chapter 14 authentication applications
DESCRIPTION
Chapter 14 Authentication Applications. 什麼是網路安全通訊協定. 網路安全通訊協定是一組可讓人們在網路上安全地交換資訊的一套規則與規範。. 應用層. 傳輸層. 網路層. 常用的網路安全通訊協定. 應用層的網路安全通訊協定. 開放網路系統的認證服務 ( Kerberos) 安全電子交易 ( Secure Electronic Transaction) 安全電子郵件 ( Privacy Enhanced Mail). Kerberos. - PowerPoint PPT PresentationTRANSCRIPT
-
Chapter 14Authentication Applications
-
Kerberos
(Secure Electronic Transaction)
(Privacy Enhanced Mail)
-
Kerberossupport application-level authentication developed by MIT provides centralized private-key third-party authentication in a distributed networkallows users access to services distributed through networkwithout needing to trust all workstationsrather all trust a central authentication servertwo versions in use: 4 & 5
-
Kerberos Requirementsfirst published report identified its requirements as:securityreliabilitytransparencyscalabilityimplemented using an authentication protocol based on Needham-Schroeder
-
Kerberos(Users) (Server Hosts) (Ticket Granting Server) (Authentication Server) Kerberos(Server-Client architecture)
-
KerberosKerberos
-
Kerberos
-
Kerberos
-
Kerberos
-
Secure Electronic Transactions (SET)open encryption & security specificationto protect Internet credit card transactionsdeveloped in 1996 by Mastercard, Visa etcnot a payment systemrather a set of security protocols & formatssecure communications amongst partiestrust from use of X.509v3 certificatesprivacy by restricted info to those who need it
-
(Secure Electronic Transaction) SET
-
(Secure Electronic Transaction)(Electronic Wallet)(Merchant Server) (Payment Gateway)(Certificate Authority)SET
-
(Secure Electronic Transaction)
-
SET TechnologyCondifientiality (Privacy): Integrity() Non-repudiation Authentication() Visa
Cryptographic ModulesDES, RSA, CDMFRandom Number GeneratorHashFunction SHA-1, MD5Digital Signature - RSA public key cryptographyAuthentification ModulePKCS#1, 5, 7X.509 ext 3PolicyCertificate Authority
-
(Secure Electronic Transaction)
-
(Digital Certificate)
-
V.S.
-
(Secure Electronic Transaction)
-
SET Transactioncustomer opens accountcustomer receives a certificatemerchants have their own certificatescustomer places an ordermerchant is verified by certificateorder and payment are sentmerchant requests payment authorizationmerchant confirms ordermerchant provides goods or servicemerchant requests payment
-
Dual Signaturecustomer creates dual messagesorder information (OI) for merchantpayment information (PI) for bankneither party needs details of otherbut must know they are linkeduse a dual signature for thissigned concatenated hashes of OI & PI
-
Cardholder Sends Purchase Request
-
Merchant Verifies Purchase Request
-
Merchant Verifies Purchase Request verifies cardholder certificates using CA sigsverifies dual signature using customer's public signature key to ensure order has not been tampered with in transit & that it was signed using cardholder's private signature keyprocesses order and forwards the payment information to the payment gateway for authorization (described later)sends a purchase response to cardholder
-
Payment Gateway Authorizationverifies all certificatesdecrypts digital envelope of authorization block to obtain symmetric key & then decrypts authorization blockverifies merchant's signature on authorization blockdecrypts digital envelope of payment block to obtain symmetric key & then decrypts payment blockverifies dual signature on payment blockverifies that transaction ID received from merchant matches that in PI received (indirectly) from customerrequests & receives an authorization from issuersends authorization response back to merchant
-
Payment Capturemerchant sends payment gateway a payment capture requestgateway checks requestthen causes funds to be transferred to merchants accountnotifies merchant using capture response
-
(Privacy Enhanced Mail) (Privacy Enhanced Mail)
-
(Privacy Enhanced Mail)PEM
-
(Privacy Enhanced Mail) PEM
-
(Privacy Enhanced Mail)
-
(Privacy Enhanced Mail)PEM
-
(Privacy Enhanced Mail)
-
(Privacy Enhanced Mail)MIC-CLEAR PEM MIC-ONLY MIC-CLEARPEMPEM ENCRYPTED PEM PEM
-
(Privacy Enhanced Mail)Proc-Type PEM Content-Domain MIC-Info PEMDEK-Info Key-Info Originator-Certificate PEM
-
(Privacy Enhanced Mail)MIC-ONLY Proc-Type: 4,MIC-ONLYContent-Domain: RFC822Originator-Certificate: Issuer-Certificate: MIC-Info: RSA-MD5,RSA, jV2OfH+nnXHU8bnL8kPAad/mSQlTDZlbVuxvZAOVRZ5q5+Ejl5bQvqNeqOUNQjr6EtE7K2QDeVMCyXsdJlA8fA==() LSBBIG1lc3NhZ2UgZm9yIHVzZSBpbiB0ZXN0aW5nLg0KLSBGb2xsb3dpbmcgaXMgYSBibGFuayBsaW5lOg0KDQpUaGlzIGlzIHRoZSBlbmQuDQo=()
-
(Privacy Enhanced Mail)ENCRYPTED Proc-Type: 4, ENCRYPTEDContent-Domain: RFC822DEK-Info: DES-CBC,BFF968AA74691AC1Originator-Certificate: Key-Info: RSA, I3rRIGXUGWAF8js5wCzRTkdhO34PTHdRZY9Tuvm03M+NM7fx6qc5udixps2Lng0+wGrtiUm/ovtKdinz6ZQ/aQ==()Issuer-Certificate: MIC-Info: RSA-MD5,RSA, UdFJR8u/TIGhfH65ieewe2lOW4tooa3vZCvVNGBZirf/7nrgzWDABz8w9NsXSexvAjRFbHoNPzBuxwmOAFeA0HJszL4yBvhG()Recipient-ID-Asymmetric: MFExCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEPMA0GA1UECxMGQmV0YSAxMQ8wDQYDVQQLEwZOT1RBUlk=,66Key-Info: RSA, O6BS1ww9CTyHPtS3bMLD+L0hejdvX6Qv1HK2ds2sQPEaXhX8EhvVphHYTjwekdWv7x0Z3Jx2vTAhOYHMcqqCjA== qeWlj/YJ2Uf5ng9yznPbtD0mYloSwIuV9FRYx+gzY+8iXd/NQrXHfi6/MhPfPF3djIqCJAxvld2xgqQimUzoS1a4r7kQQ5c/Iua4LqKeq3ciFzEv/MbZhA== ()
One of the best known and most widely implemented trusted third party key distribution systems. It was developed as part of Project Athena at MIT.Stallings Fig 17-10.Stallings Fig 17-11.