. Electronic Commerce - Security Management
Cornerstones of Security
the sender (either client or server) of a message is who he, she or it claims to be.
the contents of a message are secret and only known to the sender and receiver.
the contents of a message are not modified (intentionally or accidentally) during transmission.
the sender of a message cannot deny that he, she or it actually sent the message.
The Audit trail should preserve the same data integrity mechanism that was applied when the message was created. Proof of Non-repudiation should also be preserved. WORM devices used (Write Once Read Many).
In real life we deal with these issues too. Secrecy and integrity using registered mails, locking the documents up etc.Original documents address the non-repudiation & Authentication is addressed by recognizing faces,voices, signs etc. However, in the e-world , besides others, various cryptographic techniques are used to address these issues.
8.2 Cryptographic Techniques
Encryption is the process of transferring information so it is unintelligible to anyone but the intended recipient. Decryption is the process of transforming encrypted information so that it is intelligible again.
A cryptographic algorithm, also called a cipher, is a mathematical function used for encryption or decryption.
Key is a number that must be used with the algorithm to produce an encrypted result or to decrypt previously encrypted information. Decryption with the correct key is simple. Decryption without the correct key is very difficult and in cases impossible for all practical purposes.
8.3 Key length and Encryption Strength
The strength of encryption is related to the difficulty of discovering the key, which in turn depends on both the cipher used and the length of the key.
Encryption strength is often described in terms of the size of the keys used to perform the encryption.In general, longer keys provide stronger encryption.
128 (bits) is the recommended length. It’s how many random bits are in the key. If somebody were break this, they would have to guess all 128 bits and that really does take a long time.
The higher the number of bits, the more difficult it is to break. It goes up exponentially fast. So when you increase one bit of key, you’re doubling the amount of time it takes to break it.
Different ciphers may require different key lengths to achieve the same level of encryption strength, on the basis of the algorithm they employ.
Because the ability to surreptitiously intercept and decrypt encrypted information has historically been a significant military asset, the US government restricts export of cryptographic software, including most software that permits use of symmetric encryption keys longer than 40 bits.
8.4 Security Mechanisms
Symmetric Methods – Only one key. Both the sender and receiver use the same key.
Asymmetric Methods – Two Keys. Public & Private. The sender uses his private key to encrypt the message and the receiver uses the public key of the sender to decrypt the message. Since the sender uses his private key , he can’t at a later stage deny having sent the message.
Both methods used to support Integrity of Message.
8.5 Public Key Infrastructure
The Public and private keys would be issued by a duly approved Certification Authority. As per the IT Act 2000 , there will be a root Certification Authority called the Controller of Certification Authority. It will oversee the functioning of all other Certification Authorities which would have to fulfill the laid down eligibility criterion and obtain licenses. The individual obtaining the keys would be issued a Digital Certificate which, besides his name ,address etc. , would also mention the public key as well as the details of the Certifying Authority.
A certificate is an electronic document used to identify one individual, a server, a company, or some other entity and to associate that entity with a public key.
Certification Authorities (CAs) are entities that validate identities and issue certificates. They can be either independent third parties or organisations running their own certificate issuing server software.
In addition to a public key, a certificate always includes the name of the entity it identifies, and expiration date, the name of the CA that issued the certificate, a serial number and other information. Most importantly, a certificate always includes the digital signature of the issuing CA and thus serves as a letter of introduction to users who know and trust the CA but don’t know the entity identified by the certificate.
The Digital Certificate would:-
Bind a public key to its owner
Be Issued and digitally signed by a trusted third party
Be Like an electronic photo-id
A digital signature is defined as:-
Data Appended to, or cryptographic transformation of, a data unit that allows a recipient of data unit to prove the source and integrity of the data unit and to protect against forgery.
The sender of a message applies a hashing algorithm to the original data to get what is called a hash value. The algorithm is called a one way hash because from the value it is not possible to decipher the original message. An alteration of even one character during transmission would give a different hash value and thus would be detected by the receiver when he applies the algorithm to the message and tallies the hash value with that sent by the sender.This helps in ensuring integrity of data.
After the hash value is calculated by the sender, he encrypts it with his private key. The resultant value is called the digital signature. It may be observed that the digital signature of a person, unlike the manual signature, is not unique. It varies according to the message to be sent. The receiver decrypts with the senders public key and obtains the hash value calculated at the senders end. Simultaneously, the receiver applies the same hashing algorithm to the message and calculates the hash value of the received message. If the two hash values tally, it means the message is as it was sent.
Since the sender “signs” the message with his private key, which is known only to him, he can’t deny having sent the message.
The whole process can be represented diagramatically as follows:-
A firewall is either a hardware device (such as router) or a software package running on a specially configured computer that sits between a secured network (Cos. Internal network) and an unsecured network (the Internet). The firewall performs several important tasks including preventing unauthorised access to the internal network, limiting incoming & outgoing traffic, authenticating users, logging traffic information and producing reports.
The fundamental role of a firewall is to monitor all the traffic that flows between the two networks. If the firewall does its job properly, an intruder will never reach the internal / protected network.
8.7 Electronic Payment Systems
Obtaining Electronic Cash
The consumer requests his or her bank to transfer money to the e-mint to obtain electronic cash
The consumer bank transfers money from the consumer’s account to the e-mint
The e-mint sends electronic cash to the consumer. The consumer saves the electronic cash on a hard drive or a smart card
Purchasing with Electronic Cash
This phase is executed whenever the consumer desires to make a purchase with electronic cash. It can take place at any time after the consumer has obtained electronic cash from the e-mint. A consumer can make purchases more than once as long as he or she does not run out of electronic cash.
The consumer selects the goods and transfers the electronic cash to the merchant
The merchant provides the goods to the consumer
Redeeming Cash by the Merchant
The merchant transfers the electronic cash to the e-mint. Alternatively, the merchant may send the electronic cash to its bank, and the bank in turn redeems the money from the e-mint
The e-mint transfers money to the merchant’s bank for crediting the merchant’s account.
Types of e-cash
Identified e-cash : contains information revealing the identity of the person who originally withdrew the money from the Bank. Identified e-cash enables the Bank to trace the money as it moves through the economy.
Anonymous e-cash: It works just like real paper cash. No transactions trail.
There are two types of e-cash :On-line e-cash and Off-line e-cash.
On-line means one needs to interact with a bank to conduct a transaction with a third party
Offline means one can conduct a transaction without having to directly involve a bank.
Problem of Double-Spending
Since e-money is just a bunch of bits, a piece of e-money is very easy to duplicate. As the copy is indistinguishable from the original, counterfeiting would be impossible to detect.
Real e-money systems must be able to prevent or detect double spending.
The consumer accesses the merchant server, and the merchant server presents its goods to the consumer.
The consumer selects the goods and purchases them by sending an electronic cheque to the merchant.
`The merchant may validate the electronic cheque with its bank for payment authorisation.
Assuming the cheque is validated, the merchant closes the transaction with the consumer.
Depositing cheques at the Merchant’s Bank
The merchant electronically forwards the cheques to its bank.
The merchant’s bank forwards the electronic cheques to the clearing house for cashing.
The clearing house works with the consumer’s bank, clears the cheque, and transfers money to the merchant’s bank, which updates the merchant’s account.
At a later time, the consumer’s bank updates the consumer with the withdrawal information.