Internet Security - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Internet Security

Description:

A modern thief can steal more with a computer than with a gun. ... Bob, the online broker, sends Alice his public key certified by a trusted third party. ... – PowerPoint PPT presentation

Number of Views:63
Avg rating:3.0/5.0
Slides: 20
Provided by: ming2
Category:

less

Transcript and Presenter's Notes

Title: Internet Security


1
Internet Security
2
Outline
  • Introduction
  • Network and System Security
  • Transaction Security
  • Private key
  • Public key
  • SSL
  • The Dilemma Hiding Crimes Using Encryption

3
Crimes in Cyberspace
  • We are increasingly depending on computers.
  • Even we trust computers, they are are vulnerable.
  • A modern thief can steal more with a computer
    than with a gun.
  • Tomorrows terrorist may be able to do more
    damage with a keyboard than with a bomb.

4
Different Types of Security
  • Network and system security
  • Physical security - system break-ins.
  • Software security - viruses, time bomb.
  • Solutions firewalls, password, biometric systems
  • Transaction security
  • Ensures the privacy and confidentiality in
    electronic messages and online transactions.

5
Transaction Security
  • Identification and authentication
  • Are you who you say you are?
  • Privacy and confidentiality
  • Messages and sensitive transaction data such as
    password, SSN, and credit card number should be
    kept private and are able to sustain security
    attacks.
  • Transaction integrity
  • It ensures that the contents of transaction data
    remain unmodified during the transmission process
    between the client and the company.

6
Cryptographic Technology
  • It is the building blocks of the infrastructure
    of e-commerce
  • The goals of using different cryptographic
    methods are to authenticate communication, and to
    make sure that a hacker cannot view a message and
    compromise the integrity of it even if the
    message is intercepted

7
Basic Idea of Encryption
Key
Key
Original plain text
Plain text
Cipher text
Decryption
Encryption
8
Dramatis Personae
  • Alice - first participant
  • Bob - second participant
  • Eve - eavesdropper
  • Mallory - malicious active attacker
  • Trent - trusted arbitrator

9
Private Key
  • Private Key encryption
  • Both sides use a single secret key to encrypt
    decrypt
  • Simple enough for fast encryption/decryption
  • Example Caesar Cipher
  • dfwlrq.

10
Example
  • 1. Alice and Bob agree on a key
  • 2. Alice encrypts the message with the key
  • 3. Alice sends the encrypted message to Bob
  • 4. Bob decrypts the cyphertext with the key
  • What would Eve do?
  • What would Mallory do?

11
Problems
  • Key must be distributed secretly
  • Need a different single key for each business
    partner
  • Number of keys needed increases rapidly as the
    number of users increases.
  • Difficult to distribute and manage keys.

12
Public Key
  • Uses two keys
  • One key to encrypt the message
  • A different key to decrypt the message
  • One is private key - to be kept confidentially.
  • One is public key - can be made known to the
    public.
  • The two keys are mathematically related so that
    data encrypted with one key can only be decrypted
    using the other.
  • Private key cannot be deduced from the public
    key.

13
How It Works?
  • A message encrypted with one key cannot be
    decrypted by itself and has to be decrypted using
    the other key.
  • With the public key you can encrypt a message but
    not decrypt it.
  • Alice communicate with Bob
  • Alice gets Bobs public key from a trusted public
    database.
  • Alice encrypts her message using Bobs pubic key
    and sends the message to Bob.
  • Bob decrypts the encrypted message with his
    private key.

14
Advantages of Public Key System
  • Even Eve and Mallory intercept Alices message,
    they will not be able to read the message without
    the private key.
  • Key management is easy using public key system.
    What Alice and Bob should do is to get a third
    trusted party - Trent to manage the public key.
  • No need for separate secret key with each
    business partner.

15
Digital Signature
  • It accompanies a digital message to ensure both
    the authentication and integrity of the message
  • Bob encrypts the document with his private key,
    thereby signing the document.
  • Bob sends the signed document to Alice.
  • Alice decrypts the message with Bobs public key
    and verifies that Bob is indeed the sender.

16
Digital Signature
  • When Alice decrypts the message with Bobs public
    key, she knows only Bob could have signed it.
  • The document cannot be altered. If Mallory
    intercepted the message and altered it. The
    message will not be decrypted properly with Bobs
    public key.

17
Secure Socket Layer
  • SSL is the encryption protocol implemented for
    Web servers and browsers.
  • It is a protocol between TCP/IP and applications
    layers so that users can add SSL transparently to
    different Web-based communication protocols such
    as Telnet, HTTP, and FTP.

18
How SSL Works?
  • Bob, the online broker, sends Alice his public
    key certified by a trusted third party.
  • Alice generates a random secret session key,
    encrypts it using Bobs public key, and sends it
    to Bob.
  • Bob decrypts Alices message using his private
    key to recover the session key.
  • Bob and Alice encrypt their messages using the
    secret session key.
  • The secret session key will be destroyed after
    the transaction.

19
The DilemmaHiding Crimes in Cyberspace
  • Encryption also gives criminals and terrorists a
    powerful tool for concealing their activities.
  • Real-time communication
  • Encrypted emails
  • Public postings
Write a Comment
User Comments (0)
About PowerShow.com