E-BUSINESS MODULE 3

SECURITY TECHNOLOGIES

Semester 2

WHY INTERNET IS UNSECURE?

Computer security is a technological and managerial procedures applied to computer systems to ensure the availability , integrity, and confidentiality of information managed by the computer system against unwanted access, damage, modification or destruction. The potential for anonymity on the Internet hides many criminals in legitimate looking identities allowing them to place fraudulent orders with online merchants, steal information by intercepting e-mail, or simply shut down ecommerce sites by using software viruses.

The internet was never designed to be a global market place with a billion users. So Internet lacks many basic security features found in older networks such as telephone system or broadcast television networks. The Internet is an open, vulnerable design network.

SIX DIMENSIONS OF INTERNET SECURITY

Integrity Nonrepudiation Authenticity Confidentiality Privacy Availability

Integrity

Is the ability to ensure that information being displayed on a website, or transmitted or received over the Internet, has not been altered, in any way by an unauthorized party. Is the ability to ensure that the e-commerce participants do not deny their online actions. Is the ability to identify the identity of a person or entity with whom you are dealing on the Internet.

Nonrepudiation

Authenticity

Confidentiality
Is the ability to ensure that messages and data are available only to those who are authorized to view them. Contents should be known only to the sender and receiver

Privacy

Is the ability to control the use of information a customer provides about himself to an e-commerce merchant. Is the ability to ensure that an e-commerce site continues to function as intended.

Availability

INTERNET SECURITY HOLES

Malicious code Unwanted programs Phishing Spoof Sniffer Hacker Denial of Service (DoS) attack Distributed Denial of Service (DDoS) attack Poorly designed server and client software

Malicious code
Includes viruses, worms, Trojan horses and bots A virus is a computer program that has the ability to replicate or make copies of itself and spread to other files. A worm is designed to spread from computer to computer , instead of just spreading from file to file.

A Trojan horse hide a program to steal passwords e-mail them to another person.

and

Bots(Robots) are type of malicious code that can be covertly installed on your computer when attached to the Internet. Once installed, the bot responds to external commands sent by the attacker, and is able to be controlled by an external third party.

Unwanted programs
Unwanted programs can be a browser parasite or spyware A browser parasite is a program that can monitor and change the settings of a user browser. Spyware can be used to obtain information such as a users key strokes, copies of e-mail and instant messages.

Phishing

Phishing is any deceptive, online attempt by a third party to obtain confidential information for financial gain. Phishing rely on misrepresentation and fraud. The most popular phishing attack is the e-mail scam letter

Spoofing

To misrepresent oneself by using fake e-mail addresses or masquerading as someone else Spoofing a website is also called pharming which involves redirecting a web link to an address different from the intended one, with the site masquerading as the intended destination. Spoofing does not directly damage files or network servers but threatens the integrity of a site.

Sniffer
A type of eavesdropping program that monitors information travelling over a network. Sniffers enable hackers to steal proprietary information from anywhere on the network, including e-mail messages, company files and confidential reports. The threat of sniffing is that confidential or personal information will be made public.

Hacker

An individual who intends to gain unauthorized access to a computer system. A hacker with criminal intent is called cracker. Hackers can be white hats, black hats or grey hats. White hats are good hackers who help organizations locate and fix security flaws. Black hats are hackers who act with the intention of causing harm. Grey hats are hackers who believe they are pursuing some greater good by breaking in and revealing system flaws.

Denial of Service (DoS) attack

Flooding a website with useless page requests to flood the sites web servers.

Distributed Denial of Service (DDoS) attack

Uses numerous computers to attack the target network from numerous launch points.

Poorly designed server and client software

The increase in complexity and size of software programs coupled with demands for timely delivery to markets has contributed to an increase in software errors and vulnerabilities that hackers can exploit.

CRYPTOGRAPHY
In cryptography, information is protected by scrambling it in such a manner that it can be unscrambled only with a secret key.

Key

Key

Plain text

Encryption algorithm

Cipher text

Decryption algorithm

Plain text

OBJECTIVES OF CRYPTOGRAPHY
Secure stored information Secure information transmission

Encryption

Encryption is defined as the transformation of data via a mathematical process called an algorithm into a form that is unreadable to anyone who does not possess a secret key for decrypting the message.

Plain text

The original message or data is referred to as plain text. The plain text is given to encryption algorithm as input.

Encryption algorithm

A mathematical algorithm used for the transformation of plain text into cipher text is referred to as the encryption algorithm. It receives the plain text and secret key as input and produces the ciphertext as output.

Ciphertext
The encoded or encrypted message produced as an output of the encryption algorithm by applying the secret key is referred to as the ciphertext. It depends on the plain text and the secret key.

Secret key

The secret key contains the code used to transform the plain text to cipher text and vice versa.

Decryption algorithm

A mathematical algorithm used for transforming the cipher text into plain text by applying the secret key is referred to as decryption algorithm. It receives the ciphertext and the secret key as input and produces the plain text as output. In symmetric encryption decryption algorithm is just reverse of encryption algorithm. In asymmetric encryption, the decryption algorithm may be distinct from encryption algorithm

TYPES OF ENCRYPTION
Symmetric encryption Asymmetric encryption

SYMMETRIC ENCRYPTION
The sender and receiver share a common secret key. The decryption algorithm is just reverse of encryption algorithm. Symmetric encryption is also called the single-key or secret key encryption.

Secret key

Identical keys

Secret key

Plain text

Encryptio n algorithm

Cipher text

Decryptio n algorithm

Plain text

TWO REQUIREMENTS FOR SECURE

SYMMETRIC ENCRYPTION Strong encryption algorithm Sender and receiver should get key in secure fashion

ASYMMETRIC ENCRYPTION

Sender and Receiver share a unique key pair consisting of a public key and private key.
key key

Distinct keys

Plain text

Encryptio n algorithm

Cipher text

Decryptio n algorithm

Plain text

CLASSIFICATION OF CRYPTOGRAPHIC SYSTEMS

Based on type of operation used for transforming plaintext to cipher text

1.

Substitution
Each element in the plain text is substituted by another element. E.g. Plain text: WILLPOWER Key: first succeeding letter Cipher text: XJMMQPXFS

2.

Transposition
The elements in the plain text are re-arranged by performing some sort of permutation on the plaintext letters or bits. E.g. WILLPOWER WI/LL/PO/WE/R0 KEY:2314 CIPHERTEXT: LLPOWIR0

Based on the number of keys used

1. 2.

Symmetric Encryption Asymmetric Encryption

Based on the way in which the plain text is processed:

1.

Block cipher:

The plain text is processed on block of elements at a time, producing an output block for each input block. The input plaintext elements are processed continuously, producing an output of one element at a time.

2.

Stream cipher:

BREAKING ENCRYPTION SCHEMES CRYPTANALYSIS

The process of attempting to discover the plain text or the secret key is known as cryptanalysis. Cryptanalysis depends on The nature of the encryption scheme The information available to the cryptanalyst

VARIOUS TYPES OF CRYPTANALYTIC ATTACKS EXIST DEPENDING ON THE INFORMATION AVAILABLE TO THE CRYPTANALYST.
Ciphertext only: In this case known to the crypt analyst are
ciphertext encryption or decryption algorithm

The cryptanalyst uses the following strategies Apply brute force approach of trying all possible keys. If the key length is very large, this becomes impractical. Apply many statistical steps to ciphertext.
Brute force attack This method is to try all possible key on a piece of ciphertext until an intelligible translation into plain text is obtained. On average, half of all possible keys must be tried to achieve success.

Known plain text or plain text- ciphertext pairs

In this case known to the crypt analyst are

encryption /decryption algorithm Ciphertext to be deciphered One or more plain text message as well as their encryptions or certain plain text patterns that will definitely appear in the message.

With the above type of knowledge, the cryptanalyst may be able to deduce the key on the basis of the way in which the known plain text is transferred.

Chosen plain text:

In this case known to the cryptanalyst are

Encryption algorithm Ciphertext Plain text chosen by the cryptanalyst together with its ciphertext generated with the secret key of the sender.

Sometimes the cryptanalyst insert into the plaintext certain chosen patterns. These patterns get encrypted with the plaintext with the secret key of the sender. Thus using patterns inserted by him, the crypt analyst can work towards analyzing the secret key.

VARIOUS SYMMETRIC ENCRYPTION ALGORITHMS

Data Encryption Standard (DES) Triple Data Encryption Algorithm (TDEA) Advanced Encryption Standard (AES)

DATA ENCRYPTION STANDARD(DES)

Block cipher based symmetric encryption technique Developed in 1977 by IBM for US government Uses 56 bit key to transform a fixed block of 64 bits of plain text into a 64 bit block of cipher text. The basic DES steps are

Scramble a 64 bit text block one time Divide the 64 bit block into to 32 bit blocks Take each of 32 bit blocks and scramble them16 times using the secret DES key. Apply the inverse of the initial scramble

TRIPLE DATA ENCRYPTION ALGORITHM(TDEA)

Proposed in 1985 Incorporated in 1999 Follows encrypt-decrypt-encrypt implementation. Message is encrypted with the first key(K1-56bits), decrypted with the second key(K2-56bits) and again encrypted with the third key(K3-56bits). Thus with the use of three distinct keys, TDEA has an effective key length of 168bits or 112 bits
K2 K3

K1

Plain text

Encryption

Decryption

Encryption

Cipher text

Drawbacks
The algorithm which has three times as many rounds as DES is correspondingly slower. The use of 64 bit block size reduces the efficiency of the TDEA

ADVANCED ENCRYPTION STANDARD (AES)

Developed by National institute of standards and technology(NIST) in 1997 Block length of 128 bits and key length of 128,192 and 256 bits

LOCATION OF ENCRYPTION DEVICES

Important things to decide before encryption

What to encrypt Where in the virtual network between the sender and receiver , the encryption and decryption should take place

Two alternatives
Link Encryption End-to-End Encyption

PSN

Receiving end

Sending end

PSN

PSN

Receiving end

PSN

Authentication and integrity using the symmetric encryption

Share Secret key Error detection code Sequence number

KEY DISTRIBUTION

Key distribution techniques

Key selected by A and physically delivered to B Third party to select the key and deliver to both If used key previously, one can pass the new key by encrypting it with the old key

Session key :
When two end systems communicate One time use At the end of the connection or session, the key is lost

Permanent Key :

Used for the purpose of distributing the sessions key

Key Distribution Center (KDC)

Provides one time session key for a connection Performs end to end encryption and gets the session key on behalf of the terminal

Front End Processor (FEP)

KDC

FEP

Sending terminal

network Receiving FEP FEP terminal ....

ASYMMETRIC ALGORITHM

Asymmetric encryption to provide message confidentiality.

Encryption using Bs public key Encoded and transmitted B has private key to decrypt

Asymmetric encryption to provide senders Authentication

A encrypts using private key Encoded and transmitted B decrypts using As public key,

B hence knows that the message is send by A and no one else

Both authentication and confidentiality

A encrypts with his private key Again A encrypts using Bs public key Transmitted to B B decrypts with his private key and the with As public key

KEY MANAGEMENT FOR ASYMMETRIC ENCRYPTION

Distribution of public keys :

Public announcement Publicly Available directory By third party organizations Public key certificates Issuing certificates with name of participant, his public key and a time stamp

Public key distribution of secret keys :

A generates a public/private key pair(KU ,KR) and transmits the public key, KU to B B generates a secret key KS and transmits it to A, using As public key KU to encrypt it A uses his private key KR to decrypt it Now the communication will be with KS

MESSAGE INTEGRITY AND HASH FUNCTIONS

Sender hashes the message and produces an integrity check value or message digest based on the contents of message Original message and digest message is transmitted Hash function receives variable size input and produces fixed size code Hash code is a function of all the bits of the message , a change in a single bit in the message will change the hash code Only one way is possible

DIGITAL SIGNATURES

Developed due to disputes between sender and receiver Digital signatures are designed to bind the message originator with the exact contents of the message It can be a encrypted message digest

To compute digital signature, following are required

One way hash algorithm to digest the original message Senders private key is used to encrypt the message digest Original message + digital signature are transmitted Receiver uses hash algorithm to recompute the message digest from original message Receiver uses senders public key to decrypt the message digest Both should match