Cryptography & Internet Security
CRYPTOGRAPHY & INTERNET SECURITY Cryptography & Secure Transactions
Cryptography
Encrypt before sending, decrypt on receiving (plain text and cipher text) Cryptography & Secure Transactions
Cryptography All cryptosystems are based only on three Cryptographic Algorithms:
Message Digest (MD2-4-5, SHA, SHA-1, …) Maps variable length plaintext into fixed length ciphertext No key usage, computationally infeasible to recover the plaintext Private KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …) Encrypt and decrypt messages by using the same Secret Key
Public KEY (DSA, RSA, …) Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together) Cryptography & Secure Transactions
Cryptography Two components: key, and the algorithm Algorithms are publicly known and Secrecy is in the Key Key distribution must be secure
Plaintext Encryption Ciphertext Decryption Plaintext Hello World &$*£(“!273 Hello World Key Key Cryptography & Secure Transactions
Cryptography Symmetric Key Cryptography (DES, Triple DES, RC4): KE = KD Asymmetric Key Cryptography (RSA): KE ¹ KD Cryptography & Secure Transactions
Private Key Cryptography The Sender and Receiver share the same Key which is private
Plaintext Encryption Ciphertext Decryption Plaintext
Sender/Receiver’s Sender/Receiver’s Private Key Private Key Diffie-Hellman Key Exchange Algorithm Cryptography & Secure Transactions
Public Key Cryptography Both the Sender and Receiver have their Private Key and Public Key Messages are encrypted using receiver’s Public Key and the receiver decrypts it using his/her Private Key
Plaintext Encryption Ciphertext Decryption Plaintext
Receiver’s Public Key Receiver’s Private Key Cryptography & Secure Transactions
Digital Signature
Message Message
Digest Digest Hash Function Hash Function Algorithm Algorithm
Digest Public Key
Private Key Encryption Decryption
Signature Expected Actual Digest Digest Cryptography & Secure Transactions
Digital Certificate HTTPS communication is done using Public Key Cryptography The public Keys are distributed using Digital Certificates Digital Certificates contain the Public Key and is digitally signed by a trusted Certificate Authority (CA) like Verisign or Thawte Cryptography & Secure Transactions
Digital Certificate CERTIFICATE
Issuer
Subject
Subject Public Key
Issuer Digital Signature Cryptography & Secure Transactions
SSL Transport Layer Security (TLS) and Secure Socket Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. SSL encrypts the segments of network connections at the Transport Layer end-to-end. SSL authentication is unilateral: only the server is authenticated (the client knows the server's identity), but not vice versa (the client remains unauthenticated or anonymous). In applications design, SSL is usually implemented on top of any of the Transport Layer protocols, encapsulating the application-specific protocols; such as HTTP to form HTTPS Cryptography & Secure Transactions
SSL: How it Works A SSL client (browser) and server (web server) negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters used to establish the connection's security. The handshake begins when a client connects to a SSL-enabled server requesting a secure connection, and presents a list of supported CipherSuites (ciphers and hash functions). From this list, the server picks the strongest cipher and hash function that it also supports and notifies the client of the decision. The server sends back its identification in the form of a digital certificate. The certificate usually contains the server name, the trusted certificate authority (CA), and the server's public encryption key. Cryptography & Secure Transactions
SSL: How it Works In order to generate the session keys used for the secure connection, the client encrypts a random number (RN) with the server's public key (PbK), and sends the result to the server. Only the server should be able to decrypt it (with its private key (PvK)): this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data. The client knows PbK and RN, and the server knows PvK and (after decryption of the client's message) RN. A third party may only know RN if PvK has been compromised. From the random number, both parties generate key material for encryption and decryption. This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the key material until the connection closes. If any one of the above steps fails, the SSL handshake fails, and the connection is not created. Cryptography & Secure Transactions
SET Architecture
End Web Site User
Payment Credit Gateway Card Company