SLIDE

Cryptography & E-Commerce

Keeping your Secrets secret!
Some simple yet secure cipher, easily acquired and easily read, should be introduced by which messages might to all intents and purposes be sealed to any person but the recipient

Quarterly Review 1853,

1

[The Victorian Internet, Tom Standage]

University of Glamorgan

 SLIDE WEB

Cryptography & E-Commerce

Keeping your secrets secret! In this lecture we shall Examine the history of encryption and the role that encryption plays in a modern society. Examine the following concepts relate to e-commerce.

Symmetric and asymmetric encryption

Public-Key and Private-Key encryption system

University of Glamorgan

 SLIDE

Why use Cryptography?

Three possible worries facing an e-commerce customer are; If I transmit a credit card number over the internet can people other then the recipient read it? If I agree to pay 400 for goods can this information be captured and changed? I am buying something from company X is it really company X?

This raise three important Information Security issues : Confidentiality: protecting information from unauthorised disclosure; Integrity: protecting information from unauthorised modification, and ensuring that information is accurate and complete; Authentication Ensuring the person you are making the transaction with who they say they are? We need to look at these in more depth
[Chan et al]

University of Glamorgan

 SLIDE WEB

Cryptography in e-commerce

Cryptography is used to fulfill the following functions.

Confidentiality (secrecy) The information contained in a message is only accessible by those people authorized to access it. Cryptography can be used to keep messages secret. E.g. If fields are encrypted on your computer, and the computer is stolen it would be very difficult to figure what's in the file.

Authentication It should be possible for the receiver of a message to ascertain its origins; a malicious user should not be able to masquerade as a merchant or customer. Cryptography can prove absolutely someones identity by sharing a secret piece of information. This can be accomplished using Digital signatures which we look at later.
University of Glamorgan 4

 SLIDE WEB

Cryptography in e-commerce

Cryptography is used to fulfill the following functions.

Integrity It should be possible for the receiver of a message to verify that it has not been modified in transit; a malicious user should not be able to substitute a false message for a legitimate one. Cryptographic protocols can support this by using algorithms which can detect the slightest change.

Non-repudiation A sender should not be able to falsely deny later that he/she sent a message. Cryptographic systems can support this using Digital signatures.

University of Glamorgan

 SLIDE WEB

History of Cryptography
Cryptography (from the Greek Kryptos hidden, graphia writing) has been around for a long time and can be traced back to ancient Egypt, Babylon , Greece.

First documented case Julius Cesars military code Mary Queen of Scots lost her life due to a coded message which was being smuggled out of prison being intercepted and decoded. World War II stimulated development of the development of secure communication and the task of breaking it (Station X, Bletchley Park) After World War II Cryptography viewed a military issues relating to secure communications. Until the last 15 years computing security was viewed as Trusted Computing Base and assurance levels* Cryptography is now thought as the key to a number of activities on the internet. Cryptography is a dual use technology civilian or military civilian use has probably eclipsed military use smart cards are encrypted to protect the contents, cryptography is used to scramble satellite signals etc.

An interesting point: Some of the best ciphers have been civilian efforts!
University of Glamorgan
*US DOD orange book standard

 SLIDE WEB

Cryptographic basics
Cryptography does for electronic information what locks and keys do for printed information. The information is scrambled so it can only be accessed using a key. A particular secret, a value or piece of text which is used with the chosen algorithm.

Encryption (Encipherment) - scrambles the message. Decryption (Decipherment) - restores the plaintext message.

University of Glamorgan

 SLIDE WEB

Basic Encryption Systems

Most simple encryption systems use one of two methods; Transposition - this involves rearranging bits characters or blocks, the values are preserved, only the positions change. th century B.C. Spartans in 5

Substitution This involves replacing a character with another and can have different levels of complexity sometime an alphabet may have multiple substitutions for a single letter etc., Examples of substitution systems are Caesar Cipher Enigma Machine

University of Glamorgan

 SLIDE WEB

The Caesar Substitution Cipher

The Caesar cipher is named after Julius Caesar, said to be the first to use it. In the Caesar cipher each character is substituted by another. This technique is called a monoalphabetic cipher.
Plaintext: Ciphertext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

Thus using a Caesar cipher, the message Mission Impossible would be encoded as AWGGWN WADCGGWPZS So what do the following ciphertexts mean ? 1) sbwuao 2) gpkioc 3) kohqv cih tcf pfihig
University of Glamorgan 9

 SLIDE WEB

A Simple Transposition Cipher

you live you learn In this simple transposition cipher the text is rearranged to encrypt the message. The text encrypted by entering it as two columns and then reading the columns downwards
Encryption System

yo ul iv ey ou le ar n

yuieolanolvyuer
University of Glamorgan 10

 SLIDE WEB

Types of Ciphers

A Simple Substitution cipher, or Monoalphabetic cipher, is one in which each character in the plain text is replaced with a corresponding character of cipher-text.
A Homophonic substitution cipher is like a simple substitution crypto-system, except that a single character of plaintext can map to one of several characters of ciphertext. For Example, A could correspond to 5, 14 and 147.

These types of ciphers where used as early as 1401 by the Duchy of Mantua.

A Polygram substitution cipher is one which blocks of characters are encrypted in groups. For Example, THE could correspond to RTQ.

The Playfair cipher is an example of this type of cipher and was used by the British in World War One.

A Polyalphabetic substitution cipher is made up of multiple monoalphabetic ciphers. The particular cipher used changes with the position of each character in the plain text.

These types of ciphers were used in the American Civil War by the Union.
University of Glamorgan 11

Asymmetric and Symmetric encryption

SLIDE WEB

There are two main types of cryptography symmetric and asymmetric algorithm Symmetric - (also known as private key, secret key, single key encryption). One key encrypts an decrypts the message. This key must be guarded carefully Main drawback of these algorithms is key exchange.

One form of symmetric algorithm which can be mathematically proved to be unbreakable is the one time pad this uses a secret key once, which is then thrown away. This is expensive and difficult to manage, due to the number of keys used.
University of Glamorgan 12

 SLIDE WEB

One time Pad

Digital Cipher The following example is of a one time pad cipher. The plain text message is in ASCII , the key is a random sequence as long as the message. The cipher uses an XOR operation (or binary addition for each set of digits, 0+0 =1 0+1=1, 1+1=0). Decryption uses the same system.

Truly random key same length as message

Plaintext key ciphertext

A 01000011 11010001 10010010

B 01000001 01111001 00111000

C 01000010 00101011 01101001

One time pads are unbreakable However if we use a limited length key the cipher could be broken by brute force. 33 bit key - 8 billion possibilities - 1 day on PC. 56 bit key - 3 thousand trillion possibilities - supercomputer is required.
University of Glamorgan 13

 SLIDE WEB

Symmetric Algorithms (1)

Encryption algorithm can be divided into two types block ciphers and stream ciphers. Two criteria to determine this;

Block size - Block cipher encrypts large blocks with complex encryption functions stream ciphers encrypts smaller blocks with a simple encryption function Key stream - a block cipher uses the same key in a single document a stream cipher encrypts under a constantly changing key secure of stream cipher s relies on the key stream generator design.

University of Glamorgan

14

 SLIDE WEB

Symmetric Algorithms (2)

There are a number of symmetric algorithms in use; Data Encryption Algorithm (Data Encryption Standard, DES) adopted by the US Government in 1977 and ANSI standard 1981 block algorithm (in feedback mode can act as a stream cipher)it uses a 56 bit key supposedly can be broken (US have just replaced the standard with Rijndael equivalent to 128 bit key, virtually unbreakable (at the moment!) Blowfish fast single block algorithm variable key length in public domain IDEA patented algorithm (hampers widespread use 128 bit secure) RC5 block cipher developed by Ronald Rivest (R in RSA)

University of Glamorgan

15

 SLIDE WEB

Asymmetric Encryption Systems (1)

Asymmetric encryption systems consist of two keys. One key will encrypt/decrypt the other using a one way function
If Key 1 was used last, then use Key2 If Key 2 was used last, then use Key1 1. Convert to number (a=1,b=2) 2. Subtract 5 3. obtain square

Plaintext A

Ciphertext Plaintext P Ciphertext

If Key 1 was used last, then use Key2 If Key 2 was used last, then use Key1

A simple example of a one way function this will encrypt the message in a way which cannot be reversed.

A pair of keys can generated using prime numbers and the modulus operator.
16

University of Glamorgan

 SLIDE WEB

Public & Private Key Systems

Asymmetric encryption systems are also known as Public / Private keys systems. Each user has two keys: a public key and a private key. The user publishes their public key freely as the keys operate as inverses. So If Alice wishes to send Bob a message;
1. 2. 3. Wendy downloads Bobs public Key and uses this to encrypt the messages Wendy then sends the message over the web, if intercepted. Can anyone read it ? No they cant! It can not be read be decrypted with Bobs Public key, only with Bobs Private key Bob received the message and uses his carefully guarded private key decrypts the message.

P = D(KPRIV , E(KPUB , P) )

That is a user can decode with a private key what someone else has encrypted with the corresponding public key.

University of Glamorgan

17

Encryption and E-commerce

There are an extensive number of applications relating to e-commerce which encryption make possible;

Certification authorities Cookies, SET, Shopping Carts, SSL Encryption, Hash algorithms e.g. MD5 Payment protocols iKP (IBM Zurich) (renamed to SEPP in conjunction with MasterCard). Millicent, SET (Secure Electronic Transaction; Visa and MasterCard) Digital Cash, Digital Certificates, Digital Wallets Cryptography is rarely a total solution as it translates the communications problem into a key management problem which then becomes a general computer security problem. Generally they are used for Encryption Digital signatures Integrity check functions (hashes)

University of Glamorgan

18

 SLIDE WEB

Security Requirements and Key Length

Trade off between security and ease of use Encryption adds a processing overhead to any transaction it should be used appropriately
Min key length 64 bits 80 bits 112 bits 128 bits

Security Requirements for Different Information Type of Traffic Lifetime Product announcements, interest rates Long-term business plans Trade secrets Identification of spies

days/weeks years decades > 50 years

An example is the use of both symmetric and asymmetric keys in a business environment

Symmetric keys are used for daily transactions Asymmetric keys are used to exchange new symmetric keys
University of Glamorgan 19

 SLIDE WEB

Cryptography and e-commerce

Examples

University of Glamorgan

20

 SLIDE WEB

Digital Signatures

digital signature is a protocol that produces the same effect as a real signature: it is a mark that only the sender can make, but other people can easily recognize as belonging to the sender. Just like read signatures, a digital signature is used to confirm agreement to a message. Digital signatures must meet two primary conditions: Unforgeable: If person P signs a message M with a signature S(P,M) it is impossible for anyone else to produce the pair [M, S(P, M)]. Authentic: If a person R receives the pair [M, S(P, M)] purportedly from P, R can check that the signature is really from P. Only P could have created this signature, and the signature is firmly attached to M. Two additional requirements are also desirable: Not alterable: After being transmitted, M cannot be changed by R or an interceptor. Not reusable: A previous message presented will be instantly detected by R.

011110100101101

University of Glamorgan

21

 SLIDE WEB

Symmetric Key Digital Signatures

With private key encryption, the secrecy of the key guarantees the authenticity of the message as well as secrecy. If Sandy and the Bank have an encryption key in common, she can encrypt her request to transfer money. The bank can be sure of its authenticity because nobody else has Sandys key.
Conventional symmetric key encryption does not prevent forgery. Any one who knows the key can create a digital signature. Thus the bank has no protection against repudiation (denial of sending a message). The repudiation problem can be solved if both the sender and the receiver use an arbitrator. Identity of sender is S and identity of recipient is R Sender and arbiter share a key Ks Recipient and arbiter share a key KR Content of message between sender and recipient is M The arbitrator will use a sealing function. A sealing function is a mathematical function affected by every bit of its input. For example, the bytes of the input can be used as numbers and the sum of all input computed.
University of Glamorgan 22

 SLIDE WEB

Symmetric Key Digital Signatures

SENDER 1
S sends sealed M to Arbiter

ARBITER 2
Arbiter retrieves plaintext M from S

KS M

KR KS M S M

RECIPIENT

University of Glamorgan

Arbiter seals [ Message received from Sender E(M,KS), Identify of Sender S, and copy of plaintext M ] and sends all to R

23

 SLIDE WEB

Asymmetric Key Digital Signatures

The basic digital signature protocol using asymmetric encryption protocol is as follows.

Alice encrypts a document M with her private key APRI, thereby signing the document, e.g. E( APRI , M ). Alice encrypts the message with Bobs public key BPUB, and then sends the message C to Bob, e.g. C = E(BPUB , E( APRI , M ) ) Bob decrypts the message using his private key BPRI and then Alices public key APUB, thereby verifying the signature, e.g. M = D(BPRI , D( APUB , M)) SENDER 1 RECIPIENT

BPUB APRI M

Encrypts message with BPUB and APRI and then send the message

2
M

Decrypts message with BPRI and APUB in order to derive M.

University of Glamorgan

24

 SLIDE WEB

Digital Signatures and Timestamps

In order to stop a message that has been signed using a digital signature from being reused, we need to make use of timestamps. The protocol is the same as the asymmetric protocol for signing documents except that the message contains a time stamp.

e.g. M = [ Message , Time-Stamp ] Two messages with the same contents and the same time-stamp will be ignored, thus a message can not be re-used.

The timestamp will define when the message was sent.

BPUB 1 APRI M

SENDER
Encrypts message with BPUB and APRI and then send the message

RECIPIENT 2
Decrypts message with BPRI and APUB in order to derive M.
25

M
University of Glamorgan

 SLIDE WEB

Public Keys and Digital Signatures

There are many Digital Signature Algorithm that have been developed, and they all make use of large prime numbers and modular arithmetic on the plain text to be signed.

The Digital Signature Algorithm (DSA) has been proposed by the U.S. National Institute for Standards and Technology (NIST) for use in their Digital Signature Standard (DSS). The standard was proposed in August 1991. Digital Signature Algorithm was developed by the U.S. National Security Agency (NSA)

RSA is a general public-key/private-key encryption system

Schnorr and ElGamal Algorithm is a specific digital signature algorithm.

GOST Digital Signature Algorithm (This is the Russian digital signature
standard and is officially called GOST R 43.10-94)

ENSIGN is a digital signature scheme from NTT Japan.

University of Glamorgan 26

The Electronic Communications Act 2000

The ECA (2000) is aimed at supporting electronic commerce by providing a legal framework for cryptography and digital signatures The main purpose of the Act is to help build confidence in electronic commerce and the technology underlying it by providing for:

An approvals scheme for businesses and other organisations providing cryptography services, such as electronic signature services and confidentiality services; The legal recognition of electronic signatures and the process under which they are verified, generated or communicated; The removal of obstacles in other legislation to the use of electronic communication and storage in place of paper.

University of Glamorgan

27

The International Context

The ECA (2000) in the UK relates to some recent European Directives;

The Act aims to implement some aspects of the EU Electronic Signatures Directive (1999/93/EC), which was adopted on 13 December 1999. This was aimed at the legal recognition of electronic signatures in the E.U. The Act also supports the EU E-Commerce Directive, which seeks to remove barriers to the development of electronic commerce in the internal market.

The Act also meets the Cryptography Guidelines, published by the Organisation for Economic Co-operation and Development (OECD) (1997) The Act is also compatible with the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce
The UK differs from the global trend of defining as legal, any signature which has a certificate attached as legal binding. Instead it gives electronic signatures the same status as handwritten in English law evidential method of authenticating a document
[Computer Law, Reed and Angel]

University of Glamorgan

28

 SLIDE WEB

Contract Signing

Suppose that Bill and Ben agree to something and wish to sign a contract to show their agreement. Both of them are committed to performing some act by the contract but each wants to commit only if the other does. A Contracting protocol requires two things Commitment. After a certain point both parties are bound by the contract; until then neither is. Unforgeability, The signatures of the contract must be demonstrably authentic; that is, it must be possible for either party to prove that the signature of the other is authentic. One solution is to use a Trusted Third Party (TTP) as an Arbitrator 1. Bill signs a copy of the contract and sends it to the TTP. 2. Ben signs a copy of the contract and sends it to the TTP. 3. The TTP announces when both signed contracts have arrived. 4. Ben signs two copies of the contract and sends them to Bill. 5. Bill signs both copies of the contract and, keeps one for himself, and sends the other to Ben. 6. Ben and Bill both inform the TTP that each have a copy of the contract signed by both of them. 7. The TTP destroys his two copies of the contract with only one signature each.

University of Glamorgan

29

 SLIDE WEB

Blind Signatures

The process of blinding a message can be thought of as putting a message in an envelope along with a piece of carbon paper. Nobody can read the message through the envelope. A blind signature is made on the envelope and this goes through the envelope and the carbon paper onto the original message. When the message is removed from the envelope it will be signed and the signer will not have known what was signed. In the steps below, a user Alice uses the blind signature protocol to get another user Bob, to sign a message without knowing its contents. Alice takes the message and multiplies it by a random value, called a blinding factor. This blinds the message so its contents can not be read. Alice sends the blinded message to Bob. Bob digitally signs the blinded message and returns it to Alice. Alice divides out the blinding factor, leaving the original message now signed by Bob.
Blinding Process Sent to Signer
Signature Signature

Remove Envelope Envelope containing Message and Carbon paper

Original Message

Envelope containing Message and Carbon paper

Original Message

University of Glamorgan

30

 SLIDE WEB

Blind Signatures & Ecash Coins

The electronic coins used within the Ecash system are unique in that they are partly minted by the client before being signed by the bank. Each coin has a 100 digit serial number that is generated by the clients cyberwallet software.
The bank uses different signature keys for different coin denominations. The client informs the bank of the value of the coin and the bank signs the coins with the correct signature.

For Example, Serial# is the serial number of the coin, and SK$1 is the secret key one dollar key for the bank. Thus a one dollar coin could look like: E( KeyPRI-SK$1 , Serial# )

To allow the signature to be quickly verified (decrypted) an indication of which public key to use (Key_Version) is usually included with a coin. For convenience, the plaintext serial number is also included: Coin = Serial#, Key_Version, E( KeyPRI-$1 , Serial# ) The Key_Version can also be used to obtain other information about the coin, including its value, currency, and expiry date.
University of Glamorgan 31

 SLIDE WEB

Some Legal Stuff.. RIPA (2000)

Although section 49(9) states that a notice under this section shall not require the disclosure of any key which is intended to be used for the purpose only of generating electronic signatures, this intention of protecting the integrity of signature keys, will very often fail since RIPA also allows access to encryption keys. In many cryptographic products the same passphrase (or key) is used for both signature and confidentiality purposes, and this means that access to keys for protected information will also give access to signature keys. This duality is confirmed in the draft Code of Practice which states where there are reasonable grounds to believe that a key has been used for electronic signature and, additionally, confidentiality purposes, that key may be required to be disclosed under the terms of the 2000 Act. In practice, this failure to distinguish will undermine the use of digital signatures and hinder the development of ecommerce, conflicting with the intentions of the Electronic Communications Act 2000.
From : Akdeniz, Y.; Taylor, N.; Walker, C., Regulation of Investigatory Powers Act 2000 (1): Bigbrother.gov.uk: State surveillance in the age of information and rights, (2001) Criminal Law Review, (February), pp. 73-90 at http://www.cyber-rights.org/documents/crimlr.pdf Copyright 2001 Akdeniz, Taylor, Walker

This implies that if you have a public/private key pair for confidentiality of incoming material, use a different public/private pair for outgoing electronic signatures.

University of Glamorgan

32

 SLIDE WEB

Summary of terms
Some definitions;

Cryptography science of secret writing Cryptanalysis science of breaking of breaking ciphers Cipher method used to convert plaintext to cipher text Plaintext an encrypted message I am coming to tea tonight Cipher text - the encrypted message L dp frplqj wr whd wrqjkw Encryption (Encipherment) -process of converting plaintext to cipher text (scrambles the message). Decryption (Decipherment) - process of converting cipher text to plain text (restores the plaintext message) Key code used in conjunction with an algorithm to encrypt /decrypt data

University of Glamorgan

33

 SLIDE WEB

Certificates (1)

Islands of Trust

As humans we establish and use trust all the time. However trust is based upon the ability of people to identify and certify who and what they are.
We use certificates and trust all the time to do business.

Within modern encryption systems a public key and a users identity are bound into a certificate which is then signed by someone to certify the accuracy of that binding. Certificates can be awarded by certification authorities (CA), and certificate authorities can themselves have certificates Certificates are used to create and manage encryption keys, as keys may have a limited life to them.
Name: Iain Sutherland Position: Lecturer Public Key: 71F1890ACDE45..
Name: University of Glam Position: Employer Public Key: 7897636361FA.. University of Glamorgan

Certificate for Iain Sutherland Chain of Certificates

Encrypted under University of Glamorgans Private Key Encrypted under HEFCs Private Key
34

Certificates (2)

University of Glamorgan

35

Certificates (3)

University of Glamorgan

36

Certificates (4)

University of Glamorgan

37

 SLIDE WEB

An example of Cryptography: SET

Secure Electronic Transaction (SET) is a protocol for credit card holders to order good in a secure manner over the internet. This makes use of public and private keys amongst other things:

to provide for confidential transmission; to ensure the integrity of payment instructions for goods and services order data;
Rather than look at the protocol in detail we look at one message. The order message sent by the customer, to the seller and the sellers bank.

This type of message in known as a dual signature

University of Glamorgan

38

SET Transaction
1. Request Transaction 2. Acknowledgement request 3. Purchase order 4. Purchase order verification 5. Customer Payment data

An overview of the purchase / payment process used by SET (Secure Electronic Transactions)

7. Status Query 8. Purchase Status information 9. Request payment

Vendor

10. Verify payment

Consumer

6. Verify customer data

Bank
[Redrawn from Ghosh p132]

SET currently only supports credit card payments online not debit cards, or stored value payments other protocols are likely to arise to address these issues.
Open standard so a number of implementations have arisen.; Cyber cash supports SET standard RSA Data Security - set compliant software S/PAY Ultimately not technology or standard itself that will make this a successful protocol but the fact that it is backed by the two largest credit card associations (MasterCard & Visa)
University of Glamorgan 39

 OHP Handout

B2C: SET protocol

Authentication uses symmetric key distribution w/o server Digests of the order information - OI - and payment information - PI - are calculated - H[OI] and H[PI] These two are concatenated and signed DS

Merchant gets OI, H[PI] & DS - hence can find H[PI] Issuer gets PI, H[OI] & DS - hence can find H[OI]

Merchant and issuer can see only info. they should see, but can verify details of the order and payment

Suppose some of the information is tampered with. When the DS is decrypted

merchant finds a different H[PI] issuer finds a different H[OI]

Encrypted with Merchant Key Only the merchant can read it

Customer message to Merchant M1 Message Digest

Customer message to Bank M2 Message Digest

Encrypted with Bank Key Only the bank can read it

M3 Message Digest Encrypted with Private Key Dual Customer Signature

M3=Digest(M1+M2)

University of Glamorgan

40