Topic7 Cryptography

in
ECommerce

LEARNING OUTCOMES
By the end of this topic, you should be able to:
1.

Explain that the Internet

communication medium;

is

wide-open,

unprotected

2.

Explain that a message can be encrypted and decrypted using

special keys to provides confidentiality;

3.

Explain that a message can be hashed, providing integrity; and

4.

Explain that a message can be encrypted and digitally signed,

providing confidentiality, authentication and integrity.

INTRODUCTION
Cryptography is the science of writing in secret code and is an ancient art. The
first documented use of cryptography in writing dates back to circa 1900 B.C.
when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some
experts argue that cryptography appeared spontaneously sometime after writing
was invented, with applications ranging from diplomatic mission to wartime
battle plans. It is no surprise that new forms of cryptography came soon after
the widespread development of computer communications. In data and
telecommunications, cryptography is necessary when communicating over any
untreated medium, which includes just about any network particularly the
Internet. Nowadays, doing business or paying bills over the Internet is getting
popular. Due to this scenario, some forms of protection are needed to protect
these transactions. In this topic, we are going to introduce and explain the role of
cryptography in e-commerce (EC).

98

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE

ACTIVITY 7.1
Discuss whether transactions done in e-commerce are safe or not.

7.1

AUTHENTICATION

Authentication is the process of verifying the identity of a user, process or device,

often as a prerequisite to allowing access to resources in a system. (NIST, 2001).
The identity of a certain user or process is challenged by the system and proper
steps must be taken to prove the claimed identity.
While there are many researches on authentication models that satisfy legitimate
user requirements, little has been done at the system design level to prevent
malicious user requirements from occurring.

SELF-CHECK 7.1
(a)

Explain what is authentication.

(b)

What happens if there is no authentication done over the

e-commerce?

7.1.1

Types of EC Authentication Models

For us to protect the transactions done over the internet i.e. e-commerce (EC), we
need to understand the various concepts and approaches in EC. Generally, there
are six attacks applicable to authentication in the domain of EC system:

Sniffing attacks;

ID spoofing attacks;

Brute force attacks;

Dictionary attacks;

Credential decryption attacks; and

Replay attacks.

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE 99

(a)

Sniffing Attacks
Sniffing attacks use protocol analysers to capture network traffic for
password and other data capture. A password sniffer is a program that
takes advantage of this character to monitor all of the IP (Internet Protocol)
traffic on its part of the network. By capturing the first 128 bytes of every
FTP or Telnet session, for example, password sniffers can easily pick up
your user name and password as you type them. Password sniffers may
use programs provided for network debugging as building blocks, or may
be written to use the services directly. Special-purpose password sniffing
toolkits are widely available to attackers. The danger of sniffing attacks is
rapidly spreading. Favourite targets for sniffers are network providers and
public access systems where the volume of Telnet and FTP connections is
huge. One sniffer on large public access systems can collect thousands of
sniffed account names and passwords, and then compromise every system
accessed. Even if your systems are as secure as possible and your user
passwords are not guessable, you can be infected by a packet sniffer
running at any site that your users can log in from or at any site their
packets will cross to get to you.

(b)

ID Spoofing Attacks
ID spoofing is a service that allows a hacker to masquerade as someone else
by falsifying the ID that appears on the recipients ID display. Just as e-mail
spoofing can make it appear that a message came from any e-mail address
the sender chooses, ID spoofing can make a call appear to come from any
ID number the caller wishes.
ID spoofing has been available for years to people with a specialised digital
connection to the network. Collection agencies, law enforcement officials
and private investigators have used the practice, with varying degrees of
legality. However, the advent of VoIP (Voice over Internet Protocol) service
makes it simple for the average person to falsify a calling number, and as
Internet telephony has become more common, so has caller ID spoofing.

(c)

Brute Force Attacks

Brute force is a form of password cracking. Brute force attacks will try every
single key combination known to crack your password. The only protection
against them is to either have a key length too long to crack anytime in this
lifetime, or change the password frequently. Brute force is traditionally an
old-fashioned type of attack. Its takes time to crack the password.
Nevertheless with powerful and fast computer processor, brute force is an
attack not to be taken lightly.

100

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE

(d)

Dictionary Attacks
This is another form of password cracking. The term dictionary comes
from the actual book of known words. This is transferred into a file and
loaded into a tool to try to help a hacker to crack your password. The
defense against this is to not use simple-to-guess and known dictionary
words as passwords.

(e)

Credential Decryption Attacks

Credential decryption attacks revolve using decryption tools to steal or
break credential or secret information of an organisation or people. This
attack involves people trying to decrypt your credential and using this
information to further achieve their personal agenda.

(f)

Replay Attacks
Replay attack is when a hacker uses a sniffer to grab packets off the wire.
After packets are captured, then the hacker can simply extract information
from the packets like authentication information and passwords. Once the
information is extracted, the captured data can be placed back on the
network or replayed.

7.1.2

Security Attacks

Figure 7.1 shows a summary of security attacks related to authentication along

with the attack enablers and prescribed countermeasures. Access to credential
resources and weak cryptography are two attack enablers for brute force attacks.
The first provides access to the medium in order to retrieve credential
information and the second allows for a low-cost security attack.

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE 101

Figure 7.1: (a) Authentication security attacks, (b) attacks enable and
(c) countermeasures
Weak credential policy, weak cryptography and incorrect implementation of
cryptography are three attack-enablers for credential decryption attacks. A weak
credential policy allows system users to select easy-to-guess passwords. Weak
cryptography, on the other hand, allows for a low-cost security attack. An
incorrect implementation of the cryptographic algorithm can be seen as an
implementation defect and can only be checked after the system is implemented.
Yet, it is incorporated into the system design as a security requirement. Weak
cryptography is a supplementary attack-enabler for sniffing attacks. Sniffing and
replay attacks both rely on a clear text communication channel [Herzog, 2001].

ACTIVITY 7.2
(a)

Name six types of attack applicable in the domain of EC.

(b)

Explain one of the six attack and give examples of how it can
overcome or reduce the threats.

102

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE

Figure 7.2: The e-commerce authentication countermeasures design model

Figure 7.2 shows the countermeasures design model derived by methodology

[Probert, 2003] for e-commerce authentication. This model is detailed enough to
be incorporated into high-level design documents of EC systems. Furthermore, a
faithful implementation of the model will lead to an e-commerce system that is
resistant to all known authentication security attacks.

7.2

SECURITY GOALS

When we talk about computer security, we are concerned with three main
security goals. The three main security goals are confidentiality, integrity and
availability. In short, these three security goals are abbreviated as CIA as
shown in Figure 7.3.

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE 103

Figure 7.3: Computer security goals

7.2.1

Confidentiality

Confidentiality is one of a set of security functions (others are, for example,

authentication, integrity and non-repudiation). A confidentiality mechanism
ensures that only authorised entities can read protected data. There are both
system and communication aspects of confidentiality.
Confidentiality is usually achieved using encryption. Encryption algorithms (that
use encryption keys) are used to convert plain text into cipher text and the
equivalent decryption algorithm is used to convert the cipher text back to plain
text. Symmetric encryption algorithms use the same key for encryption and
decryption, while asymmetric algorithms use a public/private key air.
Confidentiality is transmitted or stored data which should only be disclosed to
authorised entities.

ACTIVITY 7.3
(a)

Find out from the Internet the issues of confidentiality which

affect EC.

(b)

Discuss whether confidentiality is under threat.

104

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE

Example of Security Services:

In confidentiality, users can implement some policies to protect their information.
Policies can be implemented by using:
(a)

Access control that allows only selected authenticated entities to read the
protected information.

(b)

Cryptography that allows only those entities possessing the correct key to
read the protected information.

7.2.2

Integrity

Integrity is assuring the receiver receives message(s) which has not been altered
in any way from the original. Data integrity should be possible to detect whether
the data is deliberate or unintentional changes. This requires the identification of
the originator of the data is unique and cannot be manipulated.
Verification is the original contents of information which have not been altered or
corrupted. Without integrity, someone might alter information or information
might become corrupted, and the alteration could be undetected.
Below is an example of Integrity.
The following process can be used to protect data integrity:
(a)

Alice computes a one-way hash of the message m and encrypts it with her
private key.

(b)

Alice sends both the text m and the encrypted hash to Bob.

(c)

Upon receiving, Bob extracts m and computes the same one-way hash on
m. He also extracts the encrypted hash and decrypts it using Alices public
key.

(d)

Bob then compares the computed hash value with the received hash value.
If they are identical, then he validates data integrity.

(e)

If the two hashes match in the above protocol, then Bob can confirm that
the data has not changed since it was signed.

TOPIC 7

7.2.3

CRYPTOGRAPHY IN ECOMMERCE 105

Availability

Availability is concerned with the readiness of data and resources to be available

to authorised users at any time. It is also related to disaster recovery and
contingency planning. The information is said to be available to an authorised
user when and where needed and in the correct format. There should be a fair
allocation of resources so that some requests are not favoured over the others.

ACTIVITY 7.4
Name and explain the three main elements of security goal.

7.3

NON-REPUDIATION CRYPTOGRAPHY

Non-repudiation cryptography assures that a party in a communication cannot

falsely deny that a part of the actual communication occurred. Without nonrepudiation, someone can communicate and then later either falsely deny the
communications entirely or claim that it occurred at a different time.
For example, without non-repudiation, an originator of information might
falsely deny being the originator of that information. Likewise, without
non-repudiation, the recipient of a communication might falsely deny having
received the communication.

7.3.1

Characteristics

For non-repudiation to occur, several criteria or rules need to be followed:

(a)

Provide Evidence of Communications and Transactions

Example:
Someone might deny sending an e-mail message but the messaging system
adds a timestamp and digitally signs the message with the message
originators digital signature. Because the message contains a timestamp
and a unique signature, there is strong evidence to identify both the
messages originator and the date and time of origin. If the message
originator later denies sending the message, the false claim is easily refuted.
Likewise, to provide non-repudiation for mail recipients, mail systems
might generate mail receipts that are dated and signed by the recipients.

106

(b)

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE

Provide Network and Information Security

Example:
Cryptosystems that provide non-repudiation often provide authentication
as a by-product. Your security goals and requirements determine which
functions you need to provide. Non-repudiation is a mechanism to prove
that the sender really sent this message. The aim of the non-repudiation
service is to enable a unique identification of the initiators of certain actions,
such as the sending of a message, so that these completed actions cannot be
disputed after the fact.

7.4

DIGITAL SIGNATURE

Using public key cryptography, it is possible to digitally sign a piece of

information. Signing information essentially means assuring a recipient of the
information that the information has not been tampered with since it left your
hands.
To sign a piece of information, first compute a mathematical hash of the
information. A hash is a condensed version of the information. The algorithm
used to compute this hash must be known to the recipient of the information, but
it is not a secret. Using your private key, encrypt the hash, and attach it to the
message. Make sure that the recipient has your public key.
To verify that your signed message is authentic, the recipient of the message will
compute the hash of the message using the same hashing algorithm you used,
and will then decrypt the encrypted hash that you attached to the message. If the
newly-computed hash and the decrypted hash match, then it proves that you
signed the message and that the message has not been changed since you signed
it. Basically, a digital signature scheme consists of two components:
(a)

A signing algorithm; and

(b)

A verification algorithm.

The process is very similar to the authentication:

(a)

Alice encrypts the message m with her private key (EKpri(Alice)(m)).

(b)

Alice encrypts the resulting data using Bobs public key and sends to Bob
(c = EKpub(Bob)(EKpri(Alice)(m))).

(c)

Bob recovers m by doing m = DKpub(Alice)(DKpri(Bob)(c)).

Since Bob is able to recover m using Alices public key, he can verify that Alice
signed it with her private key. Also, the signature depends on the contents of the
message; hence, no one can use the signature with another document.

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE 107

ACTIVITY 7.5
Explain what is digital certificate.

7.5

SYMMETRIC CRYPTOGRAPHY

Symmetric cryptography uses a single private key to both encrypt and decrypt
data. Any party that has the key can use it to encrypt and decrypt data. They are
also referred to as block ciphers.

7.5.1

Symmetric Algorithms

(a)

DES
The 56-bit keys used in DES are short enough to be easily brute-forced by
modern hardware and DES should no longer be used.

(b)

3DES
Triple DES (or 3DES) uses the same algorithm, applied three times with
different keys giving it an effective key length of 128 bits. Due to the
problems using the DES algorithm, the United States National Institute of
Standards and Technology (NIST) hosted a selection process for a new
algorithm.

(c)

AES
The advance form of DES algorithm was called Rijndael and the associated
cryptosystem is now known as the Advanced Encryption Standard or AES.
For most applications, 3DES is acceptably secure at the current time but for
most new applications it is advisable to use AES.
Examples of how a symmetric algorithm works are given below between
Alice and Bob:
(i)

If Alice wants to send the message securely over a public channel to

Bob, she uses the key they agreed on before, to send to Bob. He will
decrypt the received cipher text with the same key to gain access to
the message.

(ii)

Alice and Bob have agreed on a secret key (Shared Secret).

(iii) If Alice and Bob want to make sure they are communicating with each
other over an insecure channel, i.e. prove that they know the secret

108

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE

key, without revealing it to eavesdroppers, they can proceed as

follows.
(iv) They each pick a random number, the challenge.
(v)

Suppose Alice contacted Bob stating she is Alice: Bob sends her an
encrypted message and she replies with an encrypted message.

(vi) Bob can decrypt this information and verifies he gets again. Now Bob
knows he is communicating with Alice.
(vii) Then Alice sends him the encrypted message , and he replies with an
encrypted message. Alice can now verify she is communicating with
Bob.
An eventual eavesdropper would not have gained information from this
exchange.

7.5.2

Disadvantage of Symmetric Cryptography

The disadvantage of symmetric cryptography is that it presumes two parties

have agreed on a key and been able to exchange that key in a secure manner
prior to communication. This is a significant challenge. Symmetric algorithms are
usually mixed with public key algorithms to obtain a blend of security and
speed.

SELF-CHECK 7.2
Name and explain the three types of symmetric algorithms.

7.6

PUBLIC KEY CRYPTOGRAPHY

Public Key Cryptography (PKC) has been said to be the most significant new
development in cryptography in the last 300-400 years. Modern PKC was first
described publicly by Stanford University, Professor Martin Hellman and
graduate student Whitfield Diffie in 1976. Their paper described a two-key
crypto system in which two parties could engage in a secure communication over
a non-secure communications channel without having to share a secret key. The
most important thing to know about public key cryptography is that, unlike
earlier cryptographic systems, it relies not on a single key (a password or a secret
code), but on two keys. These keys are numbers that are mathematically
related in such a way that if either key is used to encrypt a message, the other key
must be used to decrypt it. Also important is the fact that it is next to impossible
(with our current knowledge of mathematics and available computing power) to

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE 109

obtain the second key from the first one and/or any message encoded with the
first key.
By making one of the keys available publicly (a public key) and keeping the other
key private (a private key), a person can prove that he or she holds the private
key simply by encrypting a message. If the message can be decrypted using the
public key, the person must have used the private key to encrypt the message.
Figure 7.3 illustrates the process involved in public key cryptography.

Important: It is critical that private keys be kept private! Anyone who knows the
private key can easily impersonate the owner.

Figure 7.3: Public Key Cryptography

(a)

Issues in Public Key Cryptography

Multiplication vs. Factorisation: Suppose I tell you that I have two numbers,
9 and 16, and that I want to calculate the product; it should take almost no
time to calculate the product, 144. Suppose instead that I tell you that I have
a number, 144, and I need you tell me which pair of integers I multiplied
together to obtain that number. You will eventually come up with the
solution but whereas calculating the product took milliseconds, factoring
will take longer because you first need to find the eight pairs of integer
factors and then determine which one is the correct pair.
Exponentiation vs. Logarithms: Suppose I tell you that I want to take the
number 3 to the 6th power; again, it is easy to calculate 36 = 729. But if I tell
you that I have the number 729 and want you to tell me the two integers
that I used, x and y so that logx 729 = y, it will take you longer to find all
possible solutions and select the pair that I used.
While the examples above are trivial, they do represent two of the
functional pairs that are used with public key cryptography namely, the
ease of multiplication and exponentiation versus the relative difficulty of

110

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE

factoring and calculating logarithms, respectively. The mathematical trick

in public key cryptography is to find a trap door in the one-way function so
that the inverse calculation becomes easy given knowledge of some items of
information.

Understand cryptography-based security technology.

Cryptography-based security systems provide ample security when used

properly within the capabilities and limitations of the cryptography
technology.

Cryptography technology only provides part of the overall security for your
networks and information.

The overall strength of security systems depends on many factors, such as the
suitability of the technology, adequate security procedures and processes,
and how well people use the procedures, processes and technology.

Conducting those operations that protect and defend information and

information systems by ensuring availability, integrity, authentication,
confidentiality and non-repudiation.

Integrity
Non-repudiation Cryptography
Public Cryptography
Symmetric Cryptography

Authentication
Availability
Confidentiality
Digital Signature

Cryptography. (2005, June 06). Building trust infrastructure.

Gutmann, P., & Naccache, D. (2006). What is cryptography? In crypto corner,

introduction to cryptography.
Kessler, G. C. (1998). An overview of cryptography. Retrieved July 1, 2009 from
http://www.garykessler.net/library/crypto.html

TOPIC 7

CRYPTOGRAPHY IN ECOMMERCE 111

Mactaggart, M. (2001). Introduction to cryptography, Part 2. Symmetric

cryptography. Retrieved July 1, 2009 from http://www.ibm.com/
developerworks/library/s-crypt02.html
Rosenthal, C. (2001). Information security and authenticity on public networks.

Solutions to some problems raised by conducting private conversations in

public places. Retrieved June 26, 2009 from Unicom System Development
website: http://www.unicom.com/pw/pubnetinfosec/
Sarker, M. Z., & Parvez, M. S. (2005). A cost effective symmetric key
cryptographic algorithm for small amount. Retrieved June 26, 2009 from
http://ieeexplore.ieee.org/Xplore/login.jsp?url=http%3A%2F%2Fieeexplo
re.ieee.org%2Fiel5%2F4133396%2F4133397%2F04133450.pdf%3Farnumber
%3D4133450&authDecision=-203
Stalling, W. (2003). Network security essentials Applications and standards
(2nd ed.). Prentice Hall.
Thorsteinson, P., & G. Gnana Arun Ganesh. (2003). Asymmetric Cryptography.
The Idea behind Asymmetric Cryptography. Retrieved July 1, 2009 from
http://www.informit.com/articles/article.aspx?p=102212&seqNum=2