Download - Can Mathematics Secure Electronic Commerce ?
![Page 1: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/1.jpg)
Can Mathematics Secure
Electronic Commerce ?
Dr Keith Martin
Information Security Group
Department of Mathematics
Royal Holloway
![Page 2: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/2.jpg)
Activities at Royal Holloway
The Information Security Group at Royal Holloway:
• Part of the Mathematics Department
• One of the largest academic information security groups in the
world with 21 staff, 7 visiting professors, and 48 research
students
• Conducts research into areas such as design and analysis of
cryptographic protocols, smartcards, electronic commerce,
security management, integration of security into applications
• Maintains close links and performs contract research and
consulting for leading security companies and security users
![Page 3: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/3.jpg)
The Information Security Group runs an MSc in Information
Security.
In 2005:
• 180 students on campus
• 100 e-learning students
Graduates from these MSc courses are gaining employment as
IT security professionals throughout the World in sectors such
as finance, telecommunications, computing, etc etc
![Page 4: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/4.jpg)
So...
Can Mathematics
Secure Electronic Commerce?
![Page 5: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/5.jpg)
Some questions
• What is electronic commerce anyway?
• What does secure mean?
• What’s mathematics got to do with it?
![Page 6: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/6.jpg)
Agree or disagree ?
I have taken part in electronic commerce
![Page 7: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/7.jpg)
Electronic commerce is �.
Buzz buzz buzz.. but what is it?
“ the exchange of information across electronic
networks, at any stage in the supply chain,
whether within an organisation, between
businesses, between businesses and consumers,
or between the public and private sectors,
whether paid or unpaid”
Department of Trade and Industry
![Page 8: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/8.jpg)
Where’s it all coming from?
Mobile
TelecomsPSTN
Private
networks
Broadcast
INTERNET
Cable
?
Portable
computing Ambient
computing
Satellite
![Page 9: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/9.jpg)
What’s the big deal ?
E-commerce
• destroys market entry barriers
– geographic, practice, scale
• improves efficiency
– reduces overheads and costs
• creates new markets
– travel, entertainment, supermarkets, financial services
• has dramatic growth potential
![Page 10: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/10.jpg)
A Typical Graph
0
200
400
600
800
1000
1200
1400US $ Billions
1998 1999 2000 2001 2002 2003
Year
Business to Consumer Business to Business
![Page 11: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/11.jpg)
Agree or disagree ?
It is safe to buy goods over the
Internet
![Page 12: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/12.jpg)
A matter of trust
• Fraud - abuse or misuse of data
• Privacy - the mechanism by which users contain control
over their own data
• Content - access to material, intellectual property rights
• Liability - the legal framework
• Redress - resolution of disputes
Five issues that lead to lack of confidence in e-commerce:
![Page 13: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/13.jpg)
Fraud
Is the seller authentic?
Will my payment be
safe?
Is the buyer genuine?
Will I get my money?
![Page 14: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/14.jpg)
Privacy
Can I be protected from
spam?
Are my personal details
safe?
Can I use information
gathered for marketing
purposes?
![Page 15: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/15.jpg)
Content
Can I control access
to illegal/immoral
material?
Will my intellectual
property rights be
infringed?
![Page 16: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/16.jpg)
Liability
Can the contract I am
entering into be
enforced?
Can the contract I am
entering into be
enforced?
![Page 17: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/17.jpg)
Redress
Is there a clear means of
resolving disputes about
e-commerce transactions?
![Page 18: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/18.jpg)
Three key services
Authentication - to ensure that the originator or recipient
of material is the person they claim to be
Confidentiality - to ensure that data cannot be read by
anyone other than the intended recipients
Integrity - to ensure that data has not been accidentally
or deliberately corrupted
![Page 19: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/19.jpg)
CryptographyCryptography is ….
“the art of secret writing”
“the miraculous cure that will solve all computer
security problems”
“the recognised means of providing integrity,
authentication and confidentiality services in an
electronic environment ”
“These days almost all cryptologists are also
theoretical mathematicians - they have to be”
![Page 20: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/20.jpg)
Digital signaturesPu
blic Key Infrastructures
Message authentication codes
Hash functions
Block ciphe
rs
One-way functions
Zero-knowledge protocolsSecret sha
ring schem
es
Bit commitment
Stream ciphers
![Page 21: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/21.jpg)
Confidentiality
![Page 22: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/22.jpg)
Confidentiality
cryptogramc
EncipheringAlgorithm
DecipheringAlgorithm
Key k(E) Key k(D)
messagem
messagem
Interceptorc = f (m, k(E) ) m = g (c, k(D) )
![Page 23: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/23.jpg)
Symmetric Cipher System
k(D) is the same as k(E)
Mortice Lock (if you can lock, then you can unlock)
![Page 24: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/24.jpg)
The Caesar Cipher
ABCDEFGHIJKLM+OPQRSTUVWXYZABCDEFGHIJKLM+OPQRSTUVWXYZ
ABCDEFGHIJKLM+OPQRSTUVWXYZABCDEFGHIJKLM+OPQRSTUVWXYZ
sliding ruler
+OTE: There are 26 keys, i.e. 26 ‘settings’.
![Page 25: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/25.jpg)
Codeword - HSPPW
HSPPW QBYYF ZKHHO
ITQQX RCZZG ALIIP
JURRY SDAAH BMJJQ
KVSSZ TEBBI CNKKR
LWTTA UFCCJ DOLLS
MXUUB VGDDK EPMMT
NYVVC WHEEL FQNNU
OZWWD XIFFM GROOV
PAXXE YJGGN
![Page 26: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/26.jpg)
Agree or disagree ?
This number of keys is enough
1. 26 ?
2. 3 000 000 ?
3. 8 000 000 000 ?
4. 72 000 000 000 000 000 ?
5. 400 000 000 000 000 000 000 000 000 ?
6. 340 000 000 000 000 000 000 000 000 000 000
000 000 ?
![Page 27: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/27.jpg)
The Simple Substitution Cipher
a b c d e f g h i j k l m
D I Q M T B Z S Y K V O F
n o p q r s t u v w x y z
E R J A U W P X H L C N G
There are about 4 x 1026 keys
![Page 28: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/28.jpg)
Examples:
1. B TO T OTA
2. XAV
3. VBDDQD
4. VBDDQD (given that the plaintext is the
name of a country)
5. ABXAZ OOAZT CYETE FCEOE UCZXT
The Simple Substitution Cipher
![Page 29: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/29.jpg)
Letter Frequencies in English
E
A T
O
H I + R S
D L
C F G M U W
B P Y
K V
J Q X Z
![Page 30: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/30.jpg)
The simple substitution cipher has approximately
400 000 000 000 000 000 000 000 000
keys. Clearly having a lot of keys is not enough to make a
cipher system difficult to break !
A strong cipher must certainly not encrypt the same
message letter with the same ciphertext letter every time.
![Page 31: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/31.jpg)
31
Feistel Cipher
+
INPUT
L0 R0
f
L1=R0 R1 =L0+f(R0,k)
f
L2=R1
Key k
Key k
Etc�
+
R2 =L1+f(R1,k)
![Page 32: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/32.jpg)
Integrity
![Page 33: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/33.jpg)
One-way functions
A one-way function f(x) is a function for which:
• Given x, computing f(x) is easy
• Given f(x), determining x is hard
A (collision-free) one-way hash function h(x) is a one-way
function for which:
• values x of arbitrary length map to values h(x) of fixed length
• it is hard to find pairs x, y such that h(x)=h(y)
![Page 34: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/34.jpg)
Iterative Hash Function
Arbitrary length input
Iterated
compression
functionFixed length
output
Optional output
transformation
Output
![Page 35: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/35.jpg)
Agree or disagree ?
This protects against accidental modification
message, h(message)
This protects against deliberate modification
![Page 36: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/36.jpg)
Authentication
![Page 37: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/37.jpg)
Message authentication codes
A message authentication code (MAC) is a family of
functions {hk : k ∈ K} such that
• given x and k, computing hk(x) is easy
• values x of arbitrary length map to values hk(x) of fixed length
• given x, it is hard to compute hk(x) without knowledge of k
![Page 38: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/38.jpg)
Integrity with authentication
message, hk(message)
Key k Key k
![Page 39: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/39.jpg)
Confidentiality
with integrity
and authentication
Enck (message), hk(message)
Key k Key k
![Page 40: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/40.jpg)
So…
What’s the problem
with Symmetric
Cipher Systems ?
![Page 41: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/41.jpg)
Public Key Cipher System
Bevelled Sprung Lock (anyone can lock, only keyholder can unlock)
Impossible to determine k(D) from k(E)
![Page 42: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/42.jpg)
Public Key System
• It must not be possible to deduce the message from a
knowledge of the cryptogram and the enciphering key.
• A directory of all receivers plus their enciphering keys is
published.
• The only person to know any given receiver’s deciphering
key is the receiver themselves.
• An enciphering algorithm is agreed.
• Each would-be receiver publishes the key which anyone
may use to send a message to the receiver.
![Page 43: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/43.jpg)
Trapdoor one-way functions
A trapdoor one-way function f(x) is a one-way function
for which:
• given f(x) and some extra information it becomes easy to
determine x
For a public key system, the encipherment function f must
be a trapdoor one-way function, where the trapdoor is
knowledge of the deciphering key k(D)
![Page 44: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/44.jpg)
RSA System
• Publish integers n and e where n = pq (p and q large primes)
and e is chosen so that gcd{e,(p-1)(q-1)} = 1.
• If message is an integer m then the cryptogram c = me (mod n).
• The primes p and q are ‘secret’ (i.e. known only to the receiver)
and the system’s security depends on the fact that knowledge of n
will not enable the interceptor to work out p and q.
![Page 45: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/45.jpg)
RSA System
• Since gcd{e,(p-1)(q-1)} = 1 there is an integer d such that
ed = 1 (mod(p-1)(q-1)).
(without knowing p and q it is ‘impossible’ to determine d)
• To decipher raise c to the power d. Then m = cd ( = med ).
• System works because if n = pq,
a k(p-1)(q-1) + 1 = a (mod n) for all a, k.
![Page 46: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/46.jpg)
RSA Summary and Example
n = p.q 2773 = 47.59
e.d = 1 (mod(p-1) (q-1)) 17.157 = 1 (mod 2668)
Public key is (e, n) (17, 2773)
Secret key is d 157
NB : Knowledge of p and q is required to compute d.
Encryption using Public Key :
c = m e (mod n) 587 = 31 17 (mod 2773)
Decryption using Secret Key :
m = c d (mod n) 31 = 587 157 (mod 2773)
![Page 47: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/47.jpg)
So…
What’s the problem
with Public Key
Cipher Systems ?
![Page 48: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/48.jpg)
So...
Can mathematics
secure electronic commerce?
![Page 49: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/49.jpg)
And more importantly...
Does
anyone have
any easier questions?
![Page 50: Can Mathematics Secure Electronic Commerce ?](https://reader035.vdocument.in/reader035/viewer/2022071211/613d341e736caf36b75a8bad/html5/thumbnails/50.jpg)
References
• Fred Piper and Sean Murphy: Cryptography – A very short
introduction, Oxford University Press (2002)
• Simon Singh, The Code Book, Fourth Estate (2000)
• Simon Singh, The Code Book for Young People: How to Make it,
Break it, Hack it, Crack it, Delacorte Press (2002)
• http://www.isg.rhul.ac.uk/msc/teaching/ic2/ic2resources.shtml
• http://www.simonsingh.net/Crypto_Corner.html