EXAM II: REVIEW

1
EXAM II REVIEW
2

• SINGLE KEY vs. DUAL KEY
• KERBROS
• CONCEPT OF DIGITAL CASH / BLINDING
• FIRST VIRTUAL SYSTEM (NOW DEFUNCT)

3
SINGLE KEY vs. DUAL KEY

• SINGLE KEY
• SYMMETRIC KEY, SECRET KEY.
• SAME KEY USED FOR ENCRYPTING AND DECRYPTING
• KEY KNOWN ONLY TO PRIVATE GROUP
• ONE KEY PER GROUP

4

• DUAL KEY
• MATHEMATICALLY MATCHED PAIR
• PRIVATE KEY (SECRET), PUBLIC KEY (FREELY
  AVAILABLE)
• ENCRYPTING WITH ONE KEY DECRYPTING WITH
  CORRESPONDING OTHER KEY

5
ADV / DISADV

• SPEED
• SAFETY
• SPEED SINGLE KEY FASTER.
• SAFETY KEY USUALLY STOLEN IN TRANSIT. SINGLE KEY
  HAS TO BE COMMUNICATED. DUAL KEY SYSTEM, PRIVATE
  KEY IS NOT TRANSMITTED.

6
KERBROS

• GOAL
• NETWORK OF SERVERS
• MANY USERS
• ONLY AUTHENTIC USERS CAN ACCESS SERVERS
• DONT WANT TO HAVE LOGIN FOR USER IN EVERY SERVER

7

• SOLUTION
• AUTHENTICATION SERVER (KERBROS SERVER)
• WORKS ON SECRET KEY SYSTEM
• EACH USER, EACH SERVER HAS SECRET KEY
• KEYS STORED IN KERBROS SERVER.

8

• USER A WANT TO USER SERVER S.
• MAKES REQUEST TO KERBROS SERVER K
• KERBROS SERVER SENDS BACK
• A) TICKET SESSION KEY ENCODED IN AS PRIVATE KEY

9

• IF A CAN DECODE TICKET, THAT AUTHENTICATES A
• B) SESSION KEY ENCODED IN PRIVATE KEY OF SERVER
  S.
• THIS IS SENT TO SERVER S.
• SERVER S DECODES AND RETRIEVES SESSION KEY.
• IF CAN DECODE, AUTHENTICATES S
• SESSION KEY USED BY A AND S

10

• TIME STAMP
• TO AVOID REPLAY

11
DIGITAL CASH / BLINDING

• USER, MERCHANT, BANK
• ALL NEED SOFTWARE
• USER USES SOFTWARE TO GENERATE NOTE
• BANK AUTHENTICATES (ASSIGNS VALUE)

12

• SIGNS WITH PRIVATE KEY OF BANK
• RETURNS NOTE TO USER.
• USER PRESENTS TO MERCHANT.
• MERCHANT USES BANK PUBLIC KEY TO VERIFY
  AUTHENTICITY OF NOTE.

13
BALANCE

• SECURITY
• DUPLICATION
• IN CASE OF LOSS?
• ANONYMITY
• CASH IS ANONYMOUS.

14
BLINDING

• BLINDING
• TO RETAIN ANONYMITY
• DIGITAL ENVELOPE (CAN ONLY BE OPENED BY USER)
• NOTE SENT TO BANK IN ENVELOPE
• BANK SIGNS ENVELOPE WITH PRIVATE KEY
• SIGNATURE GOES THROUGH TO NOTE

15

• SENDS BACK TO USER
• USER REMOVES ENVELOPE
• PRESENTS NOTE TO MERCHANT
• MERCHANT RETURNS IT TO BANK
• BANK CANNOT IDENTIFY WHOSE NOTE IT IS.

16
FIRST VIRTUAL HOLDINGS

• UNIQUE CONCEPT
• NOW DEFUNCT (BOUGHT OUT BY CYBERCASH?)
• PREMISE DANGEROUS TO SEND CREDIT CARD OVER
  INTERNET

17

• USER APPLIES FOR ACCOUNT
• (CAN BE DONE OFFLINE)
• GIVES CREDIT CARD NUMBER
• IS GIVEN PIN NUMBER.
• TO BUY
• ORDERS, AND GIVES PIN NUMBER TO MERCHANT
• MERCHANT SENDS TO FVH
• FVH SENDS EMAIL TO USER
• USER RESPONDS, FVH OKS
• MERCHANT SHIPS

18
WHY?

• SAFTEY TO CUSTOMER
• MERCHANT NEVER GETS CREDIT CARD NUMBER
• PIN IS LIMITED USE ORDER HAS TO BE APPROVED
  EACH TIME
• WE KNOW WHO RECEIVED MERCHANDISE
• SAFETY TO BANKING SYSTEM