©1998-2001 ITU Electronic Commerce for Developing Countries (EC-DC). Page - 1 Security and Trust for E-commerce Alexander NTOKO, Project Manager, ITU Electronic.

©1998-2001 ITU Electronic Commerce for Developing Countries (EC-DC). Page - 1

Security and Trust for E-commerce

Alexander NTOKO, Project Manager, ITU Electronic CommerceITU Telecommunication Development Bureau (BDT)Email: [email protected] Web: http://www.itu.int/ecdc

Basic E-Commerce Training For Pakistan

Pakistan Telecommunication Authority (PTA)

Islamabad, Pakistan

31 March – 5 April 2001

International Telecommunication Union (ITU)


Technology Requirements

Authentication Encryption Data Integrity Non-Repudiation Access Control Security (application, host and network) Details on encryption technologies


Authentication Who am I dealing with ?

In electronic commerce, the parties do not meet physically to perform a transaction.Technology needs to provide mechanisms for the establishment of the identities of the parties in a transaction.

Authentication involves the use of digital signatures based on Public Key encryption algorithms and digital certificates to establish the identities of the parties involved in an electronic transaction.

ITU-T X.509 digital certificate standard provides a format for binding the physical identity of the party to be authenticated with their public key. The binding of a public key to an identity is done by a Trusted Third Party (TTP) or a Certification Authority through ITU-T X.509 Digital Certificate.

To authenticate the sender of a message, the electronic document (message) is hashed, then digitally signed using the private key of the sender (digital signature) and sent together with the clear text version.

To verify that the message is from the intended sender, the recipient performs the reverse function (hashes the clear-text message, and compares it with the decrypted version of the hashed messages). If the hashes match, then the message was sent by the intended sender.


Encryption Basics - For your eyes only

The possible misuse of valuable financial and personal data as it transits via public networks (like the Internet) and stored in computers and routers emphasizes the need for providing mechanisms for scrambling data during transmission.

In electronic commerce, the potential for fraud increases this need and makes encryption a basic tool for all electronic commerce systems.

Encryption is a process that involves disguising a message such that only the intended recipient can understand the contents of the message. The message is scrambled using a KEY (encryption process) and the recipient needs a KEY to unscramble the message (decryption process).

There are two main types of encryption systems: Public Key Cryptography and Private Key Cryptography. Details on how both work will be provided in the session on encryption.

Encryption algorithms form the basic technology used in electronic commerce systems (for transaction and payment processing) and also for hosts, applications and networks security systems.

Various combinations of encryption and decryption are used for providing the basic technological solutions for electronic commerce transactions.


Data Integrity-Was the data modified ?

Imagine an electronic commerce transaction that requests the transfer of USD 1000 to a bank account. What happens if this data could be modified to USD 10000?

Data Integrity means making sure that data is not modified in a electronic transaction. If any such modification takes place, it is detected and the data is rejected.

One-Way Message Digest function in combination with Digital signatures provide the solutions to check the integrity of data in electronic commerce transactions.

A cryptographically strong digest algorithm should be impossible to invert, and resistant to collision. Such a digest is referred to as a Hash Function.

To send a message and be sure of the integrity, the data is hashed and then digitally signed. It is then attached to the clear-text message. The recipient checks the origin and that the data was not modified in transit.

Hash functions (unlike encryption) provide a one-way encryption of the data and and are much faster than encryption algorithms because they are used on small pieces of data where the integrity is vital.

Commonly used Hash Functions include: Secure Hash Algorithm (SHA) and Message Digest 5 (MD5).


Non-repudiation Can the transaction be denied?

Electronic commerce involves transactions conducted over public or private networks. This means the parties do not meet physically. After a transaction is concluded, can one party deny or repute the transaction ?

An electronic commerce system MUST provide mechanisms for transactions conducted to be binding (as is the case with transactions conducted using traditional means).

Non-repudiation is the non-deniability of electronic commerce transactions. Digital signatures provide the mechanism for binding transactions.

Both parties to a transaction digitally sign the document using their private keys. Only the owner of a private key has access to this key. Hence a document digitally signed attests to the authenticity of the signer.

To be sure that the private key used to sign the document belongs to the legitimate party, Trusted Third Parties provide services to bind the corresponding public key of the signer to their identity.

The session on encryption, digital signatures and has functions will explain in detail how this process works.


Access Control Who can access the resource?

The sale of digital content implies strict access control to the valuable resources being sold.

After identifying the party to the transaction (authentication), it is necessary to provide a mechanism to control access based on pre-defined conditions.

Access control means providing access only to those who are authorized (such as clients who have already paid for a resource). This involves blocking access to the resource and only releasing it to authorized parties.

Access control could be implemented at the level of individual users, groups of users, organizations or companies. The type of service provided determines the level of access control.

On the Internet, access control mechanisms include username/password, IP and domain name control, client certificates, encrypted state objects, virtual private networks, PKI infrastructure and other security mechanisms.

Besides determining the identity of the party accessing the resource, access control involves other factors such as when can the resource be access (day, time) and the duration of the authorization.

There must be ways of maintaining and updating the access control lists or authorization databases.


SECURITY

Web Server Security Client Security Operating System Security Physical Security Network Security


Security Framework for E-Commerce

o Encryption (symmetric and public key)o One-way hash functionso Digital signatureso Digital certificates, CAs, ITU X.509o Secure Sockets Layer (SSL)o Secure Electronic Transaction (SET)o Client security


Is E-commerce safe?

“One of the most common assumptions about the digital world is that it isn't a safe place. True? False. The virtual world is a far safer, more private, and less dangerous place than the real world. Note, I didn't say better. When people tell me they would never type their credit card number into the Internet, I try to suppress a laugh. These same people gleefully recite it over the telephone or hand their credit card to a lascivious-looking waiter, who disappears with it for a few minutes.”

Nicholas Negroponte, MIT Media Laboratory, Forbes Magazine


Main Security Threats

o Eavesdropping: where intermediaries “listen” in on private conversations

o Manipulation: where intermediaries intercept and change information in a private communication

o Impersonation: where a sender or receiver uses a false identity for communication


E-commerce Security Requirements

o Confidentiality• Information accessed only by those authorized

o Integrity• No information added, changed, or taken out

o Authentication• Parties are who they pretend to be

o Non-repudiation• Originator cannot deny origin

o Infrastructure of trust• Automating the checking of identities


Enhancing trust on E-commerce

o Confidentiality Encryptiono Who am I dealing with? Authenticationo Message integrity Message Digesto Non-repudiation Digital Signatureo Third party evidence of authenticity Certificateo Trusted certificate Certification Authoritieso Secure communication sessions SSLo Secure payment systems SSL-based, SET, …


Encryption: the security foundation

o Encryption is the transformation of data into a form unreadable by anyone without the appropriate decryption key

o Encryption system: an algorithm and a keyo Key: number used to encrypt and decrypt

datao A cryptographic system is robust if only

brute force can “crack” an encrypted message by testing “all” possible values of the key


Private key encryption system

o Also known as symmetric key systemo Sender distributes copy of the private or

secret key to each receivero Same key is used to encrypt and decrypt

messageso Easier to “discover” a “secret” key which

is distributed to one or more receiverso Used in E-commerce for session or

message confidentiality (“one time” usage)

Symmetric key encryption system

Same key is used to both encrypt and decrypt data

Examples of encryption systems: DES, 3DES, RC2, RC4, RC5DES: Data Encryption Standard, US Gov 1977, developed at IBM


Symmetric key encryption system

o AdvantagesFast, secure, widely understood

o Disadvantages

Requires secret sharing

Requires large number of keys

No authentication

No non-repudiation


Public key encryption system

o Concept introduced in 1976 by Diffie and Hellman

o RSA, the most popular, was invented in 1977 by Rivest, Shamir, and Adleman

o RSA (www.rsa.com) was founded in 1982

o Everyone has a private key and a public keyo Sender uses the receiver’s public key to encrypt

messageo Only receiver’s private key can decrypt messageo Discovering private key kept by one person is

more difficult than discovering shared secret key


Each user has 2 keys: what one key encrypts,only the other key in the pair can decrypt.Public key can be sent in the open.Private key is never transmitted or shared.

Recipient’s Public Key Recipient’s Private Key



o Example: RSAo Advantages

No secret sharing riskProvides authentication, non-repudiationInfeasible to determine one key from the other

o DisadvantagesComputationally intense (in software, DES is at least 100 times faster than RSA)Requires authentication of public keys

Sender Authentication

Using Public Key Encryption “backwards” provides authentication of the sender

Sender’s Public KeySender’s Private Key

Message Digest

Hash Algorithm

Digest

- Used to determine if document has changed- Usually 128-bit or 160-bit “digests”- Infeasible to produce a document matching

a digest- A one bit change in the document affects

about half the bits in the digest

Plaintext


Message Digest

o Common hash algorithms• MD2 (128-bit digest)• MD4 (128-bit digest)• MD5 (128-bit digest)• SHA-1 (160-bit digest)

Digital Signature

Signer’s Private Key

SignedDocument

EncryptedDigestHash

Algorithm

Digest

Verifying the Digital Signaturefor Authentication and Integrity

Hash Algorithm

Digest

Digest??

Signer’sPublic Key

Integrity: One bit change in the content changes the digest


Digital Signature

Guarantees:o Integrity of document

One bit change in document changes the digest

o Authentication of senderSigner’s public key decrypts digest sent and decrypted digest matches computed digest

o Non-repudiationOnly signer’s private key can encrypt digest that is decrypted by his/her public key and matches the computed digest. Non-repudiation prevents reneging on an agreement by denying a transaction.


Is the public key from the sender?

o Alice can send data to Bob securely by using public key cipher so long as:• She is really using Bob’s public key• Bob’s private key has not been

compromised

o Public key “validation” is done by Certificates


Digital Certificateo A digital certificate or Digital ID is a computer-

based record that attests to the binding of a public key to an identified subscriber

o Certificate issued by Certification Authority (CA)o Very well known CAs are VeriSign, Entrust, GTEo Certified digital signature attests to message

content and to identity of the signero Combined with a digital time stamp message can

be proved to have been sent at certain time

Digital Envelope

Combines the high speed of DES (symmetric encryption) and the key management convenience of RSA (public key encryption)

“DigitalEnvelope”

One timeencryption Key

Recipient’sPublic Key


Digital Certificate

C ertifica te version , seria l num ber and signature a lgorithm

C ertifica te A uthority N am e

C ertifica te ho lder in fo rm ation (N am e, O rgan isa tion , A ddress e tc.)

P ub lic K ey o f certifica te ho lder

X .509 V 3 C ertifica te E xtensions

D ig ita l S ignature o f C ertifica te A uthority

Sim ple D iagram of ITU-T X .509 C ertificate Version 3

Figure 1


I T U X.509 Certificate

o Standard certificate virtually everyone useso Includes: serial number, name of individual

or system (X.500 name - e.g., CN=John Smith, OU=Sales,

O=XYZ, C=US), issuer (X.500 name of CA), validity period, public key, cryptographic algorithm used, CA digital signature, etc., plus flexible extensions in Version 3

o Certificate is signed by the issuer to authenticate the binding between the subject name and the related public key


I T U X.509 Certificate Version 3

o Version 3 standard extensions include subject and issuer attributes, certification policy information, key usage restrictions, e-mail address, DNS name, etc.

o Example of special extensions: account number, postal address, telephone number, photograph (image data), birthday to block users younger than specified age to access certain contents of a Web server, preferred language, etc.


Certification Authority Issues

o Issuing certificates is easyo Managing effectively and securely is

difficult: CAs must maintain a Certification Revocation List (CRL), must not store private keys (risk of “identity theft”), ...

o Trust depends on integrity and security of CA’s practices and procedures

o Users will have many certificates (e.g., one for Intranet, one for Extranet, one at home)

o Interoperability: need for standard


A List of Certification Authorities

http://www.verisign.com - Verisign

http://www.thawte.com/certs - Thawte Consulting

http://eurosign.com EuroSign - The European Certification Authorityhttp://www.belsign.be - BelSign NV-SA

http://www.cost.se - COST

http://xcert.com - Xcert Software Inc

http://www.entrust.com - Entrust Technologies (Nortel)

http://www.keywitness.ca - Keywitness

http://www.softforum.co.kr/h-sf - SoftForum

http://www.cybertrust.gte.com - GTE CyberTrust

http://www.certisign.com.br - Certisign Certificadora Digital Ltdahttp://www.uptimecommerce.com - Uptime Commerce Limited


Secure Communication Sessions

Requirements:o Authentication of server [and client]

through verification of Certificates;protection against impostors

o Message privacy using encryption;protection against eavesdroppers

o Message integrity protected from being altered in route; protection against vandals


Secure Sockets Layer (SSL)

o Developed by Netscape, widely usedo Security just above Network layer o Authentication via X.509 Certificates o Provides encrypted channel for sending

sensitive data



o Client initiates connectiono Server replies sending its ITU X.509

certificate to prove its identityo Client verifies certificate [up to root CA]o Client generates a session key to be used

for symmetric data encryption o The key is encrypted using the server's

public key and securely sent to the servero Secure communications commence


SSL including client certification

o Client and server exchange ITU X.509 certificates to prove their identity

o Certificates are verified (option up to root CA)

o The client randomly generates a pair of keys that will be used for data encryption

o The keys are encrypted using the server's public key and securely sent to the server

o Separate keys are used for client to server and server to client communications



o SSL handshake: encryption and message digest algorithms (for integrity) are negotiated

o Messages are encrypted using the encryption algorithm negotiated

o SSL calculates message authentication codes (MACs) using the message digest algorithm (e.g., MD5) and the key negotiated during the SSL handshake

o https://… , solid key at the bottom left corner



Browsers (e.g., Netscape Navigator and Microsoft Explorer) include embedded Certificates (Digital IDs) for leading Certificate Authorities (e.g., VeriSign). As new CAs come online, their Certificates are also embedded. These embedded certificates allow the browsers to verify the legitimacy of arbitrary servers. Browsers that do not implement support for HTTP over SSL will naturally not be able to access "https" URLs.



Browser Secure Insecure

Netscape Navigator1.1X or later

Nescape Communicator

4.0+

Microsoft Internet Explorer No Icon(any version)


Secure Electronic Transaction (SET)

o Announce by Visa, MasterCard and partners in January 1996 as a unified card-based network payment protocol for electronic commerce and has gained industry support.

o Enables the authentication of cardholder, merchant and bank for all transactions.

o Uses strong encryption and cardholder certificates for authentication, data integrity and digital signatures.

o Merchant cannot see cardholder financial details and bank does not see item details.

o Compromise solution announced in May 1999 to allow SSL-based client-merchant transactions to be accepted as SET transactions.


High-Level Security for E-commerce

Public and private key encryption systems, digital certificates, digital signatures, certificate authorities, secure communication protocols (e.g., SSL) provide scaleable and high-level security within the enterprise, throughout the Internet, and ultimately throughout the society as a whole, enhancing trust on E-commerce.


Client Security

o Traditional network security focuses on protecting valuable server resources from hostile clients.

o Now security also includes protecting valuable client resources from hostile servers. Server “gurus” know all tricks!

o Average home user will not be able to cope with the related complexity without robust software support (e.g., browsers).


Client Security

o Secure protocol to communicate over untrusted channels is not enough

o Trusted code is necessary at the end pointso Security on user’s PCs is now insufficiento Simple problem: keeping private key privateo Security must take people into accounto Cryptographically secure checksums of the PC

executable and other files (self-healing)?o Microsoft Authenticode?, … , NT 5.0?,


Is Encryption Safe?

o Keys with 128 bits will probably remain unbreakable by brute force for the foreseeable future. Brute force attack takes 2128 encryptions. If 1 billion keys were tried per chip and one billion chips were used, it will take 1013 years. Longer than the age of the universe to break!

o For keys longer that 128-bits, we will encounter a limit where the energy consumed by the computation (using the minimum energy of a quantum mechanic operation for the energy of one step) will exceed the energy of the mass of the sun or even of the universe.


PKI –Public Key Infrastructure

o Keys with 128 bits will probably remain unbreakable by brute force for the foreseeable future. Brute force attack takes 2128 encryptions. If 1 billion keys were tried per chip and one billion chips were used, it will take 1013 years. Longer than the age of the universe to break!

o For keys longer that 128-bits, we will encounter a limit where the energy consumed by the computation (using the minimum energy of a quantum mechanic operation for the energy of one step) will exceed the energy of the mass of the sun or even of the universe.


Who are You Transacting With?

“On the Internet, nobodyknows you’re a dog…”

Identification isthe Challenge

…but in e-business, it is important to Know if you are dealing with a dog.


Public Key Infrastructure (PKIX)

The set of hardware, software, people and procedures needed to create, manage, store, distribute and revoke certificates based on public-key cryptography.

• Public-Key Virtual Private Networks

• ITU-T X.509 Digital (Identity) Certificates

• Strong Software and Hardware Authentication

• Certification and Registration Authorities

• Attribute Certificates linked to Identity Certificates

• Online Certificate Validation (OCSP,SCVP, CLR)


Why PKI?- Results of a recent PKI online poll done by Network Computing


PKI/CA Revenues

1997 1998 1999 2000E 2001E 2002E 2003E

Certification AuthorityServicesPKI software products

Source: I nternational Data Corporation

WORDLWI DE PKI / CA REVENUE

USD Millions

44123

198

342

580

909

1.313

CAGR for CA Services 1999 – 2003: 83%


ITU-T X.509

C ertifica te vers ion , seria l num ber and s igna ture a lgorithm

C ertifica te A uthority N am e

C ertifica te ho lder in fo rm ation (N am e, O rgan isa tion , A ddress e tc.)

P ub lic K ey o f certifica te ho lder

X .509 V 3 C ertifica te E xtensions

D ig ita l S ignature o f C ertifica te A uthority

Sim ple D iagram of ITU -T X .509 C ertificate Version 3

Figure 1


The Solutions

Multi-Platform (Fixed, Mobile and DVB)

E-Payments and Financial Services

Verifiable Chain of Trust (e-trust)

Integrity, Confidentiality, Non-repudiation

E-Government, E-Health and E-Learning

Component-Based Architecture


PKI Services

©1998-2001 ITU Electronic Commerce for Developing Countries (EC-DC). Page - 1 Security and Trust for E-commerce Alexander NTOKO, Project Manager, ITU Electronic.

Documents

electronic commerce

electronic transaction

key encryption process

electronic document

encryption basics

encryption technologies

public key cryptography

message decryption process