SlideShare a Scribd company logo

Secrity project keyvan

Download as PPTX, PDF
I
itrraincity

1. Cryptography is used to provide security in electronic commerce by ensuring privacy, authenticity, and preventing forgery, alteration, eavesdropping and tracing of messages. 2. There are two main types of cryptography - symmetric which uses the same key for encryption and decryption, and asymmetric (public key) which uses different keys for encryption and decryption. 3. Common symmetric algorithms are DES and AES while RSA is an example of an asymmetric algorithm commonly used for digital signatures and encryption.

1 of 51
Downloaded 23 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
1
Security in Electronic CommerceKeyvan vahidyGraduate studentCollage nooretoubaStno:88610971389
abstract
mechanismsCryptographyCryptographyPrinciples of encryption, the encryptionGoals of CryptographyPrivacyAuthenticityDetermines who canread the messageDetermines who canwrite the messagePrevent forgery
Prevent alteration
Prevent eavesdropping
Prevent tracingMechanisms Cryptography types
Type Method SymmetricCryptography Symmetric Key to encrypt, decrypt equalMethod Symmetric two type:Stream cipherBlock cipher
Type Method SymmetricBlock cipherStream cipher
Type Method SymmetricStream cipher a string of data to continuously receive the encryptedStream advantages:DiffusionImmunity insertations & modificationsStream disadvantages.:Slow encryptionError propagation
Type Method SymmetricBlock cipher Into every block of data to which the blocks are individually passwordBlock advantages:Speed of transformationLow error propagationBlock disadvantages.:Low diffusionMalicious insertations & modifications possible
Encryption algorithms for securityTwo kinds of widely known Encryption algorithms :DESAES
Data Encryption Standard (DES)Released by NBS in 1976, based on ‘Lucifer’Combination of substitution and transposition16 iterations with 56-bit key (64)Based on diffusion and confusion (Shannon)Supported then adopted by NSACan be broken (in 22 hours, parallel attack)Key length dilemma, new algorithm to be AES
Data Encryption Standard (DES)Firstly the IP (explained below) is applied to the 64 bit plaintext. The result is then divided into two 32 bit halves, named L0 and R0. Then, the following happens 16 times:Key transformation number i (a permutation, but dropping 8 bits off - defined in the specification) is applied to the key to produce 48 bits.Apply the function f(Ri,Ki+1) (explained below) to produce a 32 bit output.Exclusive OR Li and f(Ri,Ki+1), and call this Ri+1.Make Li+1 = Ri
Data Encryption Standard (DES)
RSA Encryption1978. By Rivest-Shamir-Adelman ) is a popular asymmetric key encryption standard.Difficulty of determinating prime factorsIt is based on number theory (more specifically the difficulty in factorizing a large number).The key size ranges between 512 and 2048 bits.It is used in many e-commerce applications such as the Secure Electronic Transaction (SET) protocol for credit card payment.
RSA EncryptionPicks two large prime numbers p and qMultiplies p and q to obtain nChooses d, such that d and w=(p-1)(q-1)are relatively prime (no common factor).Chooses e such that 1 = d x e mod wPublic key is: <e, n>Private key is: <d, n>Message code m, secret code cc = memod nm = cd mod n
Public KeyOnly the decryption key is kept secret. The encryption key is made public.Each user has two keys, one secret and one public.Public keys are maintained in a public directory.To send a message M to user B, encrypt using the public key of B.B decrypts using his secret key.Signing MessagesFor a user Y to send a signed message M to user X.Y encrypts M using his secret key.X decrypts the message using Y’s public key.
Public Key
Public Key Infrastructure(PKI)A set of technologies and procedures to enable electronic authenticationUses public key cryptography and digital certificatesCertificate life-cycle management
Public Key Infrastructure(PKI)Many products from many vendors are available for certificate issuance and some management functionsInteroperability is a big issue -- especially when it comes to policiesEnabling the use of PKI in applications is limited todayBuilding and managing policies is the least understood issue
Public Key Infrastructure(PKI)Authentication and registration of certificate applicantsSystem administration and access to signing keysApplication use and interfacingTrust between hierarchiesTrust decisions to be made at different points within the application need different viewsCertificate fields, authorization and allowed use is really the hardest issueAuthorization policies for management of CAs and RAs
Public Key Infrastructure(PKI)
Message authentication code (MAC)
Malicious programs
VirusesUnauthorized software being runGamesWidely distributed softwareSharewareFreewareDistributed software
Trojan horseA Trojan horse, or Trojan, is that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system
computer worma computer worm is a self-replicating. It uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwith, whereas viruses almost always corrupt or modify files on a targeted computer
FirewallsA firewall is a barrier placed between the private network and the outside world.All incoming and outgoing traffic must pass through it.Can be used to separate address domains.Control network traffic.Cost: ranges from no-cost (available on the Internet) to $ 100,000 hardware/software system.Types:Router-BasedHost BasedCircuit Gateways
View of a Firewall
Firewall Types(Router-Based)
Firewall Types(Host-Based)
Secure ProtocolsHow to communicate securely:SSL – “the web security protocols”IPSEC – “the IP layer security protocol”SMIME – “the email security protocol”SET – “credit card transaction security protocol”S-HTTP – “Secure Hypertext Transfer Protocol”Others …
SSLNegotiates and employs essential functions for secure transactions
Mutual Authentication
Data Encryption
Data Integrity
Operates between application and transport layersWeb ApplicationsHTTPNNTPFTPTelnetFutureAppsEtc.SSLTCP/IP
SSL and Security Attacks
IP SEC
SMIME
SETSET standard two companies by VISA, Master card with the aim of ensuring security in the credit transaction year 1997 was introducedPrivacy information: credit card numbers of buyers see the seller remains hidden (using DES)Cardholder authentication: digital signatures with certificates X.509v3Authentication vendor: Digital signature certificate X.509v3
Goal SETMaintain confidentiality and purchase order payment informationOwner authentication Azaynrvkh cardholder authentication of a legitimate user is using a credit card accountMaintain the integrity of data transferred kidneyEnsure the safety of data transferred allSeller to provide authentication for the transactionEnsure the best security techniques and systems designed to protect all existing laws on electronic commerce transactions
Dual Signature(SET)
S-HTTPSecurity on application layerProtection mechanism:Digital SignatureMessage authenticationMessage encryptionSupport private & public key cryptographEnhanced HTTP data exchange
S-HTTPOperate on application layerEncryption and digital signatureWork only with (HTTP)Application dependantMore secure than SSL at end point even after data transferNo particular cryptographic systemMultiple times encryption
Electronic Mail SecurityE-mail is the most widely used application in the Internet.Who wants to read your mail ?Business competitorsReporters,CriminalsFriends and FamilyTwo approaches are used:PGP: Pretty Good PrivacyPEM: Privacy-Enhanced Mail
E-mail Security(PGP)Available free worldwide in versions running on:DOS/WindowsUnixMacintoshBased on:RSAIDEAMD5
E-mail Security(PEM)A draft Internet Standard (1993).Used with SMTP.Implemented at application layer.Provides:Disclosure protectionOriginator authenticityMessage integrity
Transaction Security
Agents participating in a Transaction

More Related Content

PPT
Lecture 6 web security
rajakhurram
 
PPT
Security
majstors
 
PDF
Web Security
Dr.Florence Dayana
 
PPTX
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
PPTX
Web Security
Dipika Bambhaniya
 
PPTX
E-commerce- Security & Encryption
Biroja
 
PPT
Online security & encryption
Qamar Farooq
 
DOCX
S/MIME
maria azam
 
Lecture 6 web security
rajakhurram
 
Security
majstors
 
Web Security
Dr.Florence Dayana
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
Web Security
Dipika Bambhaniya
 
E-commerce- Security & Encryption
Biroja
 
Online security & encryption
Qamar Farooq
 
S/MIME
maria azam
 

What's hot (20)

PDF
Network security unit 4,5,6
WE-IT TUTORIALS
 
PPTX
Internet Security
JainamParikh3
 
PPT
Web Security
Ram Dutt Shukla
 
PPSX
Web security for e-commerce
Nishant Pahad
 
PDF
Network security unit 1,2,3
WE-IT TUTORIALS
 
PPT
Websphere - Introduction to ssl part ii
Vibrant Technologies & Computers
 
PPT
Ch08 Authentication
Information Technology
 
PPTX
Final ppt ecommerce
priyanka Garg
 
PPTX
web security
Chirag Patel
 
PDF
Network Security Applications
Hatem Mahmoud
 
PPTX
Threshold cryptography
Mohibullah Saail
 
PPTX
Security in E-commerce
m8817
 
PDF
8 Authentication Security Protocols
guestfbf635
 
PDF
Cscu module 04 data encryption
Sejahtera Affif
 
PPTX
Network Security Practices-Authentication application
Gayathridevi120
 
PPT
Pgp
Reham Maher El-Safarini
 
PDF
Security issue in e commerce
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
DOC
Social Engg. Assignment it17 final (1)
rosu555
 
PPT
SSl and certificates
Netri Chowdhary
 
PPTX
Digital signatures and e-Commerce
Naveen Jakhar, I.T.S
 
Network security unit 4,5,6
WE-IT TUTORIALS
 
Internet Security
JainamParikh3
 
Web Security
Ram Dutt Shukla
 
Web security for e-commerce
Nishant Pahad
 
Network security unit 1,2,3
WE-IT TUTORIALS
 
Websphere - Introduction to ssl part ii
Vibrant Technologies & Computers
 
Ch08 Authentication
Information Technology
 
Final ppt ecommerce
priyanka Garg
 
web security
Chirag Patel
 
Network Security Applications
Hatem Mahmoud
 
Threshold cryptography
Mohibullah Saail
 
Security in E-commerce
m8817
 
8 Authentication Security Protocols
guestfbf635
 
Cscu module 04 data encryption
Sejahtera Affif
 
Network Security Practices-Authentication application
Gayathridevi120
 
Pgp
Reham Maher El-Safarini
 
Security issue in e commerce
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
Social Engg. Assignment it17 final (1)
rosu555
 
SSl and certificates
Netri Chowdhary
 
Digital signatures and e-Commerce
Naveen Jakhar, I.T.S
 
Ad

Viewers also liked (8)

PPTX
[Elite YM] Corporate PR - Bich Van & Hoang Lan
Lân Nguyễn
 
PPTX
Social Implications and Ethics
kelseybee316
 
PDF
W Lan Userguide
mvde3000
 
PPT
Chap5pp
swinginchandra
 
PPTX
Supervision training for volunteers and novis supervisors
Imke WoodT&C
 
PDF
Penguatan Etika Publik: Innovating Ethics in Public Administration
Tri Widodo W. UTOMO
 
PPTX
RFID security ppt
Sandeep Singh
 
PPT
Wireless security presentation
Muhammad Zia
 
[Elite YM] Corporate PR - Bich Van & Hoang Lan
Lân Nguyễn
 
Social Implications and Ethics
kelseybee316
 
W Lan Userguide
mvde3000
 
Chap5pp
swinginchandra
 
Supervision training for volunteers and novis supervisors
Imke WoodT&C
 
Penguatan Etika Publik: Innovating Ethics in Public Administration
Tri Widodo W. UTOMO
 
RFID security ppt
Sandeep Singh
 
Wireless security presentation
Muhammad Zia
 
Ad

Similar to Secrity project keyvan (20)

PPTX
Encryption in Cryptography
Uttara University
 
PPT
Cryptography
amiable_indian
 
PPTX
Chapter 2 System Security.pptx
RushikeshChikane2
 
PPT
Ch12(revised 20071226)
華穗 徐
 
PPT
Computer Systems Security
drkelleher
 
PPT
Computersystemssecurity 090529105555-phpapp01
Miigaa Mine
 
PDF
International Refereed Journal of Engineering and Science (IRJES)
irjes
 
PPTX
IS-Crypttools.pptx
V.V.Vanniaperumal College for Women
 
PPT
Cryptographysecurity 1222867498937700-9
muthulx
 
PDF
Communications Technologies
Sarah Jimenez
 
PPT
Websphere - About Websphere ssl part ii
Vibrant Technologies & Computers
 
PDF
Nt1310 Unit 6 Powerpoint
Janet Robinson
 
DOCX
APPLICATION LAYER Networking refers to the practice of connecting computers, ...
AyushSingh484158
 
PPT
PKI_Applications digital certificate.ppt
ubaidullah75790
 
PPTX
Network Security and Cryptography
Manjunath G
 
PPT
security issue
JAINIK PATEL
 
PPTX
E banking security
Iman Rahmanian
 
PDF
Network Security
Beth Hall
 
PDF
How encryption works
RaxTonProduction
 
PDF
VULNERABILITIES OF THE SSL/TLS PROTOCOL
cscpconf
 
Encryption in Cryptography
Uttara University
 
Cryptography
amiable_indian
 
Chapter 2 System Security.pptx
RushikeshChikane2
 
Ch12(revised 20071226)
華穗 徐
 
Computer Systems Security
drkelleher
 
Computersystemssecurity 090529105555-phpapp01
Miigaa Mine
 
International Refereed Journal of Engineering and Science (IRJES)
irjes
 
IS-Crypttools.pptx
V.V.Vanniaperumal College for Women
 
Cryptographysecurity 1222867498937700-9
muthulx
 
Communications Technologies
Sarah Jimenez
 
Websphere - About Websphere ssl part ii
Vibrant Technologies & Computers
 
Nt1310 Unit 6 Powerpoint
Janet Robinson
 
APPLICATION LAYER Networking refers to the practice of connecting computers, ...
AyushSingh484158
 
PKI_Applications digital certificate.ppt
ubaidullah75790
 
Network Security and Cryptography
Manjunath G
 
security issue
JAINIK PATEL
 
E banking security
Iman Rahmanian
 
Network Security
Beth Hall
 
How encryption works
RaxTonProduction
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
cscpconf
 

Secrity project keyvan

  • 1. 1
  • 2. Security in Electronic CommerceKeyvan vahidyGraduate studentCollage nooretoubaStno:88610971389
  • 4. mechanismsCryptographyCryptographyPrinciples of encryption, the encryptionGoals of CryptographyPrivacyAuthenticityDetermines who canread the messageDetermines who canwrite the messagePrevent forgery
  • 7. Prevent tracingMechanisms Cryptography types
  • 8. Type Method SymmetricCryptography Symmetric Key to encrypt, decrypt equalMethod Symmetric two type:Stream cipherBlock cipher
  • 9. Type Method SymmetricBlock cipherStream cipher
  • 10. Type Method SymmetricStream cipher a string of data to continuously receive the encryptedStream advantages:DiffusionImmunity insertations & modificationsStream disadvantages.:Slow encryptionError propagation
  • 11. Type Method SymmetricBlock cipher Into every block of data to which the blocks are individually passwordBlock advantages:Speed of transformationLow error propagationBlock disadvantages.:Low diffusionMalicious insertations & modifications possible
  • 12. Encryption algorithms for securityTwo kinds of widely known Encryption algorithms :DESAES
  • 13. Data Encryption Standard (DES)Released by NBS in 1976, based on ‘Lucifer’Combination of substitution and transposition16 iterations with 56-bit key (64)Based on diffusion and confusion (Shannon)Supported then adopted by NSACan be broken (in 22 hours, parallel attack)Key length dilemma, new algorithm to be AES
  • 14. Data Encryption Standard (DES)Firstly the IP (explained below) is applied to the 64 bit plaintext. The result is then divided into two 32 bit halves, named L0 and R0. Then, the following happens 16 times:Key transformation number i (a permutation, but dropping 8 bits off - defined in the specification) is applied to the key to produce 48 bits.Apply the function f(Ri,Ki+1) (explained below) to produce a 32 bit output.Exclusive OR Li and f(Ri,Ki+1), and call this Ri+1.Make Li+1 = Ri
  • 16. RSA Encryption1978. By Rivest-Shamir-Adelman ) is a popular asymmetric key encryption standard.Difficulty of determinating prime factorsIt is based on number theory (more specifically the difficulty in factorizing a large number).The key size ranges between 512 and 2048 bits.It is used in many e-commerce applications such as the Secure Electronic Transaction (SET) protocol for credit card payment.
  • 17. RSA EncryptionPicks two large prime numbers p and qMultiplies p and q to obtain nChooses d, such that d and w=(p-1)(q-1)are relatively prime (no common factor).Chooses e such that 1 = d x e mod wPublic key is: <e, n>Private key is: <d, n>Message code m, secret code cc = memod nm = cd mod n
  • 18. Public KeyOnly the decryption key is kept secret. The encryption key is made public.Each user has two keys, one secret and one public.Public keys are maintained in a public directory.To send a message M to user B, encrypt using the public key of B.B decrypts using his secret key.Signing MessagesFor a user Y to send a signed message M to user X.Y encrypts M using his secret key.X decrypts the message using Y’s public key.
  • 20. Public Key Infrastructure(PKI)A set of technologies and procedures to enable electronic authenticationUses public key cryptography and digital certificatesCertificate life-cycle management
  • 21. Public Key Infrastructure(PKI)Many products from many vendors are available for certificate issuance and some management functionsInteroperability is a big issue -- especially when it comes to policiesEnabling the use of PKI in applications is limited todayBuilding and managing policies is the least understood issue
  • 22. Public Key Infrastructure(PKI)Authentication and registration of certificate applicantsSystem administration and access to signing keysApplication use and interfacingTrust between hierarchiesTrust decisions to be made at different points within the application need different viewsCertificate fields, authorization and allowed use is really the hardest issueAuthorization policies for management of CAs and RAs
  • 26. VirusesUnauthorized software being runGamesWidely distributed softwareSharewareFreewareDistributed software
  • 27. Trojan horseA Trojan horse, or Trojan, is that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system
  • 28. computer worma computer worm is a self-replicating. It uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwith, whereas viruses almost always corrupt or modify files on a targeted computer
  • 29. FirewallsA firewall is a barrier placed between the private network and the outside world.All incoming and outgoing traffic must pass through it.Can be used to separate address domains.Control network traffic.Cost: ranges from no-cost (available on the Internet) to $ 100,000 hardware/software system.Types:Router-BasedHost BasedCircuit Gateways
  • 30. View of a Firewall
  • 33. Secure ProtocolsHow to communicate securely:SSL – “the web security protocols”IPSEC – “the IP layer security protocol”SMIME – “the email security protocol”SET – “credit card transaction security protocol”S-HTTP – “Secure Hypertext Transfer Protocol”Others …
  • 34. SSLNegotiates and employs essential functions for secure transactions
  • 38. Operates between application and transport layersWeb ApplicationsHTTPNNTPFTPTelnetFutureAppsEtc.SSLTCP/IP
  • 41. SMIME
  • 42. SETSET standard two companies by VISA, Master card with the aim of ensuring security in the credit transaction year 1997 was introducedPrivacy information: credit card numbers of buyers see the seller remains hidden (using DES)Cardholder authentication: digital signatures with certificates X.509v3Authentication vendor: Digital signature certificate X.509v3
  • 43. Goal SETMaintain confidentiality and purchase order payment informationOwner authentication Azaynrvkh cardholder authentication of a legitimate user is using a credit card accountMaintain the integrity of data transferred kidneyEnsure the safety of data transferred allSeller to provide authentication for the transactionEnsure the best security techniques and systems designed to protect all existing laws on electronic commerce transactions
  • 45. S-HTTPSecurity on application layerProtection mechanism:Digital SignatureMessage authenticationMessage encryptionSupport private & public key cryptographEnhanced HTTP data exchange
  • 46. S-HTTPOperate on application layerEncryption and digital signatureWork only with (HTTP)Application dependantMore secure than SSL at end point even after data transferNo particular cryptographic systemMultiple times encryption
  • 47. Electronic Mail SecurityE-mail is the most widely used application in the Internet.Who wants to read your mail ?Business competitorsReporters,CriminalsFriends and FamilyTwo approaches are used:PGP: Pretty Good PrivacyPEM: Privacy-Enhanced Mail
  • 48. E-mail Security(PGP)Available free worldwide in versions running on:DOS/WindowsUnixMacintoshBased on:RSAIDEAMD5
  • 49. E-mail Security(PEM)A draft Internet Standard (1993).Used with SMTP.Implemented at application layer.Provides:Disclosure protectionOriginator authenticityMessage integrity
  • 51. Agents participating in a Transaction
  • 52. Agents participating in a TransactionFinancial Audit Institute (Acquirer): A financial institution required with the following tasks:Open an Account for SellersCeiling set and enabled them credit cardsDeposit amount received by the card vendor accountPayment Gateway (Payment Gateway): processing messages and vendor payments by the Acquirer or the third personReference Certification (CA): X509 certificate issuer for cards owners, sellers, and payment gateway
  • 53. Payment GatwayVerify all certificatesDecrypt the digital license to obtain and decrypt the symmetric key blockVerify the sign vendorDecrypt digital pay to obtain and decrypt the symmetric key blockVerify the signature block double paymentRequested and received permission Sender
  • 57. Thank you for your attention dear