Privacy: information made available only when and where necessary

24. SET

25. S/MIME Uses encryption both symmetric and public key strategies Symmetric key is transmitted with the message Shared secret is encoded using public key of the recipient Uses digital signatures to protect against tampering and forgery

26. S/MIME Problems with RFC 822 Cannot send binaries and executables Limited to 7-bit ASCII Oversized emails could be rejected Encoding problems MIME introduces five new header fields Allows new content and multiple content Defines transfer encodings for message bodies

27. S/MIME Versions Version 2 widely implemented but limited 40-bit keys (the RC2 algorithm) RSA-patented symmetric algorithms Version 3 currently in IETF draft uses Diffie-Hellman instead of RSA technology support for strong encryption

28. TLS The TLS protocol comes from lessons learned by the SSL and PCT protocols Very similar to the SSL v3 protocol The TLS v1.0 protocol is described in RFC2246 The TLS protocol is composed by two layers: TLS record protocol TLS handshake protocol

29. TLS The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. Goals of TLS Cryptographic security Interoperability Extensibility Relative efficiency

30. SSH SSH provides secure replacements for rsh, rlogin , rcp, ftp, and telnet, all of which transmit data over the network as clear text The SSH protocol was developed in 1995 to address the various security issues associated with the "r-commands" Developed by Tatu Ylönen, a researcher at the Helsinki University of Technology

31. SSH SSH protocol is based on a client/server architecture A user who wants to connect to a remote host will execute the ssh command (the client) on his local machine It will connect to the remote computer's ssh daemon (the server) There are two primary versions of the SSH protocol SSH-1 SSH-2

32. Payment Gatway Decrypt the digital license to obtain and decrypt the symmetric key block Verify the sign vendor Decrypt digital pay to obtain and decrypt the symmetric key block

33. IPSec—IP Security Provide encryption and integrity protection to IP packets (and authentication of two peers). AH (Authentication Header) An additional header, provides integrity protection ESP (Encapsulating Security Payload) Also an addition header, provides encryption and integrity protection IKE (Internet Key Exchange) Establishing session keys (used for AH & ESP) as well as authentication. Both AH and ESP are called IPSec Headers. Authentication: users and data.

34. Security Associations (SA) Provide encryption and integrity protection to IP packets (and authentication of two peers). AH (Authentication Header) An additional header, provides integrity protection ESP (Encapsulating Security Payload) Also an addition header, provides encryption and integrity protection IKE (Internet Key Exchange) Establishing session keys (used for AH & ESP) as well as authentication. Both AH and ESP are called IPSec Headers. Authentication: users and data.

35. IPSec mode usage Transport mode is used when IPSec is used end-to-end Tunnel mode is used between firewalls or endnode and firewall. (Example) Combination of multiple modes In tunnel mode, the original IP packet will be kept intact ( not really ?).

36. IKE phases Phase 1 Mutual authentication and establishes session keys (used in phase 2) by key exchange, called IKE SA How about authentication: Pre-shared secret key Public encryption key Public signature key Establishes session key Diffie-Hellman key exchange, protected by above keys.

37. IKE phases Phase 2 Establish multiple session keys, such as ESP SA, AH SA, …

38. IKE phase 1—main mode Alice Bob Crypto suites I support Crypto suite I choose g a mod p g b mod p g ab mod p{“Alice”, proof I am Alice} g ab mod p{“Bob”, proof I am Bob}

39. IKE phase 2 Any party can initiate a quick mode exchange to set up an ESP SA or AH SA Negotiating crypto parameters Optionally doing a Diffie-Hellman exchange (if perfect forward secrecy is desired) Negotiating what traffic will be sent on the SA

40. Thank you