E-Commerce

Lecture 5
SECURE MESSAGING
 Advanced Encryption Standard (AES)

 As DES was becoming insecure, the National Institute of

Standards and Technology (NIST) of USA decided to introduce
a
new standard.

 In mid-1997 NIST called for worldwide participation to propose

a new secure encryption system.

 Finally in mid-2000, NIST announced the algorithm proposed

by
two Belgian cryptographers- Dr. Vincent Rijmen and Dr. John
Daemon. This was called Rijndaal algorithm which is now the
latest Advanced Encryption Standard.
 Advanced Encryption Standard (AES)

 Features specified by NIST:

- It must be an open algorithm and publicly disclosed. Security
must be ensured by the key only.
- It should be available to all without having to pay royalty.
- It should be a symmetric key method.
- It should be a block cipher with 128-bit blocks.
- It should be simple enough to be realized in hardware and
implementable even in credit cards.
- It should not have a secret entry (called trap door) known to the
designer which can be used to break the code.
- It should use keys of length 128, 192 or 256 bits.
 Advanced Encryption Standard (AES)

 Algorithm: Gist of AES Encryption

Step 1: Divide the plain text into 16-byte blocks (a0, a1,a2,……..a15)
Step 2: Arrange each block as (4×4) byte matrix called state S.

 a0 a4 a8 a12  Row 1
 
 a1 a5 a9 a13  Row 2
S 
 a2 a6 a10 a14  Row 3
a a a11 a15  Row 4
 3 7
 Advanced Encryption Standard (AES)

Step 3: S ← S key (0) where key (0) is a 4×4 byte key matrix.
The exclusive OR is bit-wise exclusive OR.
For i = 1 to 9 do the following:
Step 4: S←SUB(S) where SUB is a substitution operation in
which each byte of S is substituted by a byte of a (16×16)
substitution matrix by table lookup
Step 5: S ← left circular shift row (i) by (i-1) bytes
Step 6: S ←Mix bytes in columns of S by different amounts.
Step 7: S←S keyi, where keyi is a 4×4 byte matrix and is a function of i
end for
Step 8: S←SUB(S)
Step 9: S ← left circular shift rowi by i-1 bytes
Step 10: S←S key10
Step 11 CT←S
Step 12: Rearrange matrix CT columnwise to get 128 block of ciphertext
 Rijndael
 Rijndael, the Advanced Encryption Standard, is a symmetric block
cipher.
It uses the same key between sender and receiver to encrypt and
decrypt the message.
key is expanded to array of words
has 10/12/14 rounds in which state undergoes:
byte substitution (1 S-box used on every byte)
shift rows (permute bytes between groups/columns)
mix columns (subs using matrix multiply of groups)
add round key (XOR state with key material)
 AES Key
AES key is either 128 bits, 192 bits or 256 bits
128 bits (4 words):
11223344556677889900AABBCCDDEEFF

11 22 33 44
55 66 77 88
99 00 AA BB
CC DD EE FF
 AES Key
or 192 bits (6 words) or 256 bits (8 words)
1122334455667788 1122334455667788
9900AABBCCDDEEFF 9900AABBCCDDEEFF
1122334455667788 1122334455667788
9900AABBCCDDEEFF
11 22 33 44 11 22 33 44
55 66 77 88
55 66 77 88
99 00 AA BB
99 00 AA BB CC DD EE FF
CC DD EE FF 11 22 33 44
11 22 33 44 55 66 77 88
55 66 77 88 99 00 AA BB
CC DD EE FF
 Byte Substitution
a simple substitution of each byte
uses one table of 16x16 bytes containing a
permutation of all 256 8-bit values
each byte of state is replaced by byte indexed by row
(left 4-bits) & column (right 4-bits)
eg. byte {95} is replaced by byte in row 9 column 5
which has value {2A}
Byte Substitution
 Shift Rows
a circular byte shift in each each
1st row is unchanged
2nd row does 1 byte circular shift to left
3rd row does 2 byte circular shift to left
4th row does 3 byte circular shift to left
decrypt inverts using shifts to right
since state is processed by columns, this
step permutes bytes between the columns
 ShiftRows
S0,0 S0,1 S0,2 S0,3 S0,0 S0,1 S0,2 S0,3

S1,0 S1,1 S1,2 S1,3 S1,1 S1,2 S1,3 S1,0

S2,0 S2,1 S2,2 S2,3 S2,2 S2,3 S2,0 S2,1

S3,0 S3,1 S3,2 S3,3 S3,3 S3,0 S3,1 S3,2

12
Mix Columns
 AddRoundKey
XOR each byte of the round key with its
corresponding byte in the state array

XOR
S0,1
S0,0 S0,1 S0,2 S0,3
S1,0
S
S1,1
1,1 S1,2 S1,3 S’0,1
R0,1
S2,0 S
S2,1 S2,2 S2,3 S’0,0 S’0,1 S’0,2 S’0,3
2,1 R0,0 R0,1 R0,2 R0,3 S’
S3,0 S3,1 S3,2 S3,3 R S’1,0 S’1,1
1,1 S’1,2 S’1,3
S3,1 R1,0 R 1,1 R
1,1 1,2 R1,3
S’2,0 S’
S’2,1 S’2,2 S’2,3
R2,0 RR2,1 R2,2 R2,3 2,1
2,1 S’3,0 S’3,1 S’3,2 S’3,3
R3,0 R3,1 R3,2 R3,3 S’3,1
R3,1
 Advanced Encryption Standard (AES)

- Even though the decryption key schedule is the same for both
encryption
and decryption, the sequence of transformations needed to obtain the
plain text from the ciphertext is different.

- This implies that the software used for decryption is different from that
used for encryption.

- If the implement the encryption algorithm in hardware (IC chip) a

different hardware chip is needed for decryption.
 Public-Key Cryptography

• The main problem in symmetric key encryption is exchange of

keys between two entities who want to communicate with one
another. Suppose A and B want to communicate with one
another. A and B exchange keys via a secure channel other than
the one which will be used for business communication. In
other words A can send B key by post or secure fax. The major
problem is that if A has 1000 business partners with whom it
has to communicate 1000 unique keys have to be sent. They
should also be stored in a secure table which has to be looked
up before each transaction. Further, if the same key is used over
a long period ther is a risk of leakage of the key. Thus, the keys
used by partners have to periodically changed.
 Basic Steps in Public-Key Encryption
1. Each user generates a pair of keys called a public key and a
private key for encryption and decryption of messages.
2. Each user places his public key in a database accessible to all
other users who want to communicate with him. He keeps with
himself the companion private key as a secret key.
3. Referring to the following Figure 5.8 if Ajit wants to send a
secret message to Balu, he encrypts the message with Balu’s
public key.
 Basic Steps in Public-Key Encryption
4. When Balu receives the encrypted message from Ajit, he
decrypts it using his private key. Anyone who is able to access
the encrypted message from the communication link will not
be able to decode it as he needs Balu’s private key to decode
which is known only to Balu.
5. If Ajit wants to communication with several others, he can go
to their respective public key databases, retrieve them and use
them. If he intends to communicate with them frequently, he
can store all their public keys in a database in his own
computer. Whenever he wants to communication with one of
them, say, Chandru, he can retrieve Chandru’s public key and
use it.
6. The decryption key used by any person is private and
generated locally. Thus, there is no key distribution problem.
If an organization has some suspicion that its private key has
leaked, it can immediately change its private key and replace
its old public key with a new public key corresponding to the
new private key.
 Public-Key Cryptography

• public-key/two-key/asymmetric cryptography involves the use

of two keys:
– a public-key, which may be known by anybody, and can be
used to encrypt messages, and verify signatures
– a private-key, known only to the recipient, used to decrypt
messages, and sign (create) signatures
• is asymmetric because
– those who encrypt messages or verify signatures cannot
decrypt messages or create signatures
Public-Key Cryptography
 RSA Encryption Scheme

Currently the most popular public key encryption method was

proposed by Rivest, Shamir and Adleman in 1978 and is called the
RSA scheme.

 It is a block cipher in which the plain text and ciphertext and keys
are usually 1024 bits long. It can, however, work with any block size
with integers 0 to (n - 1) for some n. The encryption and decryption
in RSA is performed as shown below.

Let M = plain text block (≤ n) M and n are integers

C = ciphertext block

Given M
C= Me mod n Encryption scheme e is an integer
M= Cd mod n Decryption scheme d is an integer

The operation Me mod n and Cd mod n are known as modular

exponentiation. The public key is (n, e) and the private key is (n, d).
 RSA Encryption Scheme

Given n we have to find a pair (e, d) which satisfies the encryption

and decryption schemes. This is done by using the following
process.

Step 1: Pick two large prime numbers p and q

Step 2: Find Ø = (p-1) x (q-1)
Step 3: Find e relatively prime to Ø, i,e., gcd (Ø, e) =1; 1 ˂ e ˂ Ø.
(n, e) is the public key
Step 4: Find a number d which satisfies the relation
(d x e) mod Ø =1. (n, d) is the private key

The operation Me mod n and Cd mod n are known as modular

exponentiation. The public key is (n, e) and the private key is (n, d).
 RSA Encryption Scheme

-A small example to illustrate the method. In practice, p and q are

very large primes which are at least 150 digits long to protect the
code.
- The RSA system relies on the fact that given a number which is
the product of two prime numbers, it is difficult to factor the
product to find the two prime numbers.

Example:
1. Pick prime numbers p =3, q = 11, n=p x q = 33. This implies that
the block value should be ≤ 33.
2. Ø = (p – 1) x (q-1) = 2 x 10 = 20
3. Pick a number relatively prime to Ø = 20. We pick 7. The public
key of the recipient is thus (n, e) = (33, 7).
4. To pick the private key, find d from the relation (d x e) mod (Ø)
=
(d x 7) mod 20 = 1 which gives 3 for d.
Therefore, the private key of recipient is (33,3).
 RSA Encryption Scheme

Example: Now apply the RSA algorithm to a message: CNDE

whose decimal equivalent is 3, 14, 4, 5.

Encryption: Ciphertext (C) = 3e mod n = 37 mod 33

= 2187 mod 33 = 9= I
Thus, first letter is I.
The second letter encrypted is
(14)7 mod (33) = 105413504 mod 33 = 20= T
Thus, the second letter is T.
The third letter encrypted is
(4)7 mod (33) = 16384 mod (33) =16= P
The third letter is P.
The lest letter encrypted is
(5)7 mod (33) = 78125 mod (33) = 14= N
The last letter is N.
Thus, the ciphertext corresponding to the plain text CNDE is ITPN.
Let us now decrypt this ciphertext to plain text using the private key
of the recipient of the ciphertext.
 RSA Encryption Scheme

Let us now decrypt this ciphertext to plain text using the private key
of the recipient of the ciphertext.

Decryption: Ciphertext: ITPN = 9, 20, 16, 14

The peivate key is (33, 3).

Plain text is derived using the equation M= Cd mod n

Decrypting character by character, we get

I → 9: 93 mod 33 = 729 mod 33 = 3 → C
T → 20: 203 mod 33 = 8000 mod 33 = 14 → N
P → 16: 163 mod 33 = 4096 mod 33 = 4 → D
N → 14: 143 mod 33 = 2744 mod 33 = 5 → E

Thus, plain text is CNDE as it should be.

 RSA Encryption Scheme

-The RSA algorithm is computationally more complex than DES as

we have to find high powers of an integer particularly if e and d are
large.

- Finding large primes p and q is also computationally complex. It is

also time consuming to find d and e for a given n. RSA requires
large block sizes to ensure security and this in turn makes it
substantially slower than DES.

- An interesting property of RSA encryption- the algorithm is

symmetric. If a plain text is encrypted with a private key, it can be
decrypted with the corresponding public key. This is used in
authenticating a message and signing it digitally.
 Diffie-Hellman Key Exchange Algorithm

-Another public key encryption method called Diffie-Hellman key

exchange algorithm .

- The advantage of this method compared to RSA is the fact that the
key to exchange messages by sender and receiver is identical and
each can calculate it using the public key exchanged between them.
 Diffie-Hellman Key Exchange Algorithm

The steps of the algorithm are:

Step 1: Two numbers are selected. We will call them q and a. q is a prime
number. a ˂q is a primitive root of q. a is a primitive root of q if
the following is true:
a mod q, a2 mod q, a3 mod q, ……., aq-1 mod q are distinct and
are numbers 1 to q – 1 in some permutation.
Step 2: The sender selects a random number XS ˂ q which is private
is to him. The sender calculates his public key YS = aXS mod q.
Step 3: The receiver selects a random number XR ˂ q. XR is private
to him. The receiver calculates his public key YR = aXR mod q.
Step 4: The sender and receiver exchange their public keys.
Step 5: S generates secret key K = (YR)XS mod q
Step 6: R generates secret key K = (YS)XR mod q
It can be seen that K = (YR)XS mod q = (aXR)XS mod q
= (YS)XR mod q = (aXS)XR mod q
 Diffie-Hellman Key Exchange Algorithm

-The secret key K of both the receiver and sender are identical and
can be calculated from each other’s public key and private random
number XS and XR.

-This method ensures both secrecy and authenticity of messages

exchanged between the sender and the receiver as the secret key
could not have been calculated from the public keys which each of
them calculated using q and a. As XS and XR are secret, K cannot
be calculated even if q and a are public knowledge. Thus, q and a
can be sent to R by S along with YS.

-It has been found that if q, a and YR are captured by an attacker he

can try various values of XS and XR and calculate K. Thus, in this
method it is safer to change the public keys in each session (or
transaction) between the sender and receiver.
 Diffie-Hellman Key Exchange Algorithm

-The Diffie – Hellman key exchange method is used in B2C e-

commerce. We give one example below of a customer and a
merchant negotiating sale of a product with the customer using a
credit card. This is a very simple protocol in which the merchant is
able to read the customer’s credit card number along with the
purchase order. The sequence of exchange of information between
the customer and the merchant is explained below.
 Diffie-Hellman Key Exchange Algorithm

Step 1: A customer logs on to the site of the merchant requesting

service.
Step 2: The merchant’s server selects a random prime number q and
calculates a the primitive root of q. The server selects a
random number XS ˂q and calculates YS = aXS mod q. YS is
the merchant’s public key which is sent to the customer
along with q and a by the merchant’s server.
Step 3: The customer’s computer selects a random number XR ˂ q.
It calculates its public key YR = aXR mod q and sends it to
the merchant’s server.
Step 4: The customer’s computer generates a secret key K = (YS) XR
mod q. It encrypts the credit card number and purchase
order with K and sends it to the merchant’s server.
Step 5: The merchant’s server locally calculates K as (YR) XS mod q
and decrypts the credit card number and purchase order. It
sends an acknowledgement to the customer.
 DIGITAL SIGNATURE

 There are two important requirements to be met by a digitally

signed electronic document.

1.A receiver R receiving a document from a sender S has to be sure it

is from S.

2.The signature should be tied to the document sent by S. This will

ensure that S cannot later claim that he or she never sent the document
to R, in other words S cannot repudiate his or her communication.
 DIGITAL SIGNATURE

These requirements are met by the following scheme:

 DIGITAL SIGNATURE

Step 1: Before starting a transaction, S and R exchange their public key

certificates issued by a certifying authority. This is necessary to
meet condition 1 mentioned earlier.
Step 2: S encrypts the document D to be sent to R with R's public key
getting ciphertext DE.
Step 3: R decrypts DE using its own private key and gets the original
document D.
Step 4: S makes a unique abstract of the document D called the hash of D
which we will represent by H(D). H(D) is encrypted by S with its
private key getting H(D)E.
Step 5: R decrypts H(D) E using the public key of S getting back H(D).
Step 6: Using D obtained in step 3, R creates the hash of D, namely, H(D)
using the known hash function H.
Step 7: R compares H(D) obtained in step 5 with that obtained in step 6.
They should exactly match. If they do, then R accepts the document
as authentic document signed by S. Else, it is rejected as a forgery.