3. Traditional Commerce
In the traditional way; The fact that
a document is written, original, and
sealed is the reason for its validity.
The parties negotiate and sign
documents phisically.
3
4. E-commerce means sharing information, maintaining commercial communications,
and conducting commercial exchanges through communication networks. One of
the important infrastructures of e-commerce is creating a safe space for
exchanging commercial data in the cyber environment. E-commerce models are:
G2G
G2C
G2B
B2B
C2C
B2C
4
Electronic Commerce
16. Cryptography is a science that encrypts data using
mathematics and can return it to its normal state again.
This science realizes the possibility of storing information as
well as transferring information on an insecure medium.
Encryption is done using mathematical algorithms.
In a system, the message is encrypted at the source. After that,
the encrypted message is transferred to the receiver and there
it is decoded to get the original message.
16
Cryptography
18. Symmetric Algorithms
In secret key encryption, which is known as symmetric
encryption, a key is used to encrypt and decrypt the
message. Therefore, the sender and receiver of the
message must have a common secret, which is the key.
Des. Triple Des and AES are the famous ones, it have so
many usages in financial systems for Credit card PINs and
Telecommunications systems.
18
19. It is used to encrypt a large amount of
information.
when used together with a Digital certificate;
It keeps information confidential.
when used with an electronic signature; It
guarantees the integrity of the message.
19
Symmetric algorithms Usages
21. Symmetric keys must be distributed through a secure channel
and must be changed periodically. Example:
n*(n-1)/2 Parties Needed Keys
4 6
6 15
12 66
1000 499500
21
Key Managment
22. Pros
High-Speed encryption and decryption
Fast key generation
Cons
Multiplicity of keys for members of each relationship
Distributing the key between the communication parties
Usages
Encrypting a large amount of information when stored on an
insecure medium
Data encryption when transmitted over insecure media
22
Symmetric algorithms
23. Asymmetric Algorithms
This method uses two keys.
One key is for encryption and another is for decryption.
Two keys are mathematically related in such a way that the data
encrypted with each one can be decrypted with the other.
Each user has two keys : Public Key and Private Key.
23
26. Prons
No need to distribute and send private keys
Cons
Low speed in high data volume
The complexity of key generation
Usages
In electronic signature technology
26
Asymmetric algorithms
Translation results
In electronic signature technology
Translation results
In electronic signature technology
27. To encrypt the data for each participating party, only the
public key of that participant is needed, as a result, only the
confirmation of the public key of the participants is required.
The most important features of the asymmetric technique
are non-repudiation, electronic signature, and confirmation
of the correct data source.
27
Asymmetric algorithms
28. Hash algorithms, unlike the two mentioned
algorithms, do not use keys and perform one-way
encryption on information. The performance of these
functions on the data is such that by applying a Hash
function on a text, an abstract or digest of the text is
obtained.
28
Hash Algorithms
30. Hash is a process that mathematically reduces the
volume of a stream of data to a fixed length. (usually
128 or 160 bits)
The hash function is similar to a person's fingerprint.
.
30
Hash Algorithms
35. تعريف
•Digital Signature
– It is not like a handwritten signature.
– It is always different.
– It is based on encryption.
•Manual Signature
–It almost always looks the same.
–It can be faked.
35
Digital Signature
36. Message Hash Function
Message Digest
hash algorithm
Message
Digital Signature
Digital Signature
Sender Private Key
Encrypted Digest
160 bit Value
36
Digital Signature
41. It is issued and signed by a trusted entity.
It is based on the identity confirmation made by a center.
It contains a set of information and the public key of a person or
organization.
Its use is recorded in the certificate.
It has a specific and limited validity period.
Digital Certificate
42. There are centers that are responsible for issuing,
protecting, publishing, and revoking digital certificates.
The public keys of these companies are located in Internet
browsers by default.
Verification of people's identity is done hierarchically:
Root Certificate Authority Root CA
• Sub CA
• Registration Authority RA
Certification Authority
43. RA RA
RA RA RA
Certificate
request
Root CA
CRL
Valid
Intermediate
CA
Intermediate
CA
CA & RA
50. 50
Hardware Security Module
Hardware security modules (HSM) perform cryptographic
operations, protected by hardware (PCI boards, SCSI
boxes, smart cards, etc.)
These operations include:
Random number generation
Key generation (asymmetric and symmetric)
Private key hiding (security) from attack (no
unencrypted private keys in software or memory)
Private keys used for signing and decryption
Private keys used in PKI for storing Root Keys
51. 51
Why HSM?
A number of public key operations require the
use of private keys as part of various processes:
Cryptographically or digitally signing an object,
a file, etc.
Decrypting an encrypted object or file
These processes happen in active memory, which
is vulnerable to attack and copying of a private
key in open use, unencrypted