PKI.pptx
- 2. Traditional Commerce Electronic Commerce Type of Commerce 2
- 3. Traditional Commerce In the traditional way; The fact that a document is written, original, and sealed is the reason for its validity. The parties negotiate and sign documents phisically. 3
- 4. E-commerce means sharing information, maintaining commercial communications, and conducting commercial exchanges through communication networks. One of the important infrastructures of e-commerce is creating a safe space for exchanging commercial data in the cyber environment. E-commerce models are: G2G G2C G2B B2B C2C B2C 4 Electronic Commerce
- 5. Security Attacks Security Services Security Mechanism Requirements 5 Safe Commerce Requirements
- 14. Privacy Authentication Integrity None Repudiation P.A.I.N. 14 E-commerce Security
- 15. 15 Cryptography
- 16. Cryptography is a science that encrypts data using mathematics and can return it to its normal state again. This science realizes the possibility of storing information as well as transferring information on an insecure medium. Encryption is done using mathematical algorithms. In a system, the message is encrypted at the source. After that, the encrypted message is transferred to the receiver and there it is decoded to get the original message. 16 Cryptography
- 18. Symmetric Algorithms In secret key encryption, which is known as symmetric encryption, a key is used to encrypt and decrypt the message. Therefore, the sender and receiver of the message must have a common secret, which is the key. Des. Triple Des and AES are the famous ones, it have so many usages in financial systems for Credit card PINs and Telecommunications systems. 18
- 19. It is used to encrypt a large amount of information. when used together with a Digital certificate; It keeps information confidential. when used with an electronic signature; It guarantees the integrity of the message. 19 Symmetric algorithms Usages
- 21. Symmetric keys must be distributed through a secure channel and must be changed periodically. Example: n*(n-1)/2 Parties Needed Keys 4 6 6 15 12 66 1000 499500 21 Key Managment
- 22. Pros High-Speed encryption and decryption Fast key generation Cons Multiplicity of keys for members of each relationship Distributing the key between the communication parties Usages Encrypting a large amount of information when stored on an insecure medium Data encryption when transmitted over insecure media 22 Symmetric algorithms
- 23. Asymmetric Algorithms This method uses two keys. One key is for encryption and another is for decryption. Two keys are mathematically related in such a way that the data encrypted with each one can be decrypted with the other. Each user has two keys : Public Key and Private Key. 23
- 26. Prons No need to distribute and send private keys Cons Low speed in high data volume The complexity of key generation Usages In electronic signature technology 26 Asymmetric algorithms Translation results In electronic signature technology Translation results In electronic signature technology
- 27. To encrypt the data for each participating party, only the public key of that participant is needed, as a result, only the confirmation of the public key of the participants is required. The most important features of the asymmetric technique are non-repudiation, electronic signature, and confirmation of the correct data source. 27 Asymmetric algorithms
- 28. Hash algorithms, unlike the two mentioned algorithms, do not use keys and perform one-way encryption on information. The performance of these functions on the data is such that by applying a Hash function on a text, an abstract or digest of the text is obtained. 28 Hash Algorithms
- 30. Hash is a process that mathematically reduces the volume of a stream of data to a fixed length. (usually 128 or 160 bits) The hash function is similar to a person's fingerprint. . 30 Hash Algorithms
- 32. • It is not possible to deduce the input from the output. • It is not possible to find two inputs that produce the same output. 32 Hash Algorithms
- 33. Pros • No need to generate and send a key • High Speed Cons • Guarantee the integrity of the message 33 Hash Algorithms
- 35. تعريف •Digital Signature – It is not like a handwritten signature. – It is always different. – It is based on encryption. •Manual Signature –It almost always looks the same. –It can be faked. 35 Digital Signature
- 36. Message Hash Function Message Digest hash algorithm Message Digital Signature Digital Signature Sender Private Key Encrypted Digest 160 bit Value 36 Digital Signature
- 39. Alice BOB Alice PVK Packet BOB PBK BOB PVK P Random Key Random Key ALICE PBK ؟ 39 Digital Signature & Confidentiality
- 40. Alice Packet BOB PBK BILL PBK TOM PBK BOB PVK BILL PVK TOM PVK 40 Sending for multiple recipients
- 41. It is issued and signed by a trusted entity. It is based on the identity confirmation made by a center. It contains a set of information and the public key of a person or organization. Its use is recorded in the certificate. It has a specific and limited validity period. Digital Certificate
- 42. There are centers that are responsible for issuing, protecting, publishing, and revoking digital certificates. The public keys of these companies are located in Internet browsers by default. Verification of people's identity is done hierarchically: Root Certificate Authority Root CA • Sub CA • Registration Authority RA Certification Authority
- 43. RA RA RA RA RA Certificate request Root CA CRL Valid Intermediate CA Intermediate CA CA & RA
- 44. CA Responsibilities Certificate Generation Certificate Issuance Certificate Relocation Certificate Renewal Database management Compilation of security policies
- 48. Certificate Life Cycle 48 CA RA End Entity Directory Services Verification of Applicant Certificate Archiving Certificate Expiration Certificate Revocation Certificate Publication Certificate Generation
- 50. 50 Hardware Security Module Hardware security modules (HSM) perform cryptographic operations, protected by hardware (PCI boards, SCSI boxes, smart cards, etc.) These operations include: Random number generation Key generation (asymmetric and symmetric) Private key hiding (security) from attack (no unencrypted private keys in software or memory) Private keys used for signing and decryption Private keys used in PKI for storing Root Keys
- 51. 51 Why HSM? A number of public key operations require the use of private keys as part of various processes: Cryptographically or digitally signing an object, a file, etc. Decrypting an encrypted object or file These processes happen in active memory, which is vulnerable to attack and copying of a private key in open use, unencrypted