Electronic Commerce - PowerPoint PPT Presentation

1 / 17

About This Presentation

Title:

Electronic Commerce

Description:

... and Receiver must have the same key to encrypt and decrypt. ... Unsuitable over the Internet; since the keys must be transmitted over the insecure Internet ... – PowerPoint PPT presentation

Number of Views:44

Avg rating:3.0/5.0

Slides: 18

Provided by: nwh

Category:

more less

Transcript and Presenter's Notes

Title: Electronic Commerce

1
Electronic Commerce

Technical Issues
Norman White
Stern School of Business

2
Electronic CommerceMajor Issues

Secure transactions
Digital Cash
Marketing and logistics
Does buyer know what they are getting?
How is it delivered
Types of goods/services
Some goods can be delivered electronically
What are the implications of this?

3
Major Concern isSECURITY

Are transactions secure
Private
Traceable
Can users be authenticated etc.

4
This implies CRYPTOGRAPHY

Need to be able to encrypt messages so that they
cant be read by unauthorized people
Major breakthrough in 1970s was
PUBLIC KEY ENCRYPTION

5
Public Key Encryption

Each user of system has a public key and a
private key
Public key is know by everybody
Private key is known only by user

6
Public Key Encryption
M1 (with public key 2)
user2
user1
M2
M1
M1
user 1 sends user 2 message encoded with user 2
public key
user 2 decodes message with her private key
M2
M2
user 2 send message with user 1 public key
user 1 decodes with his private key
7
Problems

How do we distribute public keys
How do we authenicate that each user is who they
say the are
How do we develop these keys
How secure are they?
What are implications for national defense?

8
Secure Transactions

Requirements for Secure Transactions
Authentication
Message integrity
Audit Mechanisms
Privacy
Payment non-repudiation

9
Cryptographic Schemes

Data Encryption Standard (DES)
US Govt. standard for encrypting large blocks of
data adopted in 1977.
Both Sender and Receiver must have the same key
to encrypt and decrypt.
Difficult to break computationally
Unsuitable over the Internet since the keys must
be transmitted over the insecure Internet

10
Cryptographic Schemes

RSA Public-Key Cryptography
Each person has a private and a public key
Private key is never transmitted over the network
Sender uses his or her private key to create a
digital signature
The encrypted message is sent along with the
senders public key
The recipient can verify the digital signature
using the senders public key
Inefficient for large blocks of data

11
Clipper ChipShould the Govt have a backdoor

US government has been lobbying for only allowing
cryptographic systems that had a backdoor, i.e.
the government would either hold the private
keys, or use a system where the govt had a 3rd
key (so called Clipper chip)
What are the implications of this...

12
Cryptographic Schemes

Pretty Good Privacy (PGP)
Phil Zimmerman 1991
PGP creates a random session key for the message
IDEA algorithm to encrypt the message with the
session key.
RSA algorithm to encrypt the session key with
recipients public key
Bundles the message and the session key together
for transmission

13
Cryptographic Schemes (contd.)

Privacy Enhanced Mail (PEM)
IETF mail encryption standard
Standard and not an application program like PGP
With PEM messages may be signed outside the
encryption envelope, anybody can verify the
signature on PEM encrypted mail
Public key certificates must be signed by a
signing authority

14
Secure Sockets Layer

Netscape Communications security protocol
Designed to fit between application protocols
such as http, ftp, telnet.
New URL access method https to connect to
netscape servers using SSL

15
Digital Cash

Can we develop a form of digital cash that can be
used for payment
David Chaum, 1980 developed technique for
representing money anonymously like a dollar
bill.
Payer could pay a bill, but payee couldnt trace
transaction
Controversial
We need a payment mechanism for multimedia

16
Other forms of Payment