Encryption and Its Application to E

advertisement
Encryption and Its Application to E-commerce
The following steps will lead you to a better understanding of the whole literature:
1. Realize the major concerns in e-commerce are confidentiality, integrity,
authenticity, and non-repudiation.
2. Understand major difference the public key encryption from symmetric key
encryption is that it used two keys - public key and private key. This provides great
convenience in key deployment and other security service features.
3. Know how confidentiality, integrity and authenticity services are provided using a
public key encryption scheme, such as RSA.
4. Know what digital signature (DS) is and how to create a DS.
5. Add knowledge from 3 and 4 together you will understand how a workable
authentication and secure transmission system can be implemented
6. Understand that we need a trusted third party (TTP) to issue digital certificate. This
TTP is a certificate authority (CA). CA uses its own private key to send the digital
certificate to users for authentication purposes.
7. Know that e-commerce is mainly based on the web, so that we need secure socket
layer (SSL) and S-HTTP to secure data transmissions. Also we need security
electronic transaction (SET) for payment transactions.
Brief Q/As:
1. Review the definitions of confidentiality, integrity, authenticity, and nonrepudiation in the slides.
2. Review the definition of encryption, symmetric key encryption, and public key
encryption.
3. How confidentiality is implemented using encryption?
Answer: A sender can use the receiver's public key to encrypt the message. Then receiver
uses his/her private key to decrypt the message. Since public keys are publicly accessible,
there is no problem to do so. The problem is now how the receiver knows the message is
really sent by the sent as it is claims. This is an authentication issue.
4. How authentication is implemented using encryption?
Answer: A sender can use his/her own private key to encrypt the message. Then the
receiver uses the sender's public key to decrypt the message. The problem is that anyone
else can release the message contents. Therefore, a combination of the two approaches
can be used to create a encryption system that provides both confidentiality and
1
authenticity services. The reversibility of public key encryption plays an important role in
these applications.
5. How is a digital signature generated?
DS is used to provide authentication service for sending message from one user to
another. Two steps are needed: 1) using hash algorithm to generate a digest from the
message to be sent, 2) using sender's private key to encrypt the digest. The encrypted
digest then becomes the sender's digital signature.
6. What service can a digital signature provide for a secure transmission?
1) Authenticity, and 2) Integrity.
7. What is a workable secure transmission scheme?
The following diagram shows how Alice can send a message to Bob with three security
features:
1) confidentiality 2) Integrity and 3) authenticity.
Message
5
Alice
Bob
4
1
3
6
7
2
Step1: Alice uses the Hash algorithm to extract a fix-sized data block, called digest
Step2: Alice uses her own private key to encrypt the digest to generate her digital
signature.
Step3: Alice encrypts the message and digital signature together using Bob's public key.
Step 4: Bob decrypts the encrypted message received from the network using his private
key.
Step 5: Bod uses the same Hash algorithm to generate a digest from the message he
received.
Step 6: Bob uses Alice's public key to decrypt the digital signature and obtains the digest
created by Alice.
2
Step 7: Bob compares the two digests, one sent by Alice and another generated from the
message by him. If they match, the message is original.
So, Step 2 and Step 6 are designed for authentication. Step 3 and 4 are designed for
condifentiality. Step 1, 5, and 7 is for integrity purpose.
Key points:
1) Some information is encrypted twice and decrypted twice. This is for digital signature
2) Hash algorithm is used for extracting information to a fix-size data block. Hash
algorithm can uniquely convert a file to another one. The converted file could match
more than one original files. However, if someone want to recover the oginal from the
digest file it is computationally impossible. This means practically it is not possible
for find a file that can be converted to the same digest as is generated from another
file.
8. Whether the above scheme safe enough? How can we improve it?
Not secure enough. It is because both Alice and Bob need their counterpart's public key.
How can Bob tell if a public key claimed being sent by Alice is really sent by Alice?
Someone else may pretend to be Alice and send Bob a fake public key. Then all
messages Bob receives could be actually sent by the third person and Bob would never
know this. In the similar way, Alice may send the message to another person pretending
to be Bob. Therefore, we need a Trusted Third Party (TTP) to help them. The TTP
here is called certificate authority (CA). CA creates and manages keys for Bob and
Alice. When Alice and Bob request the keys, CA generates the keys and sends digital
certificates to Bob and Alice respectively. Bob and Alice can search for their
counterpart's public key from the CA's web site.
Another issue is CA must guarantee the authenticity of the digital certificate issuance. So,
the CA can use its own private key to send digital certificates to Bob and Alice. Bob and
Alice and verify the authenticity using the CA's public key that is downloadable form the
CA's site.
So far we have linked major concepts in encryption/decryption together. We need to see
how the above mechanism can be applied to real e-commerce applications.
9. How is the above mechanism used in e-commerce?
SSL and S-http are based on the above mechanism. SSL runs between http and TCP. Shttp replaces regular http protocol. SET is operated on upper level of these two protocols
with application-oriented features. (see the figure)
3
PGP
S/MIME
SET
HTTP or
S-HTTP
FTP
SSL or TLS
TCP
IP/IPSec
4
SMTP
Download