Professional Documents
Culture Documents
Electronic Transaction Act 2063: NITC/Ministry of Environment, Science and Technology)
Electronic Transaction Act 2063: NITC/Ministry of Environment, Science and Technology)
Requirements:
z Confidentiality
z Integrity
z Authenticity
z Non-Repudiability
Threat to Authenticity
z Masquerading
Counter Measures
z Digital Signature - Cryptographically generated credentials.
3
Creating Trust in Electronic World
Enablers:
¾Cryptographic technologies
¾Supporting Infrastructure:
Processes & Systems
Legal Frameworks
Standards
4
Electronic Transaction Act 2063 - Role of
Comptroller of Certification (CCA) Authority for
secure e-Commerce and e-Governance
5
Encryption:
z Transformation of data to Prevent information being read by
unauthorized parties.
z Sender and Receiver have to know the rules which have
been used to encrypt the data.
z Based on Algorithms which are mathematical functions for
combining the data with a string of digits called the Key. The
result is the encrypted text.
6
Public key cryptography
(Asymmetric Cryptography)
7
Digital Signature
Public
PKA
Document
Document
Document Document
Document
Document
Document
Document
CONFIRMED
CONFIRMED
Digital
Digital Digital
Digital Digital
Digital
Private Signature
Signature Signature
Signature Signature
Signature
SKA 8
Message Integrity
1. Generating the “Digest” or “Hash” of a message
through well-known hash algorithms
z one-way hash functions
No
Message
Message Message
Message Hash
Hash Message
Message Hash
Hash Reject
Message
Check
Check
Hash
Hash
Yes
Hash
Hash Accept
Hash
Hash generation Hash
Hash
Hash generation Hash Message
generation
generation function
function
function
function
10
SENDER RECEIVER
Digital Signature
z Hash value of a message when encrypted
with the private key of a person is his digital
signature on that e-Document
z Digital Signature of a person therefore varies
from document to document thus ensuring
authenticity of each word of that document.
z As the public key of the signer is known, anybody
can verify the message and the digital signature
11
Signed Confidential Messages
Message
Message Sent through Internet Hash
Hash
Encrypted Using Hash function
Message on the message
Message
Message ENCRYPT
ENCRYPT DECRYPT
DECRYPT
Message Message
Message
++ Message ++ Message
Message ++ ++
signature
signature signature
signature signature
signature
with Signature
Signature
withReceiver’s
Receiver’s with
withReceiver’s
Receiver’s
Public
PublicKey
Key Private
PrivateKey
Key COMPARE
COMPARE
Hash
Hash Sign
ed
Using Hash Function Confidential
M essa
ge
SIGN
SIGNhash
hash Hash
Hash
With Sender’s
With Sender’s
Private
Privatekey
key
VERIFY
VERIFY
Signature
Signature
With
WithSender’s
Sender’s
Sender Receiver Public
PublicKey
Key
12
Authenticity and Confidentiality
13
Authenticity and Confidentiality
z The encoded message travels on the Net, but nobody can read it :
confidentiality
14
Authenticity and Integrity
15
Putting it all together
16
Issues in Public key Cryptosystems
17
Certifying Authority
z An organization which issues public key certificates.
z Must be widely known and trusted
z Must have well defined methods of assuring the identity of
the parties to whom it issues certificates.
z Must confirm the attribution of a public key to an identified
physical person by means of a public key certificate.
z Always maintains online access to the public key certificates
issued.
18
Public-Key Certification
User Certificate Certificate
User
User
Name
Name & & User
User
Database
other
other Name
Name
credentials
credentials
Signed
Signed
by
by using
using User’s
User’s
Certificate
Request CA’s
CA’s Public
Public Publish User
User 11 certificate
private
private Key
Key
certificate
User’s
User’s key
key User
User 22 certificate
certificate
Public
Public CA’s
CA’s ..
key
key
Name
Name
Validation
Validation
period
period
Signature
Signature
of
of CA
19
CA
Contents of a Public Key Certificate
z Issued by a CA as a data message and always available
online
z S.No of the Certificate
20
Example
Certificate[1]:
Owner: CN=hitechvalley.com, OU=D&AI, O=Hi-tech Valley iNet
Pvt. Ltd., ST=Kathmandu, C=NP
Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY
LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class
3, OU="VeriSign, Inc.", O=VeriSign Trust Network
Serial number: 50daa4e88174ea478f4cfa312d51887a
Valid from: Fri Feb 13 19:00:00 EST 2004 until: Tue Feb 12
18:59:59 EST 2005
Certificate fingerprints:
MD5: 38:37:ED:EF:41:2C:DD:12:A6:AB:9B:F9:90:B0:82:37
SHA1: 0:F8:70:7A:8D:66:71:D1:BC:11:D2:41:82:5C:8A:84:91:BE:87:96
21
Example of Key
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgIQN5iSoDU+h+o0+TRta6MUfjANBgkqhkiG9w0BAQUFADCB
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMh
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBMB4XDTA2MDMwNjAwMDAw
MFoXDTA3MDIyODIzNTk1OVowgbYxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFo
MQ8wDQYDVQQHFAZUb29lbGUxJzAlBgNVBAoUHlVuaWZpZWQgU29mdHdhcmUgU29s
dXRpb25zIExMQzELMAkGA1UECxQCSVQxMzAxBgNVBAsUKlRlcm1zIG9mIHVzZSBh
dCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEcMBoGA1UEAxQTd3d3LnVuaWFw
cHN0b3JlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAznYmJlqmRgcl
POWG4rJgXz5kpkQQWP7049Btr55t5mXtj+6CO9kzdOHHEoTcROCYCl03Gn/1llD5
qtmK629wsDFn8xnHF9DTvxAIakgpPgaLeeU3QVU1PTqz04/3uyPlnVY/84Qbqms7
Nd/YuIKwXBGQO0JSraVCtZCV2eMATgsCAwEAAaOCAdIwggHOMAkGA1UdEwQCMAAw
CwYDVR0PBAQDAgWgMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9TVlJTZWN1cmUt
Y3JsLnZlcmlzaWduLmNvbS9TVlJTZWN1cmUyMDA1LmNybDBEBgNVHSAEPTA7MDkG
C2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWdu
LmNvbS9ycGEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQY
MBaAFG/sr6DdiqTv9SoQZy0/VYK81+8lMHkGCCsGAQUFBwEBBG0wazAkBggrBgEF
BQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMEMGCCsGAQUFBzAChjdodHRw
Oi8vU1ZSU2VjdXJlLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlMjAwNS1haWEu
Y2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYF
Kw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlz
aWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQB8f3fSFwNljaDG
CrlO7Xnc6lvYoDETF4YNMOWSVIx65xdfeth/ZqBbRpRzgUlo4t50Hyt1m13+HVRy
LnGQAN2Bh30Knc5L+br9ALZhrpsggX1FYb0ba4JEsHWvdN+nbmRAqk0c9sSSkLrV
zmhZOnCwW+57ake2M5Vvy25Qj7BCjqMoCPiJ5yRXvf3s8MgAz3y0AoRmp1dfbcFz
v0jDRCK0ApYDLWZTrK6AW9laY+yoQdotHoGZu0p0ewrA+PDqn/WHhsJFd9oMTFwg
3RN9p3M4V+9FNek1yVcmytOOx8LbSu8sKnxVy7ThSQdlvR56HofWipWbhmVEMb22
SqbPsESt
-----END CERTIFICATE----- 22
Certificate Revocation List
23
Public Key Infrastructure & the Electronic
Transaction Act 2063
Controller of Certifying Authorities as the “Root” Authority
certifies the technologies and practices of all the
Certifying Authorities licensed to issue Digital Signature
Certificates
24
CCA has to regulate the functioning of
CAs in the country by-
26
Audit Process
27
Auditors Panel
z To be nominated by CCA
28
Thank you
rajesh.shakya@gmail.com