Overview

Security Concerns Security Requirements Encryption Digital Signature Digital Certificates

Security Concerns
The internet is based on an open network architecture, so information can be transferred freely and efficiently. While this greatly facilitates the development of e-commerce application, it also raises many security concerns. If you have bought something over the internet before, you may have had the following worries: Worry 1: I transmit my credit card information over the internet. Can people other than the intended recipient read it? Worry 2: I agree to pay $200 for the goods. Will this payment information be captured and changed by someone on the internet? Worry 3: This company claims itself to be Company X. is this the real company X?

Security Requirements
Confidentiality:
Confidentiality makes sure that a message is kept confidential or secret such that only the intended recipient can read it.

Integrity:
Integrity makes sure that if the content of a message is altered, the receiver can detect it.

Authentication:
Authentication is about verifying identity.

Encryption
Encryption is for ensuring data confidentiality. For example, when a customer wants to send sensitive payment information to the VBS, encryption can be used to prevent other people from reading it.

Encryption key This is Plaintext Plaintext Encryption Encryption Decryption key 123@8(@ 0kfl30kfl Cipher text Decryption 123@8(@ 0kfl30kfl Cipher text

This is Plaintext
Plaintext

Decryption

Digital Signature
Besides MAC, a Digital Signature is another method used to provide data integrity. It can be viewed as a combination of message digest and public key encryption.

Step 1: Compute the message digest of the file Message Digest Step 2: Encrypt the message digest with senders private key Digital Step 3: Signature Send the file and digital signature (signed file) File + Digital Signature (signed file)

File

Steps in Digital Signature verification

Sender
Signed file

Receiver
Digital Signature

File

Step 1a: Find

the messages digest of the file Message Digest

Step 1b: Decrypt the

digital signature with senders public key Message Digest

Step 2: Compare the two message digests Different Reject

Same Accept

Steps involved
Step 1: Decrypt the digital signature with the senders public key (key public, sender) to get the message digest.i.e., DRSA[digital_signature | key public, sender] Step 2: Find the message digest of the file, i.e., HMD5[F] Step 3: Compare the two message digests as found in steps 1 and 2. If the content of the file has not been changed, HMD5[F] should be equal to DRSA [digital_signature | key public, sender]

Digital Certificate
A digital certificate is an identification document. It functions like your passport or any other identity card.
Serial No: 12345678
Public key: Name: Atif

Expiry Date: 9/12/2003

Signed by CAs Private Key

Digital Signature
General Format of Digital Signature