E-Commerce and Web Application

Topic – 5: Secure Messaging

Course Teacher:
Sultana Jahan Soheli
Assistant Professor
Department of Information & Communication
Engineering
 Topic Contents
5.1 Introduction
5.2 Symmetric Data Encryption with Private Key
5.2.1 Digital Encryption Standard
5.2.2 Triple DES Encryption
5.2.3 Advanced Encryption Standard
5.3 Public Key Encryption
5.3.1 RSA Encryption Scheme
5.3.2 Diffie-Hellman Key Exchange Algorithm
5.3.3 Combining RSA with DES
5.4 Public Key Certifying Authority
5.5 Digital Signature
E-Commerce and E- Governance
Lecture 5

SECURE MESSAGING

Payment Systems in E-Commerce

5.3 PUBLIC KEY ENCRYPTION
Private-Key Cryptography
• traditional private/secret/single key
cryptography uses one key
• shared by both sender and receiver
• if this key is disclosed communications are
compromised
• also is symmetric, parties are equal
• hence does not protect sender from receiver
forging a message & claiming is sent by sender

4
 Public-Key Cryptography
• probably most significant advance in the 3000
year history of cryptography
• uses two keys – a public & a private key
• asymmetric since parties are not equal
• uses clever application of number theoretic
concepts to function
• complements rather than replaces private key
crypto

5
 Public-Key Cryptography
• public-key/two-key/asymmetric cryptography
involves the use of two keys:
– a public-key, which may be known by anybody,
and can be used to encrypt messages, and verify
signatures
– a private-key, known only to the recipient, used
to decrypt messages, and sign (create) signatures
• is asymmetric because
– those who encrypt messages or verify signatures
cannot decrypt messages or create signatures

6
Public-Key Cryptography

7
 Why Public-Key Cryptography?
• developed to address two key issues:
– key distribution – how to have secure
communications in general without having to trust
a KDC with your key
– digital signatures – how to verify a message
comes intact from the claimed sender
• public invention due to Whitfield Diffie &
Martin Hellman at Stanford Uni in 1976
– known earlier in classified community

8
 Public-Key Characteristics
• Public-Key algorithms rely on two keys with
the characteristics that it is:
– computationally infeasible to find decryption key
knowing only algorithm & encryption key
– computationally easy to en/decrypt messages
when the relevant (en/decrypt) key is known
– either of the two related keys can be used for
encryption, with the other used for decryption (in
some schemes)

9
Public-Key Cryptosystems

10
 Public-Key Applications
• can classify uses into 3 categories:
– encryption/decryption (provide secrecy)
– digital signatures (provide authentication)
– key exchange (of session keys)
• some algorithms are suitable for all uses,
others are specific to one

11
 Security of Public Key Schemes
• like private key schemes brute force exhaustive
search attack is always theoretically possible
• but keys used are too large (>512bits)
• security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard
(cryptanalyse) problems
• more generally the hard problem is known, its just
made too hard to do in practise
• requires the use of very large numbers
• hence is slow compared to private key schemes

12
 Modular Arithmetic Operations
• is 'clock arithmetic'
• uses a finite number of values, and loops back
from either end
• modular arithmetic is when do addition &
multiplication and modulo reduce answer
• can do reduction at any point, ie
a+b mod n = [a mod n + b mod n] mod n

13
Modulo 8 Addition Example
+ 0 1 2 3 4 5 6 7
0 0 1 2 3 4 5 6 7
1 1 2 3 4 5 6 7 0
2 2 3 4 5 6 7 0 1
3 3 4 5 6 7 0 1 2
4 4 5 6 7 0 1 2 3
5 5 6 7 0 1 2 3 4
6 6 7 0 1 2 3 4 5
7 7 0 1 2 3 4 5 6
14
5.3.1 RSA Encryption Scheme
Currently the most popular public key encryption method was proposed by Rivest,
Shamir and Adleman in 1978 and is called the RSA scheme.

 It is a block cipher in which the plain text and ciphertext and keys are usually
1024 bits long (around 309 decimal digits). It can, however, work with any block size
with integers 0 to (n - 1) for some n. The encryption and decryption in RSA is
performed as shown below.

Let M= plain text block (≤ n) M and n are integers

C = ciphertext block
Given M
C= Me mod n Encryption scheme e is an integer
M= Cd mod n Decryption scheme d is an integer

The operation Me mod n and Cd mod n are known as modular exponentiation. The
public key is (n, e) and the private key is (n, d).

Given n we have to find a-pair e, d which satisfies the encryption and decryption
schemes.

This is done by using the following process.

15
 Fermat's Theorem
ap-1 = 1 (mod p)
 where p is prime and gcd(a,p)=1
also known as Fermat’s Little Theorem
also ap = a (mod p)
useful in public key and primality testing

16
 Euler Totient Function ø(n)
when doing arithmetic modulo n
complete set of residues is: 0..n-1
reduced set of residues is those numbers (residues)
which are relatively prime to n
eg for n=10,
complete set of residues is {0,1,2,3,4,5,6,7,8,9}
reduced set of residues is {1,3,7,9}
number of elements in reduced set of residues is
called the Euler Totient Function ø(n)

17
 Euler Totient Function ø(n)
to compute ø(n) need to count number of
residues to be excluded
in general need prime factorization, but
for p (p prime) ø(p) = p-1
for p.q (p,q prime) ø(pq) =(p-1)x(q-
1)
eg.
ø(37) = 36
ø(21) = (3–1)x(7–1) = 2x6 = 12

18
 Euler's Theorem
a generalisation of Fermat's Theorem
aø(n) = 1 (mod n)
for any a,n where gcd(a,n)=1
eg.
a=3;n=10; ø(10)=4;
hence 34 = 81 = 1 mod 10
a=2;n=11; ø(11)=10;
hence 210 = 1024 = 1 mod 11

19
 RSA Key Setup

each user generates a public/private key pair by:

selecting two large primes at random - p, q
computing their system modulus N=p.q
note ø(N)=(p-1)(q-1)
selecting at random the encryption key e
where 1<e<ø(N), gcd(e,ø(N))=1
solve following equation to find decryption key d
e.d=1 mod ø(N) and 0≤d≤N
publish their public encryption key: KU={e,N}
keep secret private decryption key: KR={d,p,q}
20
 RSA Use
• to encrypt a message M the sender:
– obtains public key of recipient KU={e,N}
– computes: C=Me mod N, where 0≤M<N
• to decrypt the ciphertext C the owner:
– uses their private key KR={d,p,q}
– computes: M=Cd mod N
• note that the message M must be smaller
than the modulus N (block if needed)

21
 Why RSA Works
• because of Euler's Theorem:
• aø(n)mod N = 1
– where gcd(a,N)=1
• in RSA have:
– N=p.q
– ø(N)=(p-1)(q-1)
– carefully chosen e & d to be inverses mod ø(N)
– hence e.d=1+k.ø(N) for some k
• hence :
Cd = (Me)d = M1+k.ø(N) = M1.(Mø(N))q = M1.
(1)q = M1 = M mod N

22
 RSA Example
1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160
Value is d=23 since 23×7=161= 10×160+1
6. Publish public key KU={7,187}
7. Keep secret private key KR={23,17,11}

23
 RSA Example cont
• sample RSA encryption/decryption is:
• given message M = 88 (nb. 88<187)
• encryption:
C = 887 mod 187 = 11
• decryption:
M = 1123 mod 187 = 88

24
 RSA Key Generation
• users of RSA must:
– determine two primes at random - p, q
– select either e or d and compute the other
• primes p,q must not be easily derived from
modulus N=p.q
– means must be sufficiently large
– typically guess and use probabilistic test
• exponents e, d are inverses, so use Inverse
algorithm to compute the other

25
5.3.2 Diffie-Hellman Key Exchange Algorithm
• first public-key type scheme proposed
– For key distribution only
• by Diffie & Hellman in 1976 along with the
exposition of public key concepts
– note: now know that James Ellis (UK CESG)
secretly proposed the concept in 1970
• is a practical method for public exchange of a
secret key
• used in a number of commercial products

26
 Diffie-Hellman Setup
• all users agree on global parameters:
– large prime integer or polynomial q
– α a primitive root mod q
• each user (eg. A) generates their key
– chooses a secret key (number): xA < q
xA
– compute their public key: yA = α mod q
• each user makes public that key yA

27
 Diffie-Hellman Key Exchange
• shared session key for users A & B is K:
xB
K = y A mod q (which B can compute)
xA
K = y B mod q (which A can compute)
(example)
• K is used as session key in private-key encryption
scheme between Alice and Bob
• if Alice and Bob subsequently communicate, they will
have the same key as before, unless they choose new
public-keys
• attacker needs an x, must solve discrete log

28
 Diffie-Hellman Example
• users Alice & Bob who wish to swap keys:
• agree on prime q=353 and α=3
• select random secret keys:
– A chooses xA=97, B chooses xB=233
• compute public keys:
– yA=397 mod 353 = 40 (Alice)
– yB=3233 mod 353 = 248 (Bob)
• compute shared session key as:
xA 97
KAB= yB mod 353 = 248 = 160 (Alice)
xB 233
KAB= yA mod 353 = 40 = 160 (Bob)

29
 Diffie-Hellman Example
• users Alice & Bob who wish to swap keys:
• agree on prime q=353 and α=3
• select random secret keys:
– A chooses xA=97, B chooses xB=233
• compute public keys:
– yA=397 mod 353 = 40 (Alice)
– yB=3233 mod 353 = 248 (Bob)
• compute shared session key as:
xA 97
KAB= y B mod 353 = 248 = 160 (Alice)
xB 233
KAB= y A mod 353 = 40 = 160 (Bob)

30
31
5.3.3 Combining RSA with DES
We saw that 3DES is computationally simple to implement and fast whereas RSA
is computationally complex.

 The primary disadvantage of 3DES is the key distribution problem which is

simpler in the RSA system. If we can combine the two systems to get the advantage
of computational simplicity of 3DES without having the problem of key distribution it
will be a good system.

This can be done as shown in Figure 5.10.

32
5.4 PUBLIC KEY CERTIFYING AUTHORITY
In RSA an entity A has to know the public key of another entity B to be able to
send encrypted information to it.

 If A sends an e-mail to B and requests its public key it may be intercepted by a

third party C which may send its public key to A.

A will not know this and all communications from A to B henceforth can be
decrypted by C. Thus, A must be sure that the public key it gets from B does
indeed belongs to B.

Further, A must be sure that B is a legitimate business and can be trusted.. To

ensure this most countries have established a hierarchical system of public key
certifying authorities which issues a public key certificate to an individual or
organization for a fee.

The procedure followed is described below:

1. An entity wanting its public key certified usually sends by registered post or
courier its public key to be certified, certified copy of postal address and a
certificate such as sales tax certificate or income tax certificate. These documents
are needed by the authority to ensure that it is a genuine company. An individual
would normally send along with his/her public key, address proof such as telephone
bill and passport copy certified by a notary by
33
registered post. Certifying authority may also accept these documents encrypted
using the authority's public key.
2. The certifying authority may in case of doubt send inspectors to verify the
information given by the applicant. Else, it will certify the public key by attaching
the approved public key certificate. The certificate has an internationally agreed
upon format as shown in Table 5.2(a). It has information such as name of the
organization, a unique identification number and time stamp of when the certificate
was issued and its validity period.

34
 •Suppose A wants its public key certificate. It applies to the certifying authority
with all relevant documents. If the authority is satisfied, it will approve the
certificate. It will be encrypted with the authority’s private key and sent to A. It also
maintains a list of public keys which are revoked [See Table 5.2 (b) for format]. We
explain later why a public certificate may be revoked.

•This certificate can be decrypted using the public key of the certifying
authority. This certificate is an important document which A can intimate to any
other entity which wants to have e-commerce transactions with A.

•Suppose B wants to transact business with A, the following procedure is

followed by B (See also Figure 5.11). B requests A for its public key certificate. A
sends to B the certificate encrypted with the certifying authority’s private key which
it had received in Step 1.

• B can decrypt it using the public key of the certifying authority. The fact that
the certificate is encrypted with certifying authority's private key gives B the
assurance that the public key of A is indeed given by the certifying authority and is
not a fake.

•From the decrypted certificate B can extract A's public key and other details
such as validity period of the certificate and whether it is currently valid. B is now
confident that it can transact business with A. Before this B should also send its
public key certificate to A following a procedure similar to the one followed by A.
35
 A public key may be revoked by a certifying authority for several reasons
such as bankruptcy of a company or on the request of the company if it doubts
that its private key is compromised.

Thus, the authority periodically publishes a revocation list whose format is

given in Table 5.2(b).. Thus, a business should access the publicly accessible
revocation list of the certifying authority before using the public key of any
business with whom it wants to transact business.

36
5.5 DIGITAL SIGNATURE
So far we have described the methods of encrypting documents exchanged
between entities participating in e-commerce.

There is another important requirement when documents are exchanged using an

electronic communication medium. When a document such as a purchase order is
sent by post, it has two important characteristics which has to be imitated by
electronic documents.

 First, the letter head of a business, its seal and the signature of a person in the
document convinces the recipient of the authenticity of the document. Second, the
signature physically appears following the text and this ties the 'signature to the
typed matter in the document. In a legal document, every page is signed and every
correction is also signed. We have to mimic the physical signature with an -electronic
equivalent. There are two important requirements to be met by a digitally signed
electronic document.
1.A receiver R receiving a document from a sender S has to be sure it is from S.

2. The signature should be tied to the document sent by S. This will ensure that S
cannot. later claim that he or she never sent the document to R, in other words S
cannot repudiate his or her communication.

These requirements are met by the following scheme (See also Figure 5.12).
37
Step 1: Before starting a transaction, S and R exchange their public key
certificates issued by a certifying authority. This is necessary to meet
condition 1 mentioned earlier.

Step 2: S encrypts the document D to be sent to R with R's public key

getting ciphertext DE.

Step 3: R decrypts DE using its own private key and gets the original
document D.

Step 4: S makes a unique abstract of the document D called the hash of D

which we will represent by H(D). (The requirements of a function H to give a
unique hash of D will be described later). H(D) is encrypted by S with its
private key getting H(D)E.

Step 5: R decrypts H(D) E using the public key of S getting back H(D).

Step 6 : Using D obtained in step 3, R creates the hash of D, namely, H(D)

using the known hash function H.

Step 7 : R compares H(D) obtained in step 5 with that obtained in step 6.

They should exactly match. If they do, then R accepts the document as
authentic document signed by S. Else, it is rejected as a forgery.

38
39
 Hash Functions
• A hash function is like a MAC
• condenses arbitrary message to fixed size
h = H(M)
• usually assume that the hash function is public and
not keyed
-note that a MAC is keyed
• hash used to detect changes to message
• can use in various ways with message
• most often to create a digital signature

40
Hash Functions & Digital Signatures

41
 Requirements for Hash Functions
1. can be applied to any size message M
2. produces a fixed-length output h
3. is easy to compute h=H(M) for any message M
4. given h is infeasible to find x s.t. H(x)=h
• one-way property
5. given x is infeasible to find y s.t. H(y)=H(x)
• weak collision resistance
6. is infeasible to find any x,y s.t. H(y)=H(x)
• strong collision resistance

42
 Simple Hash Functions
• are several proposals for simple functions
• based on XOR of message blocks
-divide the message into equal size blocks
-perform XOR operation block by block
-final output is the hash
• not very secure
• need a stronger cryptographic function (next
chapter)

43
THANKS…

44
44