1 / 11

Encryption Transaction with 3DES

Encryption Transaction with 3DES. Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab (W23) Xiaochun Zhu (W24) . Objective: To implement a secure credit card transaction using 3DES encryption using Kerberos-style authentication. Team Manager: Rebecca Miller.

kalani
Download Presentation

Encryption Transaction with 3DES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21)Taewan Kim (W22) Evan Mengstab (W23) Xiaochun Zhu (W24) Objective: To implement a secure credit card transaction using 3DES encryption using Kerberos-style authentication. Team Manager: Rebecca Miller Current Stage: Design Proposal 01/21/2004

  2. What’s Wrong with Credit Purchases? • Point-of-sale terminals transmit your name, credit card number, and expiration dates ‘in the clear’ (unencrypted). • Using Kerberos-style authentication, we can transmit encrypted information that can be verified by the card authorizer without actually containing sensitive information.

  3. Triple Data Encryption Standard • Difficult to decipher for large encryption keys • Symmetric Key Cipher – encryption & decryption use same key • Based on DES – a very trusted cipher • Encryption utilized in new ATMs • Free to use • Accepted as the new standard for federal agencies in 1999

  4. Kerberos-style Authentication • Provides authentication without transmitting sensitive information. • Encrypt card expiration date using credit card number and secret PIN as encryption key. • The data payload is arbitrary. Only the cardholder and card acquirer have the key.

  5. How It Works • Transmit: name, merchant, price, encrypted expiration date • Card company has cc# and PIN to decrypt packet • If expiration date matches, purchase is approved • CC# and PIN are never transmitted, but essential to authenticate

  6. Security In Making Purchases • Identity theft is a growing problem • Sensitive information never transmitted • Uses existing cards and phone network • Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each year

  7. Design Diagram Input 100 Name Reg b’100 CC# Reg b’54 68 Output Concatenate 3DES encryption of Expiration Date using PIN+CC# Key PIN Reg b’14 11 Package Packager Pin+CC# = Encryption Key ExpDate Reg b’11 MerchID-Name-Payload-Price 11 25 MerchID b’25 12 MerchPrice b’12

  8. Current Status • Block Diagram breakdown of functions • Decisions on packet encryption (100%) • Analysis of 3DES algorithm (10%) • C Language software implementation of encryption and decryption (0%) • Verilog HDL (0%) • Verilog Gate-level design (0%) • Schematic Representation (0%) • Chip Layout (0%) • SPICE Simulation (0%)

  9. Design Decisions • Cardholder’s name encoded in shortened ASCII, only 32 letters (4 bytes). • Merchant ID shortened to 5 letters. • Merchandise Cost capped at $4,096 (12 bits) • Credit Card number and PIN concatenated as key. Longer key -> Stronger encryption. • Transmitted data • Unencrypted: Cardholder’s name, Merchant’s ID, purchase amount • Encrypted: expiration date

  10. Design Alternatives • Rijndael (AES) encryption algorithm • Does not comply with standard for ATMs • Larger silicon area • Clock-synchronized random number key • Incompatible with current credit cards • Difficult to keep smart chip in card synchronized with server

  11. Problems and Questions • Should sensitive data (PIN and CC#) be the encrypted data or the encryption key? • Less secure to encrypt purchase price, creating variable encrypted messages using the same key? • Need a rough transistor count. • Is this encryption difficult to crack but still manageable to realize in hardware?

More Related