Chapter 3

Algorithms and Architecture for Security

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 1
 Outline
• Security of commercial transactions
• OSI Model for cryptographic security
• Security Services
– Confidentiality
– Data Integrity
– Identification
– Authentication
– Access control and denial of service attacks
– Non repudiation
• Key management
– Kerberos
• Certification and privilege management

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 2
 E-Commerce Security

• Security is an important consideration in EC:

– Buyers are concerned about sending their private
information on the Internet.
– Sellers are concerned about their systems being
compromised and their data being stolen.
• Security of the Internet is an afterthought
• In 1999, half of card payment disputes and frauds in
the EU are related to Internet transactions (1% of the
turn over) - FT 4/12/99

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 3
 Security of Electronic Exchanges
• Network Protection
– Access
– Routing
– Service continuity
• Protection of individual transactions
• Protection of the merchandise:
– physical goods
– virtual goods: protection of the intellectual property
• Protection of the records
– legal requirements
– privacy

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 4
 Network Security

• Aspects
– Physical connectivity -> sabotage or outages
– Availability -> Denial of service attacks
– Correct routing -> address spoofing
• Encryption is not always necessary (Minitel/i-Mode, First
Virtual, micropayments, etc.)
• Encryption is more important in open or decentralized
networks co-managed by distinct administrative entities

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 5
 Security of a Transaction

• Verification of person's identity (address) and credit

worthiness
• Threshold for calling the authorization server
• Ceiling for allowed expenses or withdrawals
• Fraud detection and management
– surveillance of activities at the points of sale
– surveillance of short-term events
– surveillance of long-term events

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 6
 Security of Payment Mechanisms

• Security depends on
– nature of money
– instrument of payment
– legal requirements
– value,
– support (container) of the value
– location of the value store
• Architecture of the payment system must reflect the
security needs

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 7
 Threats and Attacks (X.509 and
X.800)
• Passive Attacks (Sniffing or eavesdropping)
– Interception of identity
– Data interception
– Data analysis
• Active Attacks (involve some data alteration or
falsification)
– Masquerading
– Manipulation of content
• Repudiation of participation

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 8
 Passive Attacks

• Intruder logs on to the network and tries to gather information

by monitoring and copying data transmissions.
• Passive attacks are difficult to detect since they do not involve
any alteration of the data.

Info. source Info. destination

Normal flow

Intruder
Protocols for Secure Electronic
© M. H. Sherif
Commerce (2nd ed.) 9
 Active Attacks
– Masquerade and message modification
¤ Intruder obtains the user ID and password of a legitimate user
and logs on to the network to obtain additional privileges or to
modify the data being transmitted.
¤ Denial of service (DoS)
¤ Rendering a server unavailable to others
¤ DoS attacks can be done by flooding a server with multiple bogus
connection requests.
Info. source Info. destination
Normal flow

Intruder

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 10
 Cost of Security Breaches
200%
Percentage of companies experiencing attacks 168%

Percentage change in average loss since 2000

150% 137%

93%
100% 85%
73%
57%
47%
50% 35%
28%
16% 21% 21% 20%
13% 12% 12%
5% 3%
0%

Virus
abuse service
-50% Network Denial of System
Theft of access penetraion Sabotage
Laptop theft
Unauthorized Telecom fraud
proprieary info Financial fraud
-75% -79%
-100%

Source: Computer Security Institute - Survey of 500 correspondents

Note: While 344 acknowledged financial losses, only 186 could quantify those losses

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 11
 Security Services

• Confidentiality
– Symmetric cryptography
– Public key cryptography (for small messages, e.g,
symmetric key)
• Data Integrity (through a "fingerprint" or "signature" of
the message)
• Blind-signature is a special type of signature of a
message without knowing the content (used for digital
money)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 12
 Security Mechanisms

• Encryption
– to ensure confidentiality
• Authentication
– Verification of user's identity
– Access control lists for authorized access to network
resources
– Dynamic password assignment
• Message Authentication
• Non repudiation
– Digital signature, time stamping, etc.

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 13
 OSI Model for Cryptographic
Services
• Physical and Link layers: All traffic is protected. Only
confidentiality can be assured (frequency hopping,
spread spectrum, etc.)
• Network Layer: bulk protection from one end system to
another: Firewalls, IPSEC (RFC 1825)-SKIP-S/WAN-
FreeS/WAN)
• Transport Layer: when network is not reliable (SSL) or
for protection after a fault
• Application layer (high granularity and non repudiation)
– SET for Bank Cards
– EDI Security

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 14
 Tunneling

Tunnel Endpoints

Transit
Internetwork
Header

Payload Payload

Transit Internetwork
Tunnel
Tunneled
Payload

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 15
 Tunneling Protocols

• Point-to-Point Tunneling Protocol (PPTP), Microsoft’s

extension to Point-to-Point Protocol (PPP)
• Layer Two Forwarding (L2F, proposed by Cisco)
• IP Security (IPSec): an IETF standard, RFCs 2402 and
2406
• Layer Two Tunneling Protocol (L2TP), another IETF
standard for tunneling over IP, X.25, FR, or ATM
networks

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 16
 Layer 2 Tunneling Protocol (L2TP)

• Used to tunnel data using the point-to-point protocol (PPP)

• IPSec used in the transport mode for protection

IPSec IP header UDP L2TP PPP IP header TCP/UDP

Payload
header (new) header (new) header header (original) header

Address assigned by
the ISP

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 17
 IP Security (IPSec)
• IPSec operates below the transport layer (TCP, UDP),
therefore transparent to applications and end users
• IPSec provides three security services:
– authentication: with certificates using the AH
(Authentication Header) protocol
– confidentiality: encapsulates an IP datagram in a new
encrypted packet using the ESP (Encapsulating Security
Payload) protocol
– key management: concerned with the secure exchange of
keys using the IKE (Internet Key Exchange) protocol

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 18
 IPSEC Modes

• Transport mode
– Encapsulates just the payload
– Typically used for end-to-end communication between two
hosts
• Tunnel Mode
– Encapsulates the whole packet
– Used when one or both ends of the connection is a security
gateway, such as a firewall router.

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 19
 IPSec Modes
Network
Public IPSec Server
Server(s) Manager
(HTTP, FTP,
Remote Client …)

Public
Networ
k
IPSec Host

Firewall Firewall

Tunnel Mode DMZ

Transport Mode

DMZ: Demilitarized Zone

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 20
 Overhead for IPSEC Modes
IP header IPSec IP header TCP/UDP
Tunnel mode (new) header (original) header
Payload

(ESP)
outer IP header with inner IP header
gateway IP address

Transport mode IP Header IPSec TCP/UDP

Payload
(original) (header) header
(AH and/or
ESP)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 21
 Security Services for IPSec Modes
IP header IPSec IP header TCP/UDP
Payload
(new) header (original) header

AH

IP header IPSec IP header TCP/UDP

Payload
(new) header (original) header

authenticated
ESP encrypted

IP header IPSec IP header TCP/UDP ESP

Payload
(new) header (original) header trailer

authenticated

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 22
 Symmetric Encryption

Encryption Key

Ciphertext
Encryption Decryption

Clear Text Clear Text

Sender Receiver

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 23
 Secret-Key (or Symmetric)
Encryption
• The same key is used to encrypt and decrypt messages.
• The two sides must coordinate to send an encrypted
message, and key security is essential.
• Many algorithms exist:
– Data Encryption Standard (DES)
– RC2, RC4, RC5 (from RSA Data Security)
– IDEA (International Data Encryption Algorithm)
– AES (Advanced Encryption Standard)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 24
 Data Encryption Standard (DES)
• DES blocks are 64 bits; the key is 56 bits.
• DES was adopted by NBS (now NIST) in 1977 (FIPS
PUB 81) and updated in 1993, for non-military data
communication (ANSI X3.92)
• Applying 64-bit ciphertext to a DES block with the same
key recovers the 64-bit plaintext.

k k
64-bit 64- bit 64-bit
plaintext ciphertext plaintext
DES DES

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 25
 DES Chaining

• Electronic Codebook Mode (ECB) is susceptible to replay

attacks
• DES chaining (Cipher Block Chaining or CBC) breaks the
direct relationship between ciphertext and plaintext
blocks
• CBC used for non-real time encryption and to calculate
message authentication codes (MAC)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 26
 DES Chaining - CBC Mode

Source Destination

64 -bit E0 E1 E2
plaintext M0 M1 M2 Key

IV XOR XOR XOR .. D D D ..

. .
IV XOR XOR XOR
Key E E E

64 bits
ciphertext
E0 E1 E2 M0 M1 M2

IV = initialization vector

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 27
 Other DES Chaining Modes

• Cipher feed-back mode (CFB)

– Encryption of a block of m bits is done in sub-blocks of n
bits
– A new sub-block is combined with the encrypted bits
before encryption
– Used for MAC calculation
• Output feedback mode (OFB)
– Similar to the CFB but the bits used in the computation are
not transmitted
– Useful in case of transmission errors
– A mechanism for resynchronization is needed

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 28
 DES Chaining - CFB Mode
Source Destination

Shift register (m bits) Shift register (m bits)

Clear text (m bits) n bits

eliminated
n bits
eliminated e il
mil
XOR Kil Encryption XOR Kil Encryption

e il
The The
leftmost leftmost
n bits mil
n bits

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 29
 DES Chaining- OFB Mode
Source Destination

Shift register (m bits) Shift register (m bits)

Clear text (m bits)

n bits
n bits eliminated
eliminated e il
mil
XOR Kil Encryption XOR Kil Encryption

e il
The The
leftmost leftmost
n bits mil
n bits

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 30
 Extending DES Useful Life

• DES with 56-bit key is considered insecure (8-byte

blocks can be switched).
• Triple DES (3DES) is a 1999 NIST standard for Point-to-
Point Protocol (PPP):
• Uses DES three consecutive times using a different key
each time.

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 31
 Triple DES
K1 K2 K1
Source

E D E

Clear text Encrypted text

K1 K2 K1

Destination

D E D

Encrypted text Clear text

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 32
 AES (Advanced Encryption System)

• New Federal standard (2001)

• AES offers better security than DES
– Uses 128-bit secret key; can also use 192-bit and 256-bit
keys if necessary
– Based on Rijndael algorithm which uses a lot of
parallelism, making efficient use of processor resources
– Can be implemented efficiently on smart cards

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 33
 Public-Key (or Asymmetric)
Encryption
• In Public Key encryption, each user has two keys: a
public key k1 and a private key k2
• The pubic key is available to anyone but the private
key remains a secret know to the user only
• Public-key encryption reduces the problem of key
distribution among pairs of communicants

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 34
 Confidentiality with Public-Key
Cryptography
Sender Recipient

Plaintext message Plaintext message

M M

Public
key of Private
recipient Encrypted message E key of
E=Ek1(M) M=Dk2(E) recipient
(k1)
(k2)

Encryption Decryption

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 35
 Public Key Cryptography
• RSA (ISO/IEC 9796): patent expired on 9/20/2000
• DSA (FIPS 186)
• PKCS (a series of business specifications based on RSA)
• PGP (RFC 1991)
– Public key exchange with RSA and MD5 hashing
– Data compression with ZIP
– Message encryption with IDEA
– ASCII "armor" to protect binary messages through the
Internet

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 36
 Characteristics of Public-Key
Algorithms
• Algorithms require a trap-door one-way function:
– a function whose inverse is extremely difficult to compute
unless certain “trap-door” information is known.
– Systems based on the discrete logarithm problem
¤ Diffie-Hellman
¤ El-Gamal
– Systems based on the factoring problem
¤ Rivest, Shamir and Adleman (RSA)
– Systems based on the elliptic logarithm problem
• Computational load much larger than for symmetric
algorithms

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 37
 RSA Algorithm
Generate two large distinct random prime numbers
p and q
Compute N = p x q and φ (N) = (p - 1) (q - 1)
Select a random integer e, 1 < e < φ
such that gcd (e, φ ) =1
There is a unique integer d such that

ed ≡1 (mod φ )
Public key is (N, e), private key is d
Suggested values for e in practice are 3 or 216 +1

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 38
 Notes on RSA

• A public key of 512 bits is no longer safe (was factored

by a team of scientists of the National Research
Institute of Mathematics and Computer Science in the
Netherlands in 1999)
• Adi Shamir designed a factoring device named TWINKLE
to break a 512-bit key within a few days
• For short term security, keys should be at least 768 bits
• For long term security (5 -10 years), 1024 bits should
be used
• It is believed that a key of 2048 bits, would last about
15 years
• There are many computational tricks to reduce the
decoding time if the keys are available.

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 39
 Digital Envelope

• Public-key algorithms are slower than secret-key

algorithms because of their longer keys.
• A combination of secret and public-key encryption,
known as Digital Envelope, is used in real-world
applications:
– Public-key encryption is used to create and send a
symmetric key to the message recipient.
– The symmetric key is then used for symmetrical
encryption

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 40
 Digital Envelope
Public key of
Recipient Private key of
Session Key
Recipient
Session Key Digital Envelope Decryption

Encryption

Session Key
Session Key

Message Cipher- Message

Text text Text
Encryption
Decryption

Sender Recipient

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 41
 Hash Functions

• One-way function used to calculate the fingerprint or

hash or message digest h=H(M)
• It has the following characteristics
– Given M, h can be easily computed
– Given h, it is very difficult to find M (impossibility of
inversion)
– Absence of collisions (the probability of obtaining the same
value h using two different messages is very small)
– A small difference between the two messages gives a large
difference between the finger prints

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 42
 Hash Functions in Electronic
Commerce
• AR/DFP (German Banks)
• DSMR (ISO/IEC 9796)
• MCCP (ISO/IEC 1116-2)
• MD4 (RFC 1320)
• MD5 (RFC 1321) a 128-bit hash message designed by
Rivest
• NVB7.1, NVBAK (Dutch Banking Standard)
• RIPEMD-128,-160 (ISO/IEC 10118-3)
• SHA, SHA-1 (FIPS 180-1, ISO/IEC 10118-3) (Secure
Hash Algorithm 1) produces a 160-bit hash for use with
the Digital Signature Standard (DSS). Designed by NIST

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 43
 Data Integrity

• Verify that the message content has not been modified,

intentionally or accidentally during transmission
• A sequence of bits that depends on the content of the
message ("finger print") travels with the message to be
protected
• At the destination, the receiver recalculates the value
and compares it with what is received. Any difference
indicates tampering
• Blind-signature is a special type of signature of a
message without knowing the content (used for digital
money)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 44
 Verification of Integrity with
Symmetric Cryptography

Secret Key Message Secret Key

Authentication
Code (MAC)
E D
Comparison

h h

Data
Sender Receiver

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 45
 Verification of Integrity with Public
Key
Sender (User A) Receiver (User B)

M User A’s S User B’s E User B’s S User A’s M

private key public key private key public key
Dk2A Ek1B DDk2B
A Ek1A

A’s Signed Message: S = Dk2A(M) Ek1B(Dk2A(M)) S = Dk2A(E)

A more common approach is to use the fingerprint (hash) of

the message because this reduces the computational load

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 46
Digital Signature with Public Key
Encryption and Hashing

Private key Public key

Signature
E D
Comparison

h h

Data
Sender Receiver
Protocols for Secure Electronic
© M. H. Sherif
Commerce (2nd ed.) 47
Integrity Verification with Symmetric
and Public Key Encryptions
• Symmetric cryptography and hash functions
– Hash function --> Message Authentication Code (MAC) or
Hashed Message Authentication Code (HMAC)
– Encrypt the MAC with a symmetric algorithm
– This is called a "signature"
• The legitimate recipient can verify the integrity; others
cannot
• With public key cryptography, if the MAC is encrypted
with the sender's private key; anyone having the public
key can verify the integrity

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 48
 Combination of Integrity and
Confidentiality with Public Key and
Symmetric Key Encryptions
Sender Sender’s
Digest private key
Cleartext
Digital signature
Sender

Sender's signing Session secret key

certificate Receiver

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 49
 Anonymity

• Anonymous plastic support

• Anonymous recharging transaction
• Anonymous payment transaction (cannot be tied to the
holder's bank account)
• Anonymity for face-to-face commerce
• Anonymity for remote transactions
• Use of "mix networks" to achieve anonymity and
untraceability of the sender (David Chaum)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 50
 Basic Idea of Mixes
If the sender wants to establish anonymity, it
chooses n mixes (M1,.., MN) with addresses
AM1, ..., AMN and encrypts the message using the
public keys of the successive mixes as well as the
end receiver after adding a random blinding
factor to prevent replay attacks as follows:
N1 = PKM1 (AM2, k1, N2)
N2 = PKM2 (AM3, k2, N3)
...
Nn+1 = PKR(N)
Protocols for Secure Electronic
© M. H. Sherif
Commerce (2nd ed.) 51
 Extension to Bilateral Anonymous
Communications
• Receiver repeats the same steps
• For Web publishing with client and servers remain
anonymous
– use pseudonyms
– generate session keys for the pseudonym
– exchange the keys through another channel with
dynamically generated addresses to prevent replay attacks
• See: T. Demuth, Establishing bilateral anonymous
communication in open networks, IFIP TC11 17th
International Conference on Information Security (SEC
2002)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 52
 Elliptic Curve Discrete Logarithm

• Require shorter keys than RSA to achieve the same

level of security
• A 160-bit elliptic curve key is roughly equivalent to a
1024-bit RSA key
• Elliptic Curve Digital Signature Algorithm (ECDSA) is
standardized ANSI X9.62 and IEEE P1363

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 53
 PKCS

• A set of business standards developed by RSA

Laboratories in collaboration with others
• Describe the mechanisms for data encryption, message
formats, key formats, etc.
• Described in IETF documents but not standardized
because they use proprietary algorithms

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 54
 PGP (Pretty Good Privacy)

• Uses RSA with MD5 Hashing

• Data Compression with ZIP
• Message Encryption with IDEA
• Not suitable for large scale applications

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 55
 Identification and Authentication

• In one step:
– with symmetric cryptography
– with biometric recognition
• In two steps with public key cryptography
• In public cryptography, requires a certification
infrastructure

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 56
 Biometric Identification

• Identification systems
– centralized data base
– used with badge, password
• Verification system
– distributed architecture
– compare actual data with data stored on a card
– verify privileges

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 57
 Classification of Biometric Systems

• Characteristics used (acquired vs. innate)

• Identification systems
– biometric data match an entry in a database
– supplement another identifier (password, badge, etc.)
• Verification systems
– biometric data match what is stored in user credentials
(e.g., a smart cart) to verify access privileges

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 58
 Biometrics Framework for
Identification
Main Frame
Yes/No
Features Search
Sensor Image processing
extraction and
compare

Bio reader

Data Data
base base

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 59
 Biometrics Framework for
Verification
PC
Yes/No
Features
Sensor Image processing
extraction Matching

Bio reader

Reference pattern
Smart card

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 60
Applications and Mode of Operations
• Applications:
– Face-to-face applications
¤ Secure access to physical areas
¤ Check cashing
¤ Identification of bodies
– Remote
¤ Secure access to networks
¤ Telework (telecommuting)
¤ Mobile telephony
¤ Electronic co
• Mode of operation (on-line, off-line, semi-online)
¤ commerce on the internet

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 61
 Measures of Accuracy

• Identification systems
– rate of mix-up of identities
– percent rejects of authorized identities
• Verification systems
– rate of false rejects
– rate of false acceptances

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 62
 Acquired Biometrics

• Handwritten signature
• Voice
• Keystroke dynamics
• Gait

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 63
 Innate Biometrics

• Photo image
• Fingerprint
• Iris scan
• Retina
• Dental imprints
• Shape of the hand, the ear, etc.
• DNA

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 64
 Voice Systems
• Speaker identification vs. speaker verification
• Size of voice prints 1 - 70 K octets depending on
algorithm and duration
• Performance depends on ambient noise, network
conditions, etc
– AT&T's text-to-speech algorithm sounds human
– Bacob and Keyware technologies for electronic commerce
(by phone) http://www.keywareusa.com)
– Motorola/Trintech for mobile commerce
– ITU SG16: distributed speech recognition and distributed
speaker verification systems

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 65
 Manual Signature Recognition

• Static by comparing to a stored signature

• Dynamic (using a special stylus and pad) to analyze
movement dynamics (speed, acceleration, pressure,
etc.)
• http://www.wacom.com
• FSTC has a project for signature recognition on checks
• Relatively large rate of false rejects

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 66
 Keyboard Recognition

• Characteristics of keyboard typing

• Net Nanny Software (http://www.biopassword.com)
• Reference contains at least 8 characters and training
requires 8 repetitions.
• Verification requires 15 trials.

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 67
 Retinal Recognition

• Configuration of blood vessels in the eye

• Descriptor's size 35 octets
• Secure access (military, high security prisons, etc.)
• Enrollment in 60 s but requires an invasive exam
• Verification time is about 5 s for a library of 1500
persons
• Rate of false acceptance claimed to be 1 per million
• EyeDentify, Inc. (http://www.eye-dentify.com) since
1975

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 68
 Iris Recognition

• Description of iris patterns in 256 octets (2048 bits)

• Less invasive and less complex than retinal scanning
• IriScan, Inc. (http://www.iriscan.com) now Iridian
• Duration of capture claimed to be less than 1 sec.
• Independent verification of performance may be
needed.

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 69
 Face Recognition

• Template from 100 to 800 octets

• A person can be detected from a library of 5 000 to
50,000 images
• Verification lasts 3 to 20 s.
• Affected by other factors (wearing glasses,
moustaches, lighting, head inclination, etc.)
• TrueFace™ (from Miros)
• Visionics (www.viisage.com) has implemented FaceIt®
from Rockfeller University

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 70
 Performance of Face Recognition
Systems
• US Army Research Laboratory results from 1996 to
1997: the rate of false rejects increase with the time
between the reference image and the execution image

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 71
 Finger Prints or Finger Images

• Performance
– rate of false rejects in commercial systems (3%)
– false acceptance (1 in a million)
• Phenomenon used to record the s minutia
– Capacitance (Infineon, Secugen)
– Electric field (Authentec, Veridicom)
– Optical and optoelectronic (Identix, Who?Vision)
– Temperature (Thomson-CSF)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 72
 Hand Geometry

• Used for control access to U.S. entry

• Enrollment takes a few minutes
• Template has a size of 9 octets
• BiomMet Partners (http://www.biomet.ch) and
Recognition Systems (http://www.recogsys.com)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 73
 Summary of Biometric Identification
• Acquired characteristics
– Handwritten signature (500-1000 octets)
– Voice print (1000-2000 octets)
– Keystroke dynamics
• Innate characteristics
– Photo image (100-800 octets)
– Fingerprint (500-1000 octets)
– Iris scan(256 octets)
– Retina (35 octets)
– Shape of the hand (9 octets)
• BIOAPI

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 74
 Major Problems for Large Scale
Operation of Biometric Systems
• Systems are not interoperable at any level (hardware,
software, architecture, application, etc.)
• Business demands are not focused or strong enough to
encourage standardization
• IPR and Patents
• No single place responsible for evaluation and
standardization
• What happens if an identifier is compromised?

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 75
 Biometrics Points of Vulnerability

PC
Yes/No
Features
Sensor Image processing
extraction Matching

Bio reader

Reference pattern
Smart card

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 76
 Biometrics in a Networked
Environment
Manager of the
relation
(ISP, Airport authority
etc..)
Biometrics Performance depends on
Individual to be
identified
Application
User
the exchange of
performance and fault
management information
Biometrics across administrative
Service Provider
domains

Network Provider 1 Network Provider 2

Infrastructure Provider (s)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 77
Authentiction with Digital Certificate

• Certificate issued by a
Certification Authority
Name : “Richard”
• Verifies the identity of Public Key:
the holder of a public key Serial # : 29483756
Expires : 6/18/02
• Structure governed by Signed : CA’s Signature
ITU Recommendation
X.509

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 78
 Access Control

• Identity-based access control: identity determines

access rights
• Role-base access control: identity and role determine
access privileges
• At the network layer, access control in IP networks is
based on:
– packet filtering
– application level gateways
– using dedicated servers such as RADIUS and TACACS

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 79
Remote Access Control with RADIUS

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 80
 Denial of Service (DOS)

• Result for the failure of access control

• Inherently associated with IP networks because:
– control and user data share the same physical and logical
bandwidths
– IP is a connectionless protocol so call admission is
irrelevant
• In distributed denial of service attacks, many
compromised hosts may send useless packets back to
the targeted host

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 81
 Non-Repudiation

• This is a legal concept that requires the intervention of

a third party
• Non-repudiation at the origin
• Non-repudiation at the destination
• Easier with public key cryptography than with
symmetric cryptography
• No backup of private signature key
• Time-stamping and sequence numbers

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 82
Technical Aspects of Nonrepudiation
(X.813)

• Generation of proofs
• Recording of proofs
• Verification of proofs
• Retrieval and re-verification of the proofs

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 83
 Key Management
• Production
• Storage
• Distribution
• Utilization (Exchange)- Kerberos/Diffie-Hellman
– ISAKMP- Cisco
– SKIP- Sun
– KEA -NSA
• Withdrawal, Replacement
• Deletion
• Back-up and Archival - not of private signature keys

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 84
 KERBEROS

• Produced by the MIT (ftp://athena-

dist.mit.edu/keberos)
• Version 5 currently in use
• Free version called Heidmal (Swedish Institute of
Computer Science)
• Public key version used in NetBill (RFC 1510)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 85
 Authentication in Kerberos
M
3 - Service
Service request Request
comprises the
session ticket
4 - Optional Response of the
and an
authentication
merchant's server
note encrypted
with the session 1 - Request of a session ticket
key C KS

2 - Ticket
acquisition

Message 2 contains a session encryption key encrypted with a common

symmetric key between the client and the Kerberos server and a session ticket
with information encrypted by the common symmetric key between the
merchant and the Kerberos server

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 86
 Public Key Infrastructure

• Types of Certificates:
– Identity
– Privileges or attributes
• SDSI (Simple Distributed Security Infrastructure)
• SPKI (Simple Public Key Infrastructure): for privileges
• Online management of certification
– CMP (Certificate Management Protocol): key exchange and
cross-certification (Entrust and IBM, as part of PKIX): RFC
2510
– OCSP (Online Certification Status Protocol): RFC 2560

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 87
 Certificate Management

• X.509/ISO/IEC 9594-1- Four versions

• Directory System is LDAP
• EDIFACT has a different approach- DEDICA
• Certification Path and Recursive Verification
• Cross-certification
• Authorities needed:
– Certification authorities
– Naming or Registering authorities
– Directory

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 88
 Communication Protocols in the
X.500 Directory System
Directory
DSA
DSP
DSA Directory system protocol
(DSP) of X.518
Directory access protocol
(DAP) of X.519 DSP DSA

Directory information shadowing protocol

(DISP) of X.525

Work station with a Directory access protocol Duplicate DSP

directory user agent (DAP) of X.519 directory
(DUA) DSA
Directory system protocol
DSA
(DSP) of X.518

DSP
DSA

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 89
 Simplification of X.509

• LDAP (RFC 2251) is carried directly over TCP/IP

• LDAP has simplified information models and object
classes
• LDAP is restricted to the client side
• LDAP does not react to what happens on the service
side, for example, duplication of entries.
• LDSPv3 does not mandate any strong authentication
mechanism
• PKIX (IETF) simplifies the X.509 infrastructure and
access policies

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 90
 Certification Authority (CA)

• A trusted third party that issues digital certificates

• Individuals or companies apply for digital certificate by
sending their public key and identifying information to
CA.
• CA verifies the information and creates a certificate
containing the applicant’s name, public key, and the
key’s expiration date.
• Each certificate has a unique serial number for
identifying it.
• CA uses its private key to encrypt the certificate and
sends the signed certificate to the applicant.

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 91
 Basic Content of the X.509
Certificate
• Version
• Certificate serial number
• Identifier of the algorithm used to sign the certificate
and the parameters used
• Name of the certification authority
• Expiration date of the certificate
• User's references
• Information concerning the public key algorithm of the
sender, its parameters and the public key itself

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 92
 Authentication Steps

• Verify the signature of the certification authority

• Extraction of the requester's public key from the
certificate
• Verification of the validity of the certificate by
comparison of with the certificate revocation list (CRL)
• Establishment of a certification path between the
certification authority and the authority that the server
recognizes
• Determination of the privileges that the requester
enjoys (e.g., financial data)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 93
Recursive Verification of Certificates
Root Authority (RA)

Authority
A
Subject = Authority A
Public key of A
Authority
Signature of RA
Subject = B
Authority B
Public key of B
Signature of A

User
Subject = Authority C
Subject = User
Public key of C
Public key of user
Signature of B
Authority
Signature of C C

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 94
Hierarchical Certification Path X.509

U«V»
V «U»

V«W» V
V«Y»
W«V»
Y«V»
Y
W
W«X»
X «W» Y«Z»
X«Z» Z «Y»
X Cross- Z Z «X»

certification
C A B
X «C» X «A» Z «B»

Z «B» = Z certifies B
Protocols for Secure Electronic
© M. H. Sherif
Commerce (2nd ed.) 95
 Banking Applications

• Bank-Led Organizations:
– The Global Trust Authority (GTA) 800 banks
– IDENTRUS (infrastructure for the TrustAct services from
SWIFT)
• VeriSign (acquired Thawte Certification)
• Scotiabank (Entrust)
– North America's biggest bank certification authority
– 150,000 digital certificates
– >500,000 online banking transactions

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 96
 IDENTRUS and TrustAct
International
Interbank
Settlement
(SWIFT)
IDENTRUS

Issuer Bank Acquirer Bank

Message
TrustAct
to the
acquirer Enterprise A Enterprise B
bank

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 97
 Attribute Management

• Grant authority to the holder of the certificate (legal

age, sufficient funds availability, payment/shipping
guarantees etc.) by reference to an identity certificate
• Allows delegation of privileges
• X.509 v. 4 (2000) defines a framework for attribute
certificates
• Useful for banks
– Scotiabank of Toronto/Canada
– US Banks: Financial Agent Secure Transaction (FAST)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 98
 Access Management

• Rules may be complex (conditional statements)

• Role-Based Access Control (RBAC) restricts access to
objects associated with a role
• NIST/OMG are developing a Resource Access Decision
(RAD) interface
• (ftp://ftp.omg.org/pub/docs/corbamed/99-03-02.pdf)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 99
 Interoperability of Certificates

• MISPC (Minimum Interoperability Specification for PKI

Components)- NIST
• GOCPKI (Government of Canada Public Key
Infrastructure)
• Internet Council of NACHA (National Automated
Clearing House Association)
• Authentication practices must be equivalent
• Independent audits

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 100
 Additional Organizations

• Auditing organizations: American Institute of Certified

Public Accountants and Canadian Institute of Chartered
Accountants
• http://bbbonline.org
• http://www.truste.org (Electronic Frontier Foundation
and CommerceNet)
• http://www.aece.org (Spain)

Protocols for Secure Electronic

© M. H. Sherif
Commerce (2nd ed.) 101