×

Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Cryptography and E-Commerce: A Wiley Tech Brief
     

Cryptography and E-Commerce: A Wiley Tech Brief

by Jon C. Graff
 

A clear and easy guide on how to use cryptography to secure e-commerce transactions
To be on the cutting edge of e-commerce, you need to understand how to best utilize cryptography to offer secure services for your customers over the Internet. But if you reach for most of the available books on the subject, you'll find that they are far too technical for most

Overview

A clear and easy guide on how to use cryptography to secure e-commerce transactions
To be on the cutting edge of e-commerce, you need to understand how to best utilize cryptography to offer secure services for your customers over the Internet. But if you reach for most of the available books on the subject, you'll find that they are far too technical for most business needs. If you need a quick and lucid managerial summary to help you develop effective e-commerce strategies, this is the book for you.
Geared to nontechnical managers who would like to explore the underlying concepts of modern cryptography, this book features an easily accessible, logical explanation of how cryptography works to solve real-world e-commerce problems, a tutorial on the underlying mathematics, and two case studies of PKI cryptographic architectures, showing how Kerberos and PKC can be wedded to protect a company's intranet and how a full-blown working PKI provides security to a company's Internet communications.
Divided into three major parts tailored to readers' needs-Introduction to Modern Cryptography, Tutorial on the Mathematics of Cryptography, and case studies-the book covers:
How symmetrical key cryptography ensures confidentiality of messages
How cryptography lets you detect whether a message has been modified in transit
Why the distribution of cryptographic keys is important and difficult
The nuts and bolts of Kerberos-a major component of Microsoft's Windows 2000 security solution
How Public Key Cryptography ensures security between people who share no prior secret information
Digital signatures on electronic contracts and the concept of non-repudiation
How digital certificates ensure positive identification of individuals

Editorial Reviews

Booknews
For non-technical managers who would like to explore the underlying concepts of cryptology, cryptographic architect Graff explains how it works to solve real-world problems in electronic commerce. He also provides a tutorial on the underlying mathematics and two studies of architectures. Annotation c. Book News, Inc., Portland, OR (booknews.com)

Product Details

ISBN-13:
9780471405740
Publisher:
Wiley
Publication date:
12/15/2000
Series:
Technology Briefs Series , #6
Pages:
240
Product dimensions:
7.52(w) x 9.33(h) x 0.52(d)

Read an Excerpt

Chapter 1: Integrity Protection

In its Chapter:

How you can detect if an electronic message has been modified What a cryptographic checksum is, and how it is used to ensure message integrity What MaCS are, and what MaCing is What a strong one-way function is, and how it is used to ensure message integrity How banks protect your aTM transactions from being modified during transmission. actually, the term Integrity Protection is somewhat of a misnomer. It doesn't prevent a message from being modified; it is a mechanism that detects any modification of a message. So, it really functions as an Integrity or a message modification detector.

In Chapter 1 "Symmetrical Key Cryptography," we saw how alice and Bob can send a confidential message over an insecure medium (i.e., in the presence of Eve) protected by symmetrical key cryptography. But what if alice wants to send Bob a message that she wants to be sure Eve doesn't change while the message is in transit? Because many electronic transmissions occur across "broadcast" medium, anyone (e.g., Eve) can both read and intercept messages. If Eve is malicious and clever (which we know she is), she can intercept a message and either change it or substitute a different one in its place. In Figure 2.1, we see Eve intercepting and changing an electronic check that alice is trying to send to Bob.

You may ask, based on Chapter 1, wouldn't a modern cryptographic symmetrical key cipher prevent a person from changing an encrypted message? That is, a change in the message should make the decrypted message unintelligible from that point on. Well, that's true; however, there are other considerations. First, many modern symmetricalkey ciphers are "self-correcting," especially if run in a "streaming" mode, which is used with long messages. This means that if a change is induced, there will be a short segment of the message that will not decrypt properly after the "error," but then, after the short uncorrected segment, the cipher will self-correct and properly decrypt the rest of the encrypted message. This "self-correcting" becomes a problem in a number of cases. For example, if a photograph is being sent, an error may show a small and perhaps unnoticeable glitch in the plaintext photo, which could be significant if the photo is being used for scientific or intelligence purposes, and if the glitch obscures an important feature in the photograph. another example might occur in the transmission of large block of random-looking data. Within the large block of data, a small string of incorrect data may be overlooked, or possibly even be decrypted into undetectable "normal" looking text. This incorrect data could be significant if it is part of a critically ill person's diagnostic test results.

On the other hand, maybe alice has cause to send a plaintext message to Bob, and Bob needs assurance that the plaintext message he receives from alice has not be modified either accidentally or overtly.

So, how can alice protect the message from being modified in transit? For instance, alice may be sending Bob an electronic check for a ticket for a show that everyone knows Bob is selling, so the check and the transmission are common knowledge. Nonetheless, Bob would be put out if he sold alice a $10 ticket and received an electronic check from alice for only $1.

One way alice could protect the check is to put the check in a glass box and lock the box with a secret key that only she and Bob share (see Figure 2.2). Eve could then see the check within the box when the check and box are in transit, but she couldn't change it. When Bob receives the glass box, he could unlock the lock with the secret key he shares with alice, remove the lock, open the box, and remove the check to cash it.

as we discussed in the last chapter, alice would have difficulty stuffing a glass box into a computer or telephone. So, how can alice protect the message if it is sent over an electronic medium? Modern Cryptography to the rescue! In order to explain the process, we need to make a small digression to the supermarket.

When you go to the supermarket and make purchases, you generally receive a receipt, as shown in Figure 2.3. On this receipt is a list of purchased items, their price, and at the bottom, a "sum" or "total." The total is a result of the prices of all the purchases. If you changed your purchase, the total would change (provided you bought items of different value, of course).

The total acts as a CHECKSUM, so that if you presented the receipt to a petty cash accountant for reimbursement, the accountant could total the sales and see that you had not changed it and falsified the receipt.

another property of the total acting as a checksum is that if you were to give only the total to someone, he or she would have a hard time recreating an identical detailed receipt that matched yours. The total (or sum, or checksum) is an example of a ONE-WaY FUNCTION. a property of the one-way function is that it is difficult to reconstruct the function's result (in this case, the total) without the original input.However, the shopping receipt total or checksum is said to be a WEaK ONE-WaY FUNCTION, because it is possible in a finite period of time to come up with another receipt that has the same total. To find this second list, you'd do a lot of guessing and fiddling with various goods until you have a selection of different items that would give the original checksum value, but you could do it if you wanted...

Meet the Author

JON C. GRAFF, PhD, is Vice President and Chief Cryptographic Architect at NetReliance. An internationally known speaker and author, he has architected cryptographic systems for companies such as Tracor Ultron, Wells Fargo Bank, KPMG, Deloitte & Touche, the California Independent System Operator (Cal ISO), and NetReliance.

Customer Reviews

Average Review:

Post to your social network

     

Most Helpful Customer Reviews

See all customer reviews