Top Banner
COEN 351 E-Commerce Security Essentials of Cryptography
22

COEN 351 E-Commerce Security Essentials of Cryptography.

Jan 16, 2016

Download

Documents

Meryl Mathews
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: COEN 351 E-Commerce Security Essentials of Cryptography.

COEN 351 E-Commerce Security

Essentials of Cryptography

Page 2: COEN 351 E-Commerce Security Essentials of Cryptography.

Cryptography

Scrambles a plain-text into crypto-text.

Enables to descramble plain text.

Page 3: COEN 351 E-Commerce Security Essentials of Cryptography.

Symmetric Cryptography

Uses the same key for encryption, decryption

Page 4: COEN 351 E-Commerce Security Essentials of Cryptography.

Asymmetric Cryptography

Uses different key for encryption, decryption

Page 5: COEN 351 E-Commerce Security Essentials of Cryptography.

Message Authentication Codes

Condenses message into a short hash

• SHA1, … MD5, … are appropriate cryptographically secure hash functions• For example, encrypt only the MAC with a key known to sender and receiver.

Page 6: COEN 351 E-Commerce Security Essentials of Cryptography.

Message Authentication Code

Alternatively, use a secret key. This also provides authentication.

Page 7: COEN 351 E-Commerce Security Essentials of Cryptography.

Use of Asymmetric Cryptography

Generic idea:Make one key public. How?

Website Website can be spoofed.

On your business card Works for individuals, requires recipient to

type in several lines of gibberish correctly. From a trusted source

Going back and back: Where does the trust stem from?

Page 8: COEN 351 E-Commerce Security Essentials of Cryptography.

Use of Asymmetric Cryptography

Notations: E – public key, D – secret key EC (M) – encryption of M using key C.

DC(M) – decryption of M using key C.

Asymmetric cryptography key identities DEED(M) = M

DDEE(M) = M

Page 9: COEN 351 E-Commerce Security Essentials of Cryptography.

Use of Asymmetric Cryptography

Secret Transmission of messages Alice uses public key of Bob to

encrypt her messages to him: EE(Bob)

(M). Bob uses his private key to decrypt

the message: DD(Bob)EE(Bob)(M).

Page 10: COEN 351 E-Commerce Security Essentials of Cryptography.

Use of Asymmetric Cryptography

Signing a message I: Alice encrypts the message with her private

key: ED(Alice)(M).

Bob decrypts with her public key and

obtains M = DE(Alice) ED(Alice)(M).

If M makes sense, Bob knows that someone with Alice secret key send the message.

Page 11: COEN 351 E-Commerce Security Essentials of Cryptography.

Use of Asymmetric Cryptography Signing a message II

This method avoids encryption of the whole message.

Asymmetric cryptography is very compute intensive.

Alice uses a MAC of her message: MAC(M). She sends Bob M and ED(Alice)(MAC(M)). Bob calculates

MAC(M) = DE(Alice) (ED(Alice)(MAC(M))). Bob verifies that this is the correct MAC. Bob concludes that the message was sent

by someone knowing Alice’s private key.

Page 12: COEN 351 E-Commerce Security Essentials of Cryptography.

Key Management

Generic Rules: Use symmetric cryptography as much

as possible for performance. Never use keys more than once.

Key Management becomes an issue.

Page 13: COEN 351 E-Commerce Security Essentials of Cryptography.

Key Management

Keys have limited lifetimes: Cryptanalysis is easier with more

material. Breaking WEP involves harvesting a large

number of packets. Once found, a compromised key

continues to do damage.

Page 14: COEN 351 E-Commerce Security Essentials of Cryptography.

Key Management

Key Management Life Cycles: Key establishment

Key generation Key distribution

Key backup / recovery, key escrow Key replacement / update (rekeying) Key revocation Key expiration / Key termination / Key

destruction

Page 15: COEN 351 E-Commerce Security Essentials of Cryptography.

Key Management

Key generation Uses random number generation

Pseudo-random generation derived from a seed

WEP: seed based on user key word. Not as random as appeared.

Hardware random number generation Combined methods

Page 16: COEN 351 E-Commerce Security Essentials of Cryptography.

Key Management

Key distribution Has issues of authentication and confidentiality. Diffie-Hellman protocol solves confidentiality:

Allows two parties to agree on a common secret. Subject to the man-in-the-middle attack

Alice thinks that she shares a secret with Bob. In reality, she communicates with M, and shares the

secret with him. M shares another secret with Bob.

Page 17: COEN 351 E-Commerce Security Essentials of Cryptography.

Key Management Key backup / recovery

Accidental loss of key hardware failure, forgotten password …

Control of encrypted information Employer cannot entrust enterprise-critical data to

complete control of a single / group of employees. Key escrow

To preserve possibility of access by law enforcement agencies.

In the UK, it is a crime to withhold a key to encrypted data under subpoena.

In the US, such a law is seen to contradict 5th amendment protection.

Page 18: COEN 351 E-Commerce Security Essentials of Cryptography.

Key Management

Key destruction Secure key destruction is far easier

than secure file erasure. Key destruction destroys accessibility

to encrypted data. Key archiving

Necessary for validation of old signatures, of integrity of old messages, …

Page 19: COEN 351 E-Commerce Security Essentials of Cryptography.

Key Management

Symmetric key transport: Send symmetric key along, protected

by public key of recipient. Saves on processing time

Page 20: COEN 351 E-Commerce Security Essentials of Cryptography.

Diffie-Hellman Uses calculation modulo p, p a large

prime. Chooses generator g.

Ideally, gx, x = 0, …, p -2 runs through all numbers 1, … p -1.

Uses the fact that calculating powers gx is computationally feasible.

But discrete logarithm (given gx find x) is not.

Page 21: COEN 351 E-Commerce Security Essentials of Cryptography.

Diffie Hellman Alice generates random number a mod p. Bob generates random number b mod p. Alice sends Bob ga mod p. Bob sends Alice gb mod p. Alice calculates (gb)a mod p. Bob calculates (ga)b mod p. These numbers are identical and the

shared key.

Page 22: COEN 351 E-Commerce Security Essentials of Cryptography.

Diffie Hellman

Secure against eavesdroppers. Can be secured against man-in-

the-middle by using authenticated gb mod p or by using a published value gb mod p.