Documente Academic
Documente Profesional
Documente Cultură
Security Concerns
The internet is based on an open network architecture, so information can be transferred freely and efficiently. While this greatly facilitates the development of e-commerce application, it also raises many security concerns. If you have bought something over the internet before, you may have had the following worries: Worry 1: I transmit my credit card information over the internet. Can people other than the intended recipient read it? Worry 2: I agree to pay $200 for the goods. Will this payment information be captured and changed by someone on the internet? Worry 3: This company claims itself to be Company X. is this the real company X?
Security Requirements
Confidentiality:
Confidentiality makes sure that a message is kept confidential or secret such that only the intended recipient can read it.
Integrity:
Integrity makes sure that if the content of a message is altered, the receiver can detect it.
Authentication:
Authentication is about verifying identity.
Encryption
Encryption is for ensuring data confidentiality. For example, when a customer wants to send sensitive payment information to the VBS, encryption can be used to prevent other people from reading it.
Encryption key This is Plaintext Plaintext Encryption Encryption Decryption key 123@8(@ 0kfl30kfl Cipher text Decryption 123@8(@ 0kfl30kfl Cipher text
This is Plaintext
Plaintext
Decryption
Digital Signature
Besides MAC, a Digital Signature is another method used to provide data integrity. It can be viewed as a combination of message digest and public key encryption.
Step 1: Compute the message digest of the file Message Digest Step 2: Encrypt the message digest with senders private key Digital Step 3: Signature Send the file and digital signature (signed file) File + Digital Signature (signed file)
File
Receiver
Digital Signature
File
Same Accept
Steps involved
Step 1: Decrypt the digital signature with the senders public key (key public, sender) to get the message digest.i.e., DRSA[digital_signature | key public, sender] Step 2: Find the message digest of the file, i.e., HMD5[F] Step 3: Compare the two message digests as found in steps 1 and 2. If the content of the file has not been changed, HMD5[F] should be equal to DRSA [digital_signature | key public, sender]
Digital Certificate
A digital certificate is an identification document. It functions like your passport or any other identity card.
Serial No: 12345678
Public key: Name: Atif
Digital Signature
General Format of Digital Signature