1.01k likes | 1.11k Views
E-Commerce Architectures and Technologies. Rob Oshana Southern Methodist University. Cryptography. Security Service Layers. Non-repudiation. Data Integrity. Data Confidentiality. Access Control. Authentication. Authentication. Typically the first step to gain access to a system
E N D
E-Commerce Architectures and Technologies Rob Oshana Southern Methodist University
Security Service Layers Non-repudiation Data Integrity Data Confidentiality Access Control Authentication
Authentication • Typically the first step to gain access to a system • user name and password • Process of proving your identity • Kerberos is an example • Data Origin Authentication Service • provides confirmation that the source of data received is as claimed. • Peer-Entity Authentication Service • provides confirmation that a peer entity in an association is the one claimed
Access Control • Provides protection against the unauthorized use of accessible resources using network protocols • permissions for files, directories, and processes • Specifies what resources a user or service may access on the network • A prerequisite for access control is proper authentication
Data Confidentiality • Protection of data from unauthorized disclosure • connection confidentiality • connectionless confidentiality • traffic flow confidentiality • Protection of data from passive threats
Data Integrity • Provides protection from active threats • Connection Integrity with Recovery Service • Connection Integrity without Recovery Service • Selective Field Connection Integrity Service • Connectionless Integrity Service • Selective Field Connectionless Integrity Service
Non-repudiation • The denial by one of the entities involved in a communication of having participated in all or part of the communication • Prevents one of the entities involved in a communication to later deny having participated in all or part of the communication • Non-Repudiation of Origin Service • Non-Repudiation of Receipt Service
Telnet Telnet HTTP HTTP FTP FTP TCP TCP TCP TCP IP IP IP IP Security Transport Protocols Secure Messaging (S-MIME, PGP) Telnet over SSL FTP over SSL HTTP over SSL Secure Telnet Secure HTTP Secure FTP SSL Network layer Transport layer Application layer Above the application layer
Historical Ciphers • Nonstandard hieroglyphics, 1900BC • Atbash cipher (Old Testament, reversed Hebrew alphabet, 600BC) • Caesar cipher; • letter = letter + 3 • ‘fish’ -> ‘ilvk’ • rot13: Add 13/swap alphabet halves • usenet convention used to hide possibly offensive jokes • applying it twice restores original text
Substitution Ciphers • Simple substitution cipher; • a=p, b=m, c=f… • Break via letter frequency analysis • Polyalphabetic substitution cipher • 1. A=p, b=m, c=f… • 2. A=l, b=t, c=a… • 3. A=f, b=x, c=p,… • Break by decomposing into individual alphabets, then solve as simple substitution
One-time Pad (1917) • OTP is unbreakable provided • pad is never reused • unpredictable random numbers are used (physical sources, eg radioactive decay) Message s e c r e t 18 5 3 17 5 19 OTP +15 8 1 12 19 5 -------------------------------------------------- 17 13 4 3 24 24 g m d c x x
One time Pad • Used by • Russian spies • Washington-Moscow “hot-line” • CIA covert operations • Many snake oil algorithms claim unbreakability by claiming to be a OTP • pseudo-OTPs provide pseudo-security • Cipher machines attempted to create approximations to OTPs, first mechanically, then electronically
Cipher Machines (1920) • Basic component is a wired rotor • simple substitution • Step the rotor after each letter • polyalphabetic substitution, period = 26 -> ‘M’ ‘A’ ->
Cipher Machines • Chain multiple rotors • Each steps the next one when a full turn is complete -> ‘P’ ‘A’ ->
Cipher Machines • Two rotors, period = 26 X 26 = 676 • Three rotors, period = 26 X 26 X 26 = 17,576 • Rotor sizes are chosen to be relatively prime to give maximum-length sequence • Key is rotor wiring and rotor start position
Cipher Machines • Famous rotor machines • Japan, Red, Purple • Germany, Enigma • Secure if used properly • use of predictable openings (“nothing to report”, “Mein Fuehrer”) • use of same key over an extended period
Stream Ciphers • Binary pad (keystream), use XOR instead of addition • Plaintext = original, unencrypted data • Ciphertext = encrypted data • Two XORs with the same data always cancel out Plaintext 1 0 0 1 0 1 1 Keystream 0 1 0 1 1 0 1 Ciphertext 1 1 0 0 1 1 0 Keystream 0 1 0 1 1 0 0 Plaintext 1 0 0 1 0 1 1
Stream Ciphers • Using the keystream and ciphertext we can recover the plaintext • But..using the plaintext and ciphertext we can recover the keystream • Using two ciphertexts from the same keystream we can recover the XOR of the plaintexts • Any two will recover the third (don’t reuse keys of stream cipher)
RC4 • Stream cipher optimized for fast software implementation • 2048 bit key, 8 bit output • Extremely fast • Used in SSL (Netscape, MSIE), Lotus Notes, Windows, Adobe Acrobat, Oracle Server • Easy to get wrong
key L R F() F() encrypt Block Ciphers • Originated in early 70’s • banking security systems decrypt L R F() F() key
Block Ciphers • F() function is a simple transformation, does not have to be reversible • Each step is called a round, the more rounds, the greater the security • DES is an example of block cipher • 16 rounds • 56 bit key • 64 bit block size (L,R = 32 bits)
Attacking Block Ciphers • Differential cryptanalysis • looks for correlations in f() function input and output • Linear cryptanalysis • looks for correlations between key and cipher input and output • Related-key cryptanalysis • looks for correlations between key changes and cipher input/output
Data Encryption Standard (DES) • Widely-used method of encryption using a private (secret) key • Restricted for exportation to other countries • 72 quadrillion or more possible encryption keys that can be used • For each given message, the key is chosen at random from among this number of keys • Sender and receiver must know and use the same private key
Strength of DES • Key size = 56 bits • Brute force = 2**55 attempts • Differential cryptanalysis = 2**47 • Linear cryptanalysis = 2**43 • Can be done relatively easily with FPGA or ASIC (8 cents/key) • 1998: German court ruled DES unsafe for financial applications
Other Block Ciphers • Triple DES (3DES) • encrypt+decrypt+encrypt with 2 (112 bits) or 3(168 bits) DES keys • 1998 - banking auditors were requiring the use of 3DES rather than DES • RC2 • companion to RC4, 1024 bit key • RC2 and RC4 have special status for US exportability
Other Block Ciphers • AES • Advanced Encryption Standard, replacement for DES • 128 bit block size, 128/192/256 bit key
Relative Performance Fast RC4 AES DES RC2 3DES Slow
Public Key Encryption • How can you use two different keys? • One is the inverse of the other: • key1 = 3, key2 = 1/3, message M = 4 • Encryption: Ciphertext C = M X Key1 • = 4 X 3 • = 12 • Decryption: Plaintext M = C X key2 • = 12 X 1/3 • = 4 • One key is published, one is kept private -> public-key cryptography (PKC)
Example: RSA • N, e=public key, n=product of two primes q and p • d=private key • Encryption: C = M**e mod n • Decryption: M = C**d mod n • p,q = 5,7 • n = p X Q • =35 • e=3 • d= e**-1 mod ((p-1)(q-1)) • = 16
Example: RSA • Message M = 4 • Encryption: C = 4**3 mod 35 = 29 • Decryption: M 29**16 mod 35 = 4
RSA • An Internet encryption and authentication system that uses an algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adleman • Most commonly used encryption and authentication algorithm • Included as part of the Web browsers from Netscape and Microsoft
RSA • Other applications; • Lotus Notes • Intuit's Quicken • Owned by RSA Security • licenses the algorithm technologies • sells development kits • technologies are part of existing or proposed Web, Internet, and computing standards
How RSA Works • Algorithm involves multiplying two large prime numbers (a prime number is a number divisible only by that number and 1) and additional operations to derive a set of two numbers that constitutes the public key and another set that is the private key • Once the keys have been developed, the original prime numbers are no longer important and can be discarded
How RSA Works • Both the public and the private keys are needed for encryption /decryption but only the owner of a private key ever needs to know it • Using the RSA system, the private key never needs to be sent across the Internet • The private key is used to decrypt text that has been encrypted with the public key
How RSA Works • If I send you a message, I can find out your public key (but not your private key) from a central administrator and encrypt a message to you using your public key • When you receive it, you decrypt it with your private key
How RSA Works • You can also authenticate yourself to me (so I know that it is really you who sent the message) by using your private key to encrypt a digital certificate • When I receive it, I can use your public key to decrypt it.
Public Key Algorithms • RSA (Rivest-Shamir-Adleman) • digital signatures and encryption in one algorithm • private key = sign and decrypt • public key = signature check and encrypt • DH (Diffie-Hellman) • key exchange algorithm
Public Key Algorithms • DSA (Digital Signature Algorithm) • All have roughly the same strength • 512 bit key is marginal • 1024 bit key is recommended minimal size • 2048 bit key is better for long term security
Symmetric key • Same key used to encrypt and decrypt • Sender and receiver must hold same secret or key confidentiality • Data Encryption Standard (DES) algorithm • Merchants must administer secret keys to all customers and provide them through secure channel (hard!)
Symmetric/secret-key cryptography Information Encrypt Decrypt Encrypted information Net
Asymmetric key • Two distinct keys • public key • private key • Data encrypted using public key can only be decrypted using the corresponding private key • Multiple senders can encrypt information using the public key • receiver uses the private key to decrypt • Receiver must protect the private key
Asymmetric/public-key cryptography Public key Private key Net
1011001 Private key Encrypted digital signature What the Sender Does Message to send Hash algorithm Message digest Sender Digital signature Encryption Random key Random key Receiver public key Encrypted message Digital envelope Receiver
1011001 1011001 Message digest Message digest Encrypted message Encrypted digital signature What the Receiver Does Sender Random key Receiver Private key Original Message Digital envelope Hash function Sender public key
Hash Algorithms • Reduce variable length input to fixed length (128 or 160 bit) output • Requirements • can’t deduce input from output • can’t generate a given output (CRC fails this requirement) • can’t find two inputs which produce the same output (CRC fails this too)
Hash Algorithms • Used to • produce fixed length fingerprint of arbitrary length data • produce data checksums to enable detection of modifications • distill passwords down to fixed length encryption keys • Also called message digests or fingerprints