GZ der Informatik / Sicherheit 1 GZ der Informatik VIII Kryptografie, Digitale Signaturen, SET Univ.-Ass. DI. Markus Seidl University of Vienna

2 Sicherheit Cryptography - to protect sensitive information - using a key - two primary encryption methods Secret-key cryptography Secret-key cryptography Public-key cryptography Public-key cryptography - SET (Secure Electronic Transaction) uses both methods

3 Sicherheit Secret-key cryptography - symmetric cryptography - same key to encrypt and decrypt the message - share a secret (key) - e.g. DES (Data Encryption Standard)

4 Sicherheit Public-key cryptography - asymmetric cryptography - uses two keys: one to encrypt and one key to decrypt the message - keys are mathematically related - user has two keys: a public and a private key - public key is distributed, private key is not disclosed - e.g. RSA (Rivest Shamir and Adleman)

5 Sicherheit SET - Encryption - confidentiality is ensured - using a randomly generated symmetric encryption key - key encrypted using the message recipient‘s public key - „digital envelope“ of the message ({M} SK {SK} PUBK_REC ) - provide highest degree of protections (keys cannot be easily reproduced) Programming methods Programming methods Random number generation algorithms Random number generation algorithms

6 Sicherheit SET – Digital Signatures - ensure integrity and authentication - mathematical relationship between the public and private keys - message digests (160 bit) value generated for a message (or document) value generated for a message (or document) unique to that message unique to that message generated by passing a one-way cryptographic function generated by passing a one-way cryptographic function - digital signature (DS) (M, {MD(M)} PRIVK_SEND ) (M, {MD(M)} PRIVK_SEND ) recipient verifies the message digest recipient verifies the message digest recipient can be sure that message really comes from the sender recipient can be sure that message really comes from the sender

7 Sicherheit SET – Digital Signatures (2) - Example Alice computes MD of a message M Alice computes MD of a message M encrypts it with her private key encrypts it with her private key send M + DS to Bob send M + DS to Bob Bob computes MD Bob computes MD decrypts DS with Alice‘s public key decrypts DS with Alice‘s public key if equal, message was signed with Alice‘s private key and message has not changed since it was signed. if equal, message was signed with Alice‘s private key and message has not changed since it was signed. - SET uses two asymmetric key pairs for each participant „key exchange“ pair (for encryption and decryption) „key exchange“ pair (for encryption and decryption) „signature“ pair (creation and verification of DS) „signature“ pair (creation and verification of DS)

8 Sicherheit SET - Certificates - authentication is further strengthended by the use of certificates - e.g. Bob wants to be sure that the public key belongs to Alice - Solution receive public key over a secure channel directly from Alice receive public key over a secure channel directly from Alice use a trusted third party (Certificate Authority) use a trusted third party (Certificate Authority) - CA (Certificate Authority) Alice provides proof of her identity Alice provides proof of her identity CA creates a message containing Alice‘s name and her public key CA creates a message containing Alice‘s name and her public key this message (certificate) is digitally signed by the CA this message (certificate) is digitally signed by the CA ({A, PUBK_A} PRIVK_CA ) public key of the CA should be known to as many people as possible public key of the CA should be known to as many people as possible SET participants have two key pairs, they also have two certificates SET participants have two key pairs, they also have two certificates the certificates are created and signed at the same time by the CA the certificates are created and signed at the same time by the CA

9 Sicherheit SET – Encryption summary

10 Sicherheit SET – Dual Signature - Dual signature - Bob sends Alice an offer - Bob sends the bank an authorization to transfer money - Generating a dual signature ( M1, MD(M2), {MD(M1)MD(M2)} PRIVK ) - Example - message from Alice to the bank with the MD of the offer - bank uses MD of Bobs´s authorisation and MD of the offer from Alice - bank checks authenticity of the offer against the dual signature - Use of dual signatures - merchant sends authorization request to the acquirer - includes payment instructions and MD of the order (by the cardholder) - the acquirer check the dual signature (MD from the merchant, MD of the payment instructions

11 Sicherheit SET – Certificate Issuance - Cardholder certificates - Merchant certificates - Payment gateway certificates - Acquirer certificates - Issuer certificates

12 Sicherheit SET – Hierarchy of trust

13 Sicherheit Zuverlässigkeit von digitalen Signaturen - Geheimhaltung des geheimen Schlüssel (Chipkarte) - Länge des Schlüssels (Anzahl) Angreifer probiert alle Schlüssel durch Angreifer probiert alle Schlüssel durch Dauer der Verschlüsselung Dauer der Verschlüsselung - Verwendetes Kryptosystem - Verwendete Komprimierungsfunktion - Authentizität des öffentlichen Schlüssels (Lösung -> Zertifikate)

14 Sicherheit Unterschiede bei Unterschriften - Eigenhändige Unterschrift kann "gefälscht" werden kann "gefälscht" werden Sicherheitsgrad fest vorgegeben Sicherheitsgrad fest vorgegeben nicht global einsetzbar nicht global einsetzbar - Digitale Unterschrift kann "gestohlen" werden (privater Schlüssel, Chipkarte) kann "gestohlen" werden (privater Schlüssel, Chipkarte) Sicherheitsgrad frei wählbar (Schlüssellänge) Sicherheitsgrad frei wählbar (Schlüssellänge) global einsetzbar (binnen Sekunden im In- und Ausland verifizierbar) Voraussetzung: Zertifizierungshierarchie global einsetzbar (binnen Sekunden im In- und Ausland verifizierbar) Voraussetzung: Zertifizierungshierarchie

15 Sicherheit Einsatzmöglichkeiten für digitale Signaturen - Authentifikation zeigt die Autorenschaft an zeigt die Autorenschaft an , Banktransaktionen, Schecks, Firmenrundschreiben, Gesetzestexte, etc.) , Banktransaktionen, Schecks, Firmenrundschreiben, Gesetzestexte, etc.) - Signierte Dokumente mit Semantik (Einverständnis mit dem Inhalt) Autorenschaft und Urheberrecht eines Dokuments Autorenschaft und Urheberrecht eines Dokuments digital unterschriebene Softwarepakete digital unterschriebene Softwarepakete - Elektronisch abgeschlossene Verträge (rechtliche Grundlage!?) - Elektronischer Handel (z.B. Einkaufen im Internet)

16 Sicherheit Notwendige Rahmenbedingungen - Gesetzliche Voraussetzungen: Schaffung der gesetzl. Grundlage für Einführung einer Zertifizierungshierarchie für Einführung einer Zertifizierungshierarchie für Rechtsverbindlichkeit von digit. Unterschriften für Rechtsverbindlichkeit von digit. Unterschriften Anerkennung und Prüfung techn. Voraussetzung (Chipkarte etc.) Anerkennung und Prüfung techn. Voraussetzung (Chipkarte etc.) - Technische Voraussetzungen (Schaffung von Standards) Schaffung von Zertifizierungsstellen Schaffung von Zertifizierungsstellen Einrichten von Zeitstempeldiensten Einrichten von Zeitstempeldiensten Verteilungsstellen für Zertifikate Verteilungsstellen für Zertifikate