Secure Electronic Commerce

1
Secure Electronic Commerce ECT 582 Spring 2006
Session Number 2

• Session Date April 4, 2006
• Session Objectives
• Administrative Items
• Course Topics Student Survey Results
• Session Topic Cryptography

2
Cryptography

• Basic concepts and terms
• Public/Private Key Algorithms
• Key Distribution/Management
• Digital Signatures
• Miscellaneous Crypto

3
Crypto Intro

• Why Encrypt?
• Protect stored information
• Privacy
• Encryption is the transformation of data into
  some unreadable form.
• Purpose is to ensure privacy by keeping
• Info hidden from anyone for whom it is not
  intended.
• Decryption is the reverse of encryption.
• Encryption and decryption require use secret
  information, typically referred to as a key.
• Cryptology is the combination of the two.
• In the literature of Cryptology
• Information to be encrypted is known as
  plaintext.
• Ciphertext is encrypted information.
• Encryption - process by which plaintext is
  converted to ciphertext using a key.
• Decryption - process by which ciphertext is
  converted to plaintext (with the appropriate key)

4
The goals and tools of cryptology
Cryptology Provides methods that enable a
communicating party to develop trust that his
communications have the desired properties, in
spite of the best efforts of an un-trusted party
(or adversary). The desired properties may
include Privacy. An adversary learns nothing
useful about the message sent. Authentication. Th
e recipient of a message can convince himself
that the message as received originated with the
alleged sender. Signatures. The recipient of a
message can convince a third party that the
message as received originated with the alleged
signer. Minimality. Nothing is communicated to
other parties except that which is specifically
desired to be communicated. Simultaneous
exchange Something of value (e.g. a signature on
a contract) is not released until something else
of value (e.g. the other party's signature) is
received. Coordination. In a multi-party
communication, the parties are able to coordinate
their activities toward a common goal even in the
presence of adversaries. Collaboration
threshold. In a multi-party communication, the
desired properties hold as long as the number of
adversaries does not exceed a given threshold.
5
The goals and tools of cryptology (continued)
The tools available for the attainment of the
desired properties include Randomness. Each
party may use a private natural source of
randomness (such as a noise diode) to produce
"truly random" bits in order to generate his own
secret keys or to perform randomized
computations. Physical protection. Each party
must physically protect his secrets from the
adversary. Channel properties. Unusual
properties of the communication channel can
sometimes be exploited. Information theory. The
adversary is never given enough information to
work with to break the code no amount of
computational power can help him overcome
this. Computational complexity theory. The
adversary's task is more often computationally
infeasible, rather than information-theoretically
impossible. Cryptographic operators. These
computational mappings - such as encryption and
decryption functions, one-way functions, and
pseudo-random sequence generators - are basic
building blocks for constructing cryptographic
systems. Cryptographic protocols. A protocol
specifies how each party is to initiate and
respond to messages, including erroneous or
illegal messages.
6
Cryptography Defined

• Cryptography is the art of devising codes and
  ciphers, and cryptoanalysis is the art of
  breaking them.
• Cryptography is about communication in the
  presence of adversaries.
• Cryptography provides mechanisms for following
  procedures.
• Digital signatures.
• Authentication
• Digital timestamps
• Brief History
• Ancient origins beginning in 1900 B.C.
• Used by ancient Egyptians, Mesopotamians, Greeks,
  Persians Romans.
• Prior evolution often driven by military use in
  times of war
• Modern expansion driven by commercial use circa
  1970 with IBM taking a lead.
• Internet and ecommerce is currently a primary
  driver in furthering development.

7
Cryptographys Basic Elements

• Plaintext original message with no
  transformation
• Ciphertext plaintext message after modification
  to obscure it from normal usage and readability
• encryption converts plaintext into ciphertext
• decryption converts ciphertext into plaintext
• Cryptographic algorithm mathematical operation
  used to convert plain text into ciphertext
• Key
• secret key used to encrypt or decrypt the message
• good algorithms NOT necessary to keep the
  algorithm secret!

8
Cryptanalysis Terms

• Ciphertext-only attack - attacker attempts to
  decrypt ciphertext.
• Known-plaintext attack - attacker attempts to
  decrypt ciphertext given knowledge of some
  plaintext.
• think Login
• Chosen-plaintext attack - attacker obtains
  ciphertext corresponding to selected plaintext.
• Chosen-ciphertext attack - attacker obtains
  plaintext corresponding to selected ciphertext
  (in a public key system, when trying to deduce
  private key)

9
Crypto System Properties

• Encryption/decryption transformations must be
  efficient for all keys.
• System must be easy to use.
• The security of the system should depend ONLY on
  the secrecy of the keys and not on the secrecy of
  the encryption/decryption transformations.

10
Crypto System Secrecy Requirements

• If ciphertext and plaintext are known, it should
  be computationally infeasible to determine the
  deciphering algorithm
• It should be computationally infeasible to
  systematically determine plaintext from
  intercepted ciphertext (Even if you decrypt
  ciphertext once, it should require the same
  amount of work to do it again.)
• Note systematically allows for a lucky guess
• Note Computationally infeasible means great
  effort, doesnt account for advances in
  computing, mathematics

11
Crypto System Authenticity Requirements

• If ciphertext and plaintext are known, it should
  be computationally infeasible to determine the
  enciphering algorithm.
• It should be computationally infeasible to find
  valid ciphertext.
• Even if you encrypt plaintext so that it can be
  decrypted once, it should require the same amount
  of work to do it again.

12
Public vs. Private Key Encryption

• Private key encryption uses the same key for both
  encryption and decryption.
• Private key encryption known as symmetric.
• Public key encryption uses two different keys,
  one to decrypt and one to encrypt (RSA).
• Thus, one key can be public, because the other
  key is still necessary for decryption.
• More complex, key management is an issue.
• Public key encryption known as asymmetric.

13
Private or Symmetric Key Encryption Systems

• Private or symmetric key systems rely on
  symmetric encryption algorithms where information
  encrypted with a key K can only be decrypted with
  K.
• communicating parties share a cryptographic key
  or password also called a secret.
• Authentication via secret-key systems requires
  the sharing of some secret.
• The key should never be transmitted over a
  network.

14
Private or Symmetric Key Systems (continued)

• 2 primary methods of breaking private/symmetric
  key encryption
• Brute force - using a method to find all possible
  combinations and eventually determine the
  plaintext message.
• Attack the algorithm - attack the characteristics
  of the algorithm to deduce a specific plaintext
  or the key used.

15
Private Key Encryption Example the One-Time Pad

• One-time pad is a very simple yet completely
  unbreakable symmetric cipher.
• "Symmetric" means it uses the same key for
  encryption as for decryption.
• It was invented in 1917.
• The sender must transmit the key to the
  recipient via some secure and tamperproof
  channel, otherwise the recipient won't be able to
  decrypt the ciphertext.
• The key for a one-time pad cipher is a string of
  random bits.
• With a one-time pad, there are as many bits in
  the key as in the plaintext.
• A drawback of a one-time pad, but it is also the
  source of its perfect security.
• No portion of the key can ever be reused for
  another encryption (hence the name "one-time
  pad"), otherwise cryptanalysis can break the
  cipher.
• One-time pads were employed by Soviet espionage
  agencies for covert communications with agents
  and agent controllers.

16
One - Time Pad Features

• Two identical pads (keys), one with sender, one
  with recipient.
• The random pads (keys) are the same length as the
  message.
• Unbreakable by exhaustive search.
• Relies on physical security of the pads.
• Pads can only be used once.

17
One - Time Pad Features (continued)

• The cipher itself is exceedingly simple.
• To encrypt plaintext, P, with a key, K,
  producing ciphertext, C, simply compute the
  bitwise exclusive-or of the key and the
  plaintext
• C KP
• To decrypt ciphertext, C, the recipient computes
  P KC
• It's simple, and it's perfectly secure,
• as long as the key is random and is not
  compromised.

18
Public Key Cryptography

• Idea each player has a pair of keys, one is
  published (called the public key) and the other
  is kept secret (called the private key)
• encryption use the players public key
• decryption only the player with the private key
  can decrypt
• signature encrypted using a private key,
  everyone else could verify it using the public
  key
• Was a revolution in cryptography
• first suggested by Whitfield Diffie Martin
  Hellman circa 1975-6

19
Public Key Encryption Advantages Disadvantages

• Advantages of public-key over private key
  cryptography
• Increased security and convenience.
• Public key cryptography can provide a method for
  digital signatures.
• Sometimes requires trust of a third party as
  well.
• Sender can repudiate a previously authenticated
  message.
• Example, the Kerberos secret-key authentication
  system involves a central database that keeps
  copies of the secret keys of all users an attack
  on the database would allow widespread forgery.
• Public-key authentication prevents this type of
  repudiation
• This property of public-key authentication is
  often called non-repudiation.
• Disadvantages of using public-key cryptography
• Slower processing speed.
• It may be vulnerable to impersonation.
• A successful attack on a certification authority
  will allow an adversary to impersonate whomever
  the adversary
• chooses to by using a public-key certificate
  from the compromised authority to bind a key of
  the adversarys
• choice to the name of another user.
• Hybrid of private and public-key cryptography
  offers best of both worlds.
• Offers the security advantages of public-key
  systems and the speed advantages of secret-key
  systems.

20
Encipherment Modes

• Block Mode ciphers - Message broken into blocks,
  each block encrypted separately.
• blocks of identical plaintext have identical
  ciphertext.
• replay and substitution attacks easier (insertion
  or deletion of blocks.
• Block chaining - parts of the previous block are
  inserted into the current block.
• makes replay and substitution attacks much
  harder.
• Digital encryption standard (DES) is a block
  cipher.

21
Encipherment Modes

• Stream Ciphers - Message broken into characters
  or bits and enciphered with a key stream.
• key stream - should be random and generated
  independently of the message stream.
• One-Time Pad is a stream cipher.

22
Digital Encryption Standard (DES)

• Developed by IBM in 1972
• Never approved for national security applications
• 64-bit plain cipher text block size
• 56-bit true key plus 8 parity bits
• Single chip (hardware) implementation
• Most implementations now software
• 16 rounds of transpositions substitutions
• Standard for unclassified government data
• Symmetric, block-mode, private key cryptosystem.

23
Applications of DES

• Double DES
• Effective key length of 112 bits
• Work factor about the same as single DES
• Triple DES
• Encrypt with first key
• Decrypt with second key
• Encrypt with first key
• Very secure

24
Public Key Cryptosystems

• RSA - Rivest, Shamir, and Adleman
• Introduced circa 1977
• Relies on factoring of large numbers
• Elliptic Curve Cryptosystem (EC)
• Highest strength/bit of public key stream
• Big savings over other public key systems
• Computation
• Bandwidth
• Storage

25
Strength Comparison
26
Key Selection

• Similar to password selection, users are the weak
  link
• Random number generators may not be random
• Key clustering - two different keys produce
  equivalent ciphertext from equivalent plaintext

27
Key Management

• Using a public key system, A wants to talk to B
• C is the Key Distribution Center, has A and Bs
  public key
• A calls B, and the calling protocol contacts C
• C encrypts a session key, k, with the public
  keys and sends the encrypted k to A and B
• A and B can then communicate

28
Key Management Issues

• Key storage, recovery
• Key revocation (lost, compromised keys)
• Must be fully automated
• No key in clear outside crypto system
• Choose key randomly from entire key space
• Key-encrypting key must be separate from data
  keys
• Infrequently use keys with long life

29
Key Escrow

• Separate agencies maintain components of private
  key, which, when combined, can be used to decrypt
  ciphertext.
• Stated reason is to decrypt drug related
  communications.
• Clipper chip is an example.
• Secret algorithm.
• Unpopular, unused.
• Issues include key storage Big Brother
  concerns.

30
Digital Signature

• Used like a written signature, binds a message to
  an individual (Provides non-repudiation)
• S is sender, R is recipient, and M is the
  Message.
• R must be able to validate Ss signature on M.
• No one can forge Ss signature.
• If S denies signing M, a 3rd party must be able
  to resolve the dispute between S and R.
• Easy with public key encryption - S encrypts
  with private key, R can decrypt with public (so
  can 3rd party).

31
Digital Signature

• Previous method results in M in ciphertext,
  anyone without Ss public key cannot view.
• An alternative is to compute a digest of the
  message using a public hash function, then
  encrypt the digest using private key. Thus, the
  only ciphertext is the hash.
• MD2, MD4, and MD5 are public hash functions that
  create message digests. MD5 is strongest, a
  Rivest upgrade of MD4.

32
Hash Function

• A Hash function or hash algorithm is a function
  for
• examining the input data and,
• producing an output of a fixed length, called a
  hash value.
• Two different inputs are unlikely to hash to the
  same hash value.
• The process of computing such a value is known as
  hashing, and is used in cryptography and
  error-checking (often in accounting systems).
• Hash functions produces a message digest.
• A message digest is also known as a fingerprint,
  imprint.
• 2 messages with the same message digest are
  extremely unlikely.
• Signer cant claim a different message was
  signed.
• Recipient cant claim a different message was
  signed.

33
Digital Signature Standard (DSS)

• Uses secure hash algorithm.
• Condenses message to 160 bits.
• Key size 512 - 1024 bits.
• Proposed by NIST in 1991.
• Adopted???

34
Attack Categories

• Brute force attack.
• Attempt to use all keys.
• Expensive.
• Time consuming.
• But, processing speed doubles every 18 months.
• Clustered workstations, etc.

35
Attack Categories

• Analytic.
• Use algorithm and algebraic manipulation to
  reduce complexity.
• Statistical.
• Use statistical weaknesses in design (more 1s
  than 0s in keystream on average, for example).
• Implementation.
• Microsoft PPTP passwords.
• Security flaws in Microsoft PPTP that allow
  attacks to sniff passwords.
• Poor randomization on Netscape key.
• Browsers come with many default "root" public
  keys.
• Netscape Navigator 4.5 came with 58 root public
  keys.
• Anyone who controls the corresponding private
  keys can issue certificates that are
  automatically trusted by all major browsers.
• All it takes is for one of the certifying
  authorities with a weak policy, security breach,
  or intentional compromise (e.g. bribe) for the
  certification process to be meaningless.

36
Automated Attack Types

• DoS- Denial of Service.
• Trojan Horse - Comes with other software.
• Virus - Reproduces itself by attaching to other
  executable files.
• Worm - Self-reproducing program. Creates copies
  of itself.
• Worms that spread using e-mail address books are
  often called viruses.
• Logic Bomb - Dormant until an event triggers it
  (Date, user action, random trigger, etc.).

37
Automated Attack Types DoS Type Attacks

• Ping broadcast
• A ping request packet is sent to a broadcast
  network address where there are many hosts.
• Source address is shown in the packet to be the
  IP address of the computer to be attacked.
• If the router to the network passes the ping
  broadcast, all computers on the network will
  respond with a ping reply
• to the attacked system.
• Attacked system will be flooded with ping
  responses which will cause it to be unable to
  operate on the network for
• some time.
• Ping of death
• Oversized internet control message protocol
  (ICMP) datagram can crash IP devices that were
  made before 1996.
• Smurf
• Attack where a ping request is sent to a
  broadcast network address with spoofed sending
  address
• Many ping replies will come back to the victim
  and overload the ability of the victim to process
  the
• replies.
• Teardrop
• Normal packet is sent.
• 2nd packet is sent which has a fragmentation
  offset claiming to be inside the first fragment.
• 2nd second fragment is too small to even extend
  outside the first fragment.
• This may cause an unexpected error condition to
  occur on the victim host.
• Can cause a buffer overflow and possible system
  crash on many operating systems.

38
Hacker Attack Types

• IP spoofing - An attacker may fake their IP
  address.
• Source routing attacks - hackers may be able to
  break through other friendly but less secure
  networks.
• Man in the middle attacks (Session hijacking) -
  attacker may watch a session open on a network.
  Once authentication is complete, they may attack
  the client computer to disable it, and use IP
  spoofing to claim to be the client who was just
  authenticated and steal the session.
• DNS poisoning - attack where DNS information is
  falsified.
• Password cracking - Used to get the password of
  a user or administrator on a network and gain
  unauthorized access.

39
Kerberos

• Authentication and encryption system designed at
  MIT.
• Assigns a unique key, called a ticket, to each
  user on the network.
• Ticket embedded in users messages to identify
  sender.

40
Certificate Authority

• Trusted, 3rd party organization.
• CA (Certificate Authority) guarantees that the
  individual granted a certificate is who he/she
  claims to be.
• CA usually has arrangement with financial
  institution to confirm identity.
• Critical to data security and electronic commerce.

41
Certificates Screen Shots
42
Certificates Screen Shots (continued)
43
Certificates Screen Shots (continued)
44
Certificates Screen Shots (continued)
45
Public Key Infrastructure

• Known as PKI.
• Necessary for widespread electronic commerce.
• No absolute definition or standard.
• A system of digital certificates, Certificate
  Authorities, and other registration authorities
  that verify and authenticate the validity of
  parties in Internet transactions.

46
Steganography

• Art of hiding communications.
• Why? Deny message exists.
• Hide data transmissions (remember the microdot?).
• Common implementations hide information in
  graphic files, sound files, or slack space.

47
Quantum Cryptography

• Quantum cryptography is based on the usage of
  individual particles/waves of light (photon) and
  their intrinsic quantum properties to develop an
  unbreakable cryptosystem.
• It is theoretically possible that other particles
  could be used.
• Photons offer all the necessary qualities needed,
  their behavior is comparatively well-understood,
  and they are the information carriers in optical
  fiber cables.
• What makes the system so secure is that an
  eavesdropper can't tap into it without disturbing
  the photons.
• If an eavesdropper disturbs the photons, then
  they're gone."
• In practice, quantum cryptography has been
  demonstrated in the laboratory by IBM and others,
  but over relatively short distances typically
  over over distances no greater than about 90
  kilometers from one point to another.
• There is growing interest in using quantum
  cryptography for commercial and military
  applications because of the technology's apparent
  ability to guarantee invulnerability.
• As it stands today, all quantum cryptography
  techniques only work over dedicated fiber-optic
  lines--not over the Internet.

48
Next Session Highlights

• Chapter 6 of Ford and Baum