Cryptography & Internet Security CRYPTOGRAPHY & INTERNET SECURITY Cryptography & Secure Transactions Cryptography Encrypt before sending, decrypt on receiving (plain text and cipher text) Cryptography & Secure Transactions Cryptography All cryptosystems are based only on three Cryptographic Algorithms: Message Digest (MD2-4-5, SHA, SHA-1, …) Maps variable length plaintext into fixed length ciphertext No key usage, computationally infeasible to recover the plaintext Private KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …) Encrypt and decrypt messages by using the same Secret Key Public KEY (DSA, RSA, …) Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together) Cryptography & Secure Transactions Cryptography Two components: key, and the algorithm Algorithms are publicly known and Secrecy is in the Key Key distribution must be secure Plaintext Encryption Ciphertext Decryption Plaintext Hello World &$*£(“!273 Hello World Key Key Cryptography & Secure Transactions Cryptography Symmetric Key Cryptography (DES, Triple DES, RC4): KE = KD Asymmetric Key Cryptography (RSA): KE ¹ KD Cryptography & Secure Transactions Private Key Cryptography The Sender and Receiver share the same Key which is private Plaintext Encryption Ciphertext Decryption Plaintext Sender/Receiver’s Sender/Receiver’s Private Key Private Key Diffie-Hellman Key Exchange Algorithm Cryptography & Secure Transactions Public Key Cryptography Both the Sender and Receiver have their Private Key and Public Key Messages are encrypted using receiver’s Public Key and the receiver decrypts it using his/her Private Key Plaintext Encryption Ciphertext Decryption Plaintext Receiver’s Public Key Receiver’s Private Key Cryptography & Secure Transactions Digital Signature Message Message Digest Digest Hash Function Hash Function Algorithm Algorithm Digest Public Key Private Key Encryption Decryption Signature Expected Actual Digest Digest Cryptography & Secure Transactions Digital Certificate HTTPS communication is done using Public Key Cryptography The public Keys are distributed using Digital Certificates Digital Certificates contain the Public Key and is digitally signed by a trusted Certificate Authority (CA) like Verisign or Thawte Cryptography & Secure Transactions Digital Certificate CERTIFICATE Issuer Subject Subject Public Key Issuer Digital Signature Cryptography & Secure Transactions SSL Transport Layer Security (TLS) and Secure Socket Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. SSL encrypts the segments of network connections at the Transport Layer end-to-end. SSL authentication is unilateral: only the server is authenticated (the client knows the server's identity), but not vice versa (the client remains unauthenticated or anonymous). In applications design, SSL is usually implemented on top of any of the Transport Layer protocols, encapsulating the application-specific protocols; such as HTTP to form HTTPS Cryptography & Secure Transactions SSL: How it Works A SSL client (browser) and server (web server) negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters used to establish the connection's security. The handshake begins when a client connects to a SSL-enabled server requesting a secure connection, and presents a list of supported CipherSuites (ciphers and hash functions). From this list, the server picks the strongest cipher and hash function that it also supports and notifies the client of the decision. The server sends back its identification in the form of a digital certificate. The certificate usually contains the server name, the trusted certificate authority (CA), and the server's public encryption key. Cryptography & Secure Transactions SSL: How it Works In order to generate the session keys used for the secure connection, the client encrypts a random number (RN) with the server's public key (PbK), and sends the result to the server. Only the server should be able to decrypt it (with its private key (PvK)): this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data. The client knows PbK and RN, and the server knows PvK and (after decryption of the client's message) RN. A third party may only know RN if PvK has been compromised. From the random number, both parties generate key material for encryption and decryption. This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the key material until the connection closes. If any one of the above steps fails, the SSL handshake fails, and the connection is not created. Cryptography & Secure Transactions SET Architecture End Web Site User Payment Credit Gateway Card Company.