Cryptography In E-commerce
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Cryptography In E-commerce as PDF for free.
More details
- Words: 3,598
- Pages: 15
Loading documents preview...
Topic 7 Cryptography in EăCommerce
LEARNING OUTCOMES By the end of this topic, you should be able to: 1.
Explain that the Internet communication medium;
is
a
wide-open,
unprotected
2.
Explain that a message can be encrypted and decrypted using special keys to provides confidentiality;
3.
Explain that a message can be hashed, providing integrity; and
4.
Explain that a message can be encrypted and digitally signed, providing confidentiality, authentication and integrity.
INTRODUCTION Cryptography is the science of writing in secret code and is an ancient art. The first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic mission to wartime battle plans. It is no surprise that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untreated medium, which includes just about any network particularly the Internet. Nowadays, doing business or paying bills over the Internet is getting popular. Due to this scenario, some forms of protection are needed to protect these transactions. In this topic, we are going to introduce and explain the role of cryptography in e-commerce (EC).
98
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
ACTIVITY 7.1 Discuss whether transactions done in e-commerce are safe or not.
7.1
AUTHENTICATION
Authentication is the process of verifying the identity of a user, process or device, often as a prerequisite to allowing access to resources in a system. (NIST, 2001). The identity of a certain user or process is challenged by the system and proper steps must be taken to prove the claimed identity. While there are many researches on authentication models that satisfy legitimate user requirements, little has been done at the system design level to prevent malicious user requirements from occurring.
SELF-CHECK 7.1 (a)
Explain what is authentication.
(b)
What happens if there is no authentication done over the e-commerce?
7.1.1
Types of EC Authentication Models
For us to protect the transactions done over the internet i.e. e-commerce (EC), we need to understand the various concepts and approaches in EC. Generally, there are six attacks applicable to authentication in the domain of EC system:
Sniffing attacks;
ID spoofing attacks;
Brute force attacks;
Dictionary attacks;
Credential decryption attacks; and
Replay attacks.
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 99
(a)
Sniffing Attacks Sniffing attacks use protocol analysers to capture network traffic for password and other data capture. A password sniffer is a program that takes advantage of this character to monitor all of the IP (Internet Protocol) traffic on its part of the network. By capturing the first 128 bytes of every FTP or Telnet session, for example, password sniffers can easily pick up your user name and password as you type them. Password sniffers may use programs provided for network debugging as building blocks, or may be written to use the services directly. Special-purpose password sniffing toolkits are widely available to attackers. The danger of sniffing attacks is rapidly spreading. Favourite targets for sniffers are network providers and public access systems where the volume of Telnet and FTP connections is huge. One sniffer on large public access systems can collect thousands of sniffed account names and passwords, and then compromise every system accessed. Even if your systems are as secure as possible and your user passwords are not guessable, you can be infected by a packet sniffer running at any site that your users can log in from or at any site their packets will cross to get to you.
(b)
ID Spoofing Attacks ID spoofing is a service that allows a hacker to masquerade as someone else by falsifying the ID that appears on the recipientÊs ID display. Just as e-mail spoofing can make it appear that a message came from any e-mail address the sender chooses, ID spoofing can make a call appear to come from any ID number the caller wishes. ID spoofing has been available for years to people with a specialised digital connection to the network. Collection agencies, law enforcement officials and private investigators have used the practice, with varying degrees of legality. However, the advent of VoIP (Voice over Internet Protocol) service makes it simple for the average person to falsify a calling number, and as Internet telephony has become more common, so has caller ID spoofing.
(c)
Brute Force Attacks Brute force is a form of password cracking. Brute force attacks will try every single key combination known to crack your password. The only protection against them is to either have a key length too long to crack anytime in this lifetime, or change the password frequently. Brute force is traditionally an Âold-fashionedÊ type of attack. Its takes time to crack the password. Nevertheless with powerful and fast computer processor, brute force is an attack not to be taken lightly.
100
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
(d)
Dictionary Attacks This is another form of password cracking. The term ÂdictionaryÊ comes from the actual book of known words. This is transferred into a file and loaded into a tool to try to help a hacker to crack your password. The defense against this is to not use simple-to-guess and known dictionary words as passwords.
(e)
Credential Decryption Attacks Credential decryption attacks revolve using decryption tools to steal or break credential or secret information of an organisation or people. This attack involves people trying to decrypt your credential and using this information to further achieve their personal agenda.
(f)
Replay Attacks Replay attack is when a hacker uses a sniffer to grab packets off the wire. After packets are captured, then the hacker can simply extract information from the packets like authentication information and passwords. Once the information is extracted, the captured data can be placed back on the network or replayed.
7.1.2
Security Attacks
Figure 7.1 shows a summary of security attacks related to authentication along with the attack enablers and prescribed countermeasures. Access to credential resources and weak cryptography are two attack enablers for brute force attacks. The first provides access to the medium in order to retrieve credential information and the second allows for a low-cost security attack.
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 101
Figure 7.1: (a) Authentication security attacks, (b) attacks enable and (c) countermeasures Weak credential policy, weak cryptography and incorrect implementation of cryptography are three attack-enablers for credential decryption attacks. A weak credential policy allows system users to select easy-to-guess passwords. Weak cryptography, on the other hand, allows for a low-cost security attack. An incorrect implementation of the cryptographic algorithm can be seen as an implementation defect and can only be checked after the system is implemented. Yet, it is incorporated into the system design as a security requirement. Weak cryptography is a supplementary attack-enabler for sniffing attacks. Sniffing and replay attacks both rely on a clear text communication channel [Herzog, 2001].
ACTIVITY 7.2 (a)
Name six types of attack applicable in the domain of EC.
(b)
Explain one of the six attack and give examples of how it can overcome or reduce the threats.
102
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
Figure 7.2: The e-commerce authentication countermeasures design model
Figure 7.2 shows the countermeasures design model derived by methodology [Probert, 2003] for e-commerce authentication. This model is detailed enough to be incorporated into high-level design documents of EC systems. Furthermore, a faithful implementation of the model will lead to an e-commerce system that is resistant to all known authentication security attacks.
7.2
SECURITY GOALS
When we talk about computer security, we are concerned with three main security goals. The three main security goals are confidentiality, integrity and availability. In short, these three security goals are abbreviated as „CIA‰ as shown in Figure 7.3.
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 103
Figure 7.3: Computer security goals
7.2.1
Confidentiality
Confidentiality is one of a set of security functions (others are, for example, authentication, integrity and non-repudiation). A confidentiality mechanism ensures that only authorised entities can read protected data. There are both system and communication aspects of confidentiality. Confidentiality is usually achieved using encryption. Encryption algorithms (that use encryption keys) are used to convert plain text into cipher text and the equivalent decryption algorithm is used to convert the cipher text back to plain text. Symmetric encryption algorithms use the same key for encryption and decryption, while asymmetric algorithms use a public/private key air. Confidentiality is transmitted or stored data which should only be disclosed to authorised entities.
ACTIVITY 7.3 (a)
Find out from the Internet the issues of confidentiality which affect EC.
(b)
Discuss whether confidentiality is under threat.
104
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
Example of Security Services: In confidentiality, users can implement some policies to protect their information. Policies can be implemented by using: (a)
Access control that allows only selected authenticated entities to read the protected information.
(b)
Cryptography that allows only those entities possessing the correct key to read the protected information.
7.2.2
Integrity
Integrity is assuring the receiver receives message(s) which has not been altered in any way from the original. Data integrity should be possible to detect whether the data is deliberate or unintentional changes. This requires the identification of the originator of the data is unique and cannot be manipulated. Verification is the original contents of information which have not been altered or corrupted. Without integrity, someone might alter information or information might become corrupted, and the alteration could be undetected. Below is an example of Integrity. The following process can be used to protect data integrity: (a)
Alice computes a one-way hash of the message m and encrypts it with her private key.
(b)
Alice sends both the text m and the encrypted hash to Bob.
(c)
Upon receiving, Bob extracts m and computes the same one-way hash on m. He also extracts the encrypted hash and decrypts it using AliceÊs public key.
(d)
Bob then compares the computed hash value with the received hash value. If they are identical, then he validates data integrity.
(e)
If the two hashes match in the above protocol, then Bob can confirm that the data has not changed since it was signed.
TOPIC 7
7.2.3
CRYPTOGRAPHY IN E–COMMERCE 105
Availability
Availability is concerned with the readiness of data and resources to be available to authorised users at any time. It is also related to disaster recovery and contingency planning. The information is said to be available to an authorised user when and where needed and in the correct format. There should be a fair allocation of resources so that some requests are not favoured over the others.
ACTIVITY 7.4 Name and explain the three main elements of security goal.
7.3
NON-REPUDIATION CRYPTOGRAPHY
Non-repudiation cryptography assures that a party in a communication cannot falsely deny that a part of the actual communication occurred. Without nonrepudiation, someone can communicate and then later either falsely deny the communications entirely or claim that it occurred at a different time. For example, without non-repudiation, an originator of information might falsely deny being the originator of that information. Likewise, without non-repudiation, the recipient of a communication might falsely deny having received the communication.
7.3.1
Characteristics
For non-repudiation to occur, several criteria or rules need to be followed: (a)
Provide Evidence of Communications and Transactions Example: Someone might deny sending an e-mail message but the messaging system adds a timestamp and digitally signs the message with the message originatorÊs digital signature. Because the message contains a timestamp and a unique signature, there is strong evidence to identify both the messageÊs originator and the date and time of origin. If the message originator later denies sending the message, the false claim is easily refuted. Likewise, to provide non-repudiation for mail recipients, mail systems might generate mail receipts that are dated and signed by the recipients.
106
(b)
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
Provide Network and Information Security Example: Cryptosystems that provide non-repudiation often provide authentication as a by-product. Your security goals and requirements determine which functions you need to provide. Non-repudiation is a mechanism to prove that the sender really sent this message. The aim of the non-repudiation service is to enable a unique identification of the initiators of certain actions, such as the sending of a message, so that these completed actions cannot be disputed after the fact.
7.4
DIGITAL SIGNATURE
Using public key cryptography, it is possible to digitally „sign‰ a piece of information. Signing information essentially means assuring a recipient of the information that the information has not been tampered with since it left your hands. To sign a piece of information, first compute a mathematical hash of the information. A hash is a condensed version of the information. The algorithm used to compute this hash must be known to the recipient of the information, but it is not a secret. Using your private key, encrypt the hash, and attach it to the message. Make sure that the recipient has your public key. To verify that your signed message is authentic, the recipient of the message will compute the hash of the message using the same hashing algorithm you used, and will then decrypt the encrypted hash that you attached to the message. If the newly-computed hash and the decrypted hash match, then it proves that you signed the message and that the message has not been changed since you signed it. Basically, a digital signature scheme consists of two components: (a)
A signing algorithm; and
(b)
A verification algorithm.
The process is very similar to the authentication: (a)
Alice encrypts the message m with her private key (EKpri(Alice)(m)).
(b)
Alice encrypts the resulting data using BobÊs public key and sends to Bob (c = EKpub(Bob)(EKpri(Alice)(m))).
(c)
Bob recovers m by doing m = DKpub(Alice)(DKpri(Bob)(c)).
Since Bob is able to recover m using AliceÊs public key, he can verify that Alice signed it with her private key. Also, the signature depends on the contents of the message; hence, no one can use the signature with another document.
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 107
ACTIVITY 7.5 Explain what is digital certificate.
7.5
SYMMETRIC CRYPTOGRAPHY
Symmetric cryptography uses a single private key to both encrypt and decrypt data. Any party that has the key can use it to encrypt and decrypt data. They are also referred to as block ciphers.
7.5.1
Symmetric Algorithms
(a)
DES The 56-bit keys used in DES are short enough to be easily brute-forced by modern hardware and DES should no longer be used.
(b)
3DES Triple DES (or 3DES) uses the same algorithm, applied three times with different keys giving it an effective key length of 128 bits. Due to the problems using the DES algorithm, the United States National Institute of Standards and Technology (NIST) hosted a selection process for a new algorithm.
(c)
AES The advance form of DES algorithm was called Rijndael and the associated cryptosystem is now known as the Advanced Encryption Standard or AES. For most applications, 3DES is acceptably secure at the current time but for most new applications it is advisable to use AES. Examples of how a symmetric algorithm works are given below between Alice and Bob: (i)
If Alice wants to send the message securely over a public channel to Bob, she uses the key they agreed on before, to send to Bob. He will decrypt the received cipher text with the same key to gain access to the message.
(ii)
Alice and Bob have agreed on a secret key (Shared Secret).
(iii) If Alice and Bob want to make sure they are communicating with each other over an insecure channel, i.e. prove that they know the secret
108
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
key, without revealing it to eavesdroppers, they can proceed as follows. (iv) They each pick a random number, the challenge. (v)
Suppose Alice contacted Bob stating she is Alice: Bob sends her an encrypted message and she replies with an encrypted message.
(vi) Bob can decrypt this information and verifies he gets again. Now Bob knows he is communicating with Alice. (vii) Then Alice sends him the encrypted message , and he replies with an encrypted message. Alice can now verify she is communicating with Bob. An eventual eavesdropper would not have gained information from this exchange.
7.5.2
Disadvantage of Symmetric Cryptography
The disadvantage of symmetric cryptography is that it presumes two parties have agreed on a key and been able to exchange that key in a secure manner prior to communication. This is a significant challenge. Symmetric algorithms are usually mixed with public key algorithms to obtain a blend of security and speed.
SELF-CHECK 7.2 Name and explain the three types of symmetric algorithms.
7.6
PUBLIC KEY CRYPTOGRAPHY
Public Key Cryptography (PKC) has been said to be the most significant new development in cryptography in the last 300-400 years. Modern PKC was first described publicly by Stanford University, Professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key. The most important thing to know about public key cryptography is that, unlike earlier cryptographic systems, it relies not on a single key (a password or a secret „code‰), but on two keys. These keys are numbers that are mathematically related in such a way that if either key is used to encrypt a message, the other key must be used to decrypt it. Also important is the fact that it is next to impossible (with our current knowledge of mathematics and available computing power) to
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 109
obtain the second key from the first one and/or any message encoded with the first key. By making one of the keys available publicly (a public key) and keeping the other key private (a private key), a person can prove that he or she holds the private key simply by encrypting a message. If the message can be decrypted using the public key, the person must have used the private key to encrypt the message. Figure 7.3 illustrates the process involved in public key cryptography.
Important: It is critical that private keys be kept private! Anyone who knows the private key can easily impersonate the owner.
Figure 7.3: Public Key Cryptography
(a)
Issues in Public Key Cryptography Multiplication vs. Factorisation: Suppose I tell you that I have two numbers, 9 and 16, and that I want to calculate the product; it should take almost no time to calculate the product, 144. Suppose instead that I tell you that I have a number, 144, and I need you tell me which pair of integers I multiplied together to obtain that number. You will eventually come up with the solution but whereas calculating the product took milliseconds, factoring will take longer because you first need to find the eight pairs of integer factors and then determine which one is the correct pair. Exponentiation vs. Logarithms: Suppose I tell you that I want to take the number 3 to the 6th power; again, it is easy to calculate 36 = 729. But if I tell you that I have the number 729 and want you to tell me the two integers that I used, x and y so that logx 729 = y, it will take you longer to find all possible solutions and select the pair that I used. While the examples above are trivial, they do represent two of the functional pairs that are used with public key cryptography namely, the ease of multiplication and exponentiation versus the relative difficulty of
110
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
factoring and calculating logarithms, respectively. The mathematical „trick‰ in public key cryptography is to find a trap door in the one-way function so that the inverse calculation becomes easy given knowledge of some items of information.
Understand cryptography-based security technology.
Cryptography-based security systems provide ample security when used properly within the capabilities and limitations of the cryptography technology.
Cryptography technology only provides part of the overall security for your networks and information.
The overall strength of security systems depends on many factors, such as the suitability of the technology, adequate security procedures and processes, and how well people use the procedures, processes and technology.
Conducting those operations that protect and defend information and information systems by ensuring availability, integrity, authentication, confidentiality and non-repudiation.
Integrity Non-repudiation Cryptography Public Cryptography Symmetric Cryptography
Authentication Availability Confidentiality Digital Signature
Cryptography. (2005, June 06). Building trust infrastructure. Gutmann, P., & Naccache, D. (2006). What is cryptography? In crypto corner,
introduction to cryptography. Kessler, G. C. (1998). An overview of cryptography. Retrieved July 1, 2009 from http://www.garykessler.net/library/crypto.html
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 111
Mactaggart, M. (2001). Introduction to cryptography, Part 2. Symmetric cryptography. Retrieved July 1, 2009 from http://www.ibm.com/ developerworks/library/s-crypt02.html Rosenthal, C. (2001). Information security and authenticity on public networks.
Solutions to some problems raised by conducting private conversations in public places. Retrieved June 26, 2009 from Unicom System Development website: http://www.unicom.com/pw/pubnetinfosec/ Sarker, M. Z., & Parvez, M. S. (2005). A cost effective symmetric key cryptographic algorithm for small amount. Retrieved June 26, 2009 from http://ieeexplore.ieee.org/Xplore/login.jsp?url=http%3A%2F%2Fieeexplo re.ieee.org%2Fiel5%2F4133396%2F4133397%2F04133450.pdf%3Farnumber %3D4133450&authDecision=-203 Stalling, W. (2003). Network security essentials ă Applications and standards (2nd ed.). Prentice Hall. Thorsteinson, P., & G. Gnana Arun Ganesh. (2003). Asymmetric Cryptography. The Idea behind Asymmetric Cryptography. Retrieved July 1, 2009 from http://www.informit.com/articles/article.aspx?p=102212&seqNum=2
LEARNING OUTCOMES By the end of this topic, you should be able to: 1.
Explain that the Internet communication medium;
is
a
wide-open,
unprotected
2.
Explain that a message can be encrypted and decrypted using special keys to provides confidentiality;
3.
Explain that a message can be hashed, providing integrity; and
4.
Explain that a message can be encrypted and digitally signed, providing confidentiality, authentication and integrity.
INTRODUCTION Cryptography is the science of writing in secret code and is an ancient art. The first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic mission to wartime battle plans. It is no surprise that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untreated medium, which includes just about any network particularly the Internet. Nowadays, doing business or paying bills over the Internet is getting popular. Due to this scenario, some forms of protection are needed to protect these transactions. In this topic, we are going to introduce and explain the role of cryptography in e-commerce (EC).
98
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
ACTIVITY 7.1 Discuss whether transactions done in e-commerce are safe or not.
7.1
AUTHENTICATION
Authentication is the process of verifying the identity of a user, process or device, often as a prerequisite to allowing access to resources in a system. (NIST, 2001). The identity of a certain user or process is challenged by the system and proper steps must be taken to prove the claimed identity. While there are many researches on authentication models that satisfy legitimate user requirements, little has been done at the system design level to prevent malicious user requirements from occurring.
SELF-CHECK 7.1 (a)
Explain what is authentication.
(b)
What happens if there is no authentication done over the e-commerce?
7.1.1
Types of EC Authentication Models
For us to protect the transactions done over the internet i.e. e-commerce (EC), we need to understand the various concepts and approaches in EC. Generally, there are six attacks applicable to authentication in the domain of EC system:
Sniffing attacks;
ID spoofing attacks;
Brute force attacks;
Dictionary attacks;
Credential decryption attacks; and
Replay attacks.
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 99
(a)
Sniffing Attacks Sniffing attacks use protocol analysers to capture network traffic for password and other data capture. A password sniffer is a program that takes advantage of this character to monitor all of the IP (Internet Protocol) traffic on its part of the network. By capturing the first 128 bytes of every FTP or Telnet session, for example, password sniffers can easily pick up your user name and password as you type them. Password sniffers may use programs provided for network debugging as building blocks, or may be written to use the services directly. Special-purpose password sniffing toolkits are widely available to attackers. The danger of sniffing attacks is rapidly spreading. Favourite targets for sniffers are network providers and public access systems where the volume of Telnet and FTP connections is huge. One sniffer on large public access systems can collect thousands of sniffed account names and passwords, and then compromise every system accessed. Even if your systems are as secure as possible and your user passwords are not guessable, you can be infected by a packet sniffer running at any site that your users can log in from or at any site their packets will cross to get to you.
(b)
ID Spoofing Attacks ID spoofing is a service that allows a hacker to masquerade as someone else by falsifying the ID that appears on the recipientÊs ID display. Just as e-mail spoofing can make it appear that a message came from any e-mail address the sender chooses, ID spoofing can make a call appear to come from any ID number the caller wishes. ID spoofing has been available for years to people with a specialised digital connection to the network. Collection agencies, law enforcement officials and private investigators have used the practice, with varying degrees of legality. However, the advent of VoIP (Voice over Internet Protocol) service makes it simple for the average person to falsify a calling number, and as Internet telephony has become more common, so has caller ID spoofing.
(c)
Brute Force Attacks Brute force is a form of password cracking. Brute force attacks will try every single key combination known to crack your password. The only protection against them is to either have a key length too long to crack anytime in this lifetime, or change the password frequently. Brute force is traditionally an Âold-fashionedÊ type of attack. Its takes time to crack the password. Nevertheless with powerful and fast computer processor, brute force is an attack not to be taken lightly.
100
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
(d)
Dictionary Attacks This is another form of password cracking. The term ÂdictionaryÊ comes from the actual book of known words. This is transferred into a file and loaded into a tool to try to help a hacker to crack your password. The defense against this is to not use simple-to-guess and known dictionary words as passwords.
(e)
Credential Decryption Attacks Credential decryption attacks revolve using decryption tools to steal or break credential or secret information of an organisation or people. This attack involves people trying to decrypt your credential and using this information to further achieve their personal agenda.
(f)
Replay Attacks Replay attack is when a hacker uses a sniffer to grab packets off the wire. After packets are captured, then the hacker can simply extract information from the packets like authentication information and passwords. Once the information is extracted, the captured data can be placed back on the network or replayed.
7.1.2
Security Attacks
Figure 7.1 shows a summary of security attacks related to authentication along with the attack enablers and prescribed countermeasures. Access to credential resources and weak cryptography are two attack enablers for brute force attacks. The first provides access to the medium in order to retrieve credential information and the second allows for a low-cost security attack.
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 101
Figure 7.1: (a) Authentication security attacks, (b) attacks enable and (c) countermeasures Weak credential policy, weak cryptography and incorrect implementation of cryptography are three attack-enablers for credential decryption attacks. A weak credential policy allows system users to select easy-to-guess passwords. Weak cryptography, on the other hand, allows for a low-cost security attack. An incorrect implementation of the cryptographic algorithm can be seen as an implementation defect and can only be checked after the system is implemented. Yet, it is incorporated into the system design as a security requirement. Weak cryptography is a supplementary attack-enabler for sniffing attacks. Sniffing and replay attacks both rely on a clear text communication channel [Herzog, 2001].
ACTIVITY 7.2 (a)
Name six types of attack applicable in the domain of EC.
(b)
Explain one of the six attack and give examples of how it can overcome or reduce the threats.
102
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
Figure 7.2: The e-commerce authentication countermeasures design model
Figure 7.2 shows the countermeasures design model derived by methodology [Probert, 2003] for e-commerce authentication. This model is detailed enough to be incorporated into high-level design documents of EC systems. Furthermore, a faithful implementation of the model will lead to an e-commerce system that is resistant to all known authentication security attacks.
7.2
SECURITY GOALS
When we talk about computer security, we are concerned with three main security goals. The three main security goals are confidentiality, integrity and availability. In short, these three security goals are abbreviated as „CIA‰ as shown in Figure 7.3.
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 103
Figure 7.3: Computer security goals
7.2.1
Confidentiality
Confidentiality is one of a set of security functions (others are, for example, authentication, integrity and non-repudiation). A confidentiality mechanism ensures that only authorised entities can read protected data. There are both system and communication aspects of confidentiality. Confidentiality is usually achieved using encryption. Encryption algorithms (that use encryption keys) are used to convert plain text into cipher text and the equivalent decryption algorithm is used to convert the cipher text back to plain text. Symmetric encryption algorithms use the same key for encryption and decryption, while asymmetric algorithms use a public/private key air. Confidentiality is transmitted or stored data which should only be disclosed to authorised entities.
ACTIVITY 7.3 (a)
Find out from the Internet the issues of confidentiality which affect EC.
(b)
Discuss whether confidentiality is under threat.
104
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
Example of Security Services: In confidentiality, users can implement some policies to protect their information. Policies can be implemented by using: (a)
Access control that allows only selected authenticated entities to read the protected information.
(b)
Cryptography that allows only those entities possessing the correct key to read the protected information.
7.2.2
Integrity
Integrity is assuring the receiver receives message(s) which has not been altered in any way from the original. Data integrity should be possible to detect whether the data is deliberate or unintentional changes. This requires the identification of the originator of the data is unique and cannot be manipulated. Verification is the original contents of information which have not been altered or corrupted. Without integrity, someone might alter information or information might become corrupted, and the alteration could be undetected. Below is an example of Integrity. The following process can be used to protect data integrity: (a)
Alice computes a one-way hash of the message m and encrypts it with her private key.
(b)
Alice sends both the text m and the encrypted hash to Bob.
(c)
Upon receiving, Bob extracts m and computes the same one-way hash on m. He also extracts the encrypted hash and decrypts it using AliceÊs public key.
(d)
Bob then compares the computed hash value with the received hash value. If they are identical, then he validates data integrity.
(e)
If the two hashes match in the above protocol, then Bob can confirm that the data has not changed since it was signed.
TOPIC 7
7.2.3
CRYPTOGRAPHY IN E–COMMERCE 105
Availability
Availability is concerned with the readiness of data and resources to be available to authorised users at any time. It is also related to disaster recovery and contingency planning. The information is said to be available to an authorised user when and where needed and in the correct format. There should be a fair allocation of resources so that some requests are not favoured over the others.
ACTIVITY 7.4 Name and explain the three main elements of security goal.
7.3
NON-REPUDIATION CRYPTOGRAPHY
Non-repudiation cryptography assures that a party in a communication cannot falsely deny that a part of the actual communication occurred. Without nonrepudiation, someone can communicate and then later either falsely deny the communications entirely or claim that it occurred at a different time. For example, without non-repudiation, an originator of information might falsely deny being the originator of that information. Likewise, without non-repudiation, the recipient of a communication might falsely deny having received the communication.
7.3.1
Characteristics
For non-repudiation to occur, several criteria or rules need to be followed: (a)
Provide Evidence of Communications and Transactions Example: Someone might deny sending an e-mail message but the messaging system adds a timestamp and digitally signs the message with the message originatorÊs digital signature. Because the message contains a timestamp and a unique signature, there is strong evidence to identify both the messageÊs originator and the date and time of origin. If the message originator later denies sending the message, the false claim is easily refuted. Likewise, to provide non-repudiation for mail recipients, mail systems might generate mail receipts that are dated and signed by the recipients.
106
(b)
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
Provide Network and Information Security Example: Cryptosystems that provide non-repudiation often provide authentication as a by-product. Your security goals and requirements determine which functions you need to provide. Non-repudiation is a mechanism to prove that the sender really sent this message. The aim of the non-repudiation service is to enable a unique identification of the initiators of certain actions, such as the sending of a message, so that these completed actions cannot be disputed after the fact.
7.4
DIGITAL SIGNATURE
Using public key cryptography, it is possible to digitally „sign‰ a piece of information. Signing information essentially means assuring a recipient of the information that the information has not been tampered with since it left your hands. To sign a piece of information, first compute a mathematical hash of the information. A hash is a condensed version of the information. The algorithm used to compute this hash must be known to the recipient of the information, but it is not a secret. Using your private key, encrypt the hash, and attach it to the message. Make sure that the recipient has your public key. To verify that your signed message is authentic, the recipient of the message will compute the hash of the message using the same hashing algorithm you used, and will then decrypt the encrypted hash that you attached to the message. If the newly-computed hash and the decrypted hash match, then it proves that you signed the message and that the message has not been changed since you signed it. Basically, a digital signature scheme consists of two components: (a)
A signing algorithm; and
(b)
A verification algorithm.
The process is very similar to the authentication: (a)
Alice encrypts the message m with her private key (EKpri(Alice)(m)).
(b)
Alice encrypts the resulting data using BobÊs public key and sends to Bob (c = EKpub(Bob)(EKpri(Alice)(m))).
(c)
Bob recovers m by doing m = DKpub(Alice)(DKpri(Bob)(c)).
Since Bob is able to recover m using AliceÊs public key, he can verify that Alice signed it with her private key. Also, the signature depends on the contents of the message; hence, no one can use the signature with another document.
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 107
ACTIVITY 7.5 Explain what is digital certificate.
7.5
SYMMETRIC CRYPTOGRAPHY
Symmetric cryptography uses a single private key to both encrypt and decrypt data. Any party that has the key can use it to encrypt and decrypt data. They are also referred to as block ciphers.
7.5.1
Symmetric Algorithms
(a)
DES The 56-bit keys used in DES are short enough to be easily brute-forced by modern hardware and DES should no longer be used.
(b)
3DES Triple DES (or 3DES) uses the same algorithm, applied three times with different keys giving it an effective key length of 128 bits. Due to the problems using the DES algorithm, the United States National Institute of Standards and Technology (NIST) hosted a selection process for a new algorithm.
(c)
AES The advance form of DES algorithm was called Rijndael and the associated cryptosystem is now known as the Advanced Encryption Standard or AES. For most applications, 3DES is acceptably secure at the current time but for most new applications it is advisable to use AES. Examples of how a symmetric algorithm works are given below between Alice and Bob: (i)
If Alice wants to send the message securely over a public channel to Bob, she uses the key they agreed on before, to send to Bob. He will decrypt the received cipher text with the same key to gain access to the message.
(ii)
Alice and Bob have agreed on a secret key (Shared Secret).
(iii) If Alice and Bob want to make sure they are communicating with each other over an insecure channel, i.e. prove that they know the secret
108
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
key, without revealing it to eavesdroppers, they can proceed as follows. (iv) They each pick a random number, the challenge. (v)
Suppose Alice contacted Bob stating she is Alice: Bob sends her an encrypted message and she replies with an encrypted message.
(vi) Bob can decrypt this information and verifies he gets again. Now Bob knows he is communicating with Alice. (vii) Then Alice sends him the encrypted message , and he replies with an encrypted message. Alice can now verify she is communicating with Bob. An eventual eavesdropper would not have gained information from this exchange.
7.5.2
Disadvantage of Symmetric Cryptography
The disadvantage of symmetric cryptography is that it presumes two parties have agreed on a key and been able to exchange that key in a secure manner prior to communication. This is a significant challenge. Symmetric algorithms are usually mixed with public key algorithms to obtain a blend of security and speed.
SELF-CHECK 7.2 Name and explain the three types of symmetric algorithms.
7.6
PUBLIC KEY CRYPTOGRAPHY
Public Key Cryptography (PKC) has been said to be the most significant new development in cryptography in the last 300-400 years. Modern PKC was first described publicly by Stanford University, Professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key. The most important thing to know about public key cryptography is that, unlike earlier cryptographic systems, it relies not on a single key (a password or a secret „code‰), but on two keys. These keys are numbers that are mathematically related in such a way that if either key is used to encrypt a message, the other key must be used to decrypt it. Also important is the fact that it is next to impossible (with our current knowledge of mathematics and available computing power) to
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 109
obtain the second key from the first one and/or any message encoded with the first key. By making one of the keys available publicly (a public key) and keeping the other key private (a private key), a person can prove that he or she holds the private key simply by encrypting a message. If the message can be decrypted using the public key, the person must have used the private key to encrypt the message. Figure 7.3 illustrates the process involved in public key cryptography.
Important: It is critical that private keys be kept private! Anyone who knows the private key can easily impersonate the owner.
Figure 7.3: Public Key Cryptography
(a)
Issues in Public Key Cryptography Multiplication vs. Factorisation: Suppose I tell you that I have two numbers, 9 and 16, and that I want to calculate the product; it should take almost no time to calculate the product, 144. Suppose instead that I tell you that I have a number, 144, and I need you tell me which pair of integers I multiplied together to obtain that number. You will eventually come up with the solution but whereas calculating the product took milliseconds, factoring will take longer because you first need to find the eight pairs of integer factors and then determine which one is the correct pair. Exponentiation vs. Logarithms: Suppose I tell you that I want to take the number 3 to the 6th power; again, it is easy to calculate 36 = 729. But if I tell you that I have the number 729 and want you to tell me the two integers that I used, x and y so that logx 729 = y, it will take you longer to find all possible solutions and select the pair that I used. While the examples above are trivial, they do represent two of the functional pairs that are used with public key cryptography namely, the ease of multiplication and exponentiation versus the relative difficulty of
110
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE
factoring and calculating logarithms, respectively. The mathematical „trick‰ in public key cryptography is to find a trap door in the one-way function so that the inverse calculation becomes easy given knowledge of some items of information.
Understand cryptography-based security technology.
Cryptography-based security systems provide ample security when used properly within the capabilities and limitations of the cryptography technology.
Cryptography technology only provides part of the overall security for your networks and information.
The overall strength of security systems depends on many factors, such as the suitability of the technology, adequate security procedures and processes, and how well people use the procedures, processes and technology.
Conducting those operations that protect and defend information and information systems by ensuring availability, integrity, authentication, confidentiality and non-repudiation.
Integrity Non-repudiation Cryptography Public Cryptography Symmetric Cryptography
Authentication Availability Confidentiality Digital Signature
Cryptography. (2005, June 06). Building trust infrastructure. Gutmann, P., & Naccache, D. (2006). What is cryptography? In crypto corner,
introduction to cryptography. Kessler, G. C. (1998). An overview of cryptography. Retrieved July 1, 2009 from http://www.garykessler.net/library/crypto.html
TOPIC 7
CRYPTOGRAPHY IN E–COMMERCE 111
Mactaggart, M. (2001). Introduction to cryptography, Part 2. Symmetric cryptography. Retrieved July 1, 2009 from http://www.ibm.com/ developerworks/library/s-crypt02.html Rosenthal, C. (2001). Information security and authenticity on public networks.
Solutions to some problems raised by conducting private conversations in public places. Retrieved June 26, 2009 from Unicom System Development website: http://www.unicom.com/pw/pubnetinfosec/ Sarker, M. Z., & Parvez, M. S. (2005). A cost effective symmetric key cryptographic algorithm for small amount. Retrieved June 26, 2009 from http://ieeexplore.ieee.org/Xplore/login.jsp?url=http%3A%2F%2Fieeexplo re.ieee.org%2Fiel5%2F4133396%2F4133397%2F04133450.pdf%3Farnumber %3D4133450&authDecision=-203 Stalling, W. (2003). Network security essentials ă Applications and standards (2nd ed.). Prentice Hall. Thorsteinson, P., & G. Gnana Arun Ganesh. (2003). Asymmetric Cryptography. The Idea behind Asymmetric Cryptography. Retrieved July 1, 2009 from http://www.informit.com/articles/article.aspx?p=102212&seqNum=2
Related Documents
Cryptography In E-commerce
February 2021 0
Ecommerce-marketing-in-2019-the-definitive-guide.pdf
February 2021 3
The Ecommerce Copywriting Bible
January 2021 2
Marketing & Ecommerce: Funnel
March 2021 0
The Definitive Guide: Ecommerce Seo
February 2021 2
Ecommerce Product Fb Traffic Map
March 2021 0More Documents from "trytofly"