Q1. Describe the role of cryptography in ensuring the security of e-commerce transactions.

What are some common cryptographic techniques used in online shopping and banking?

Cryptography is the science of securing communication and information by transforming it into an

unreadable format, known as ciphertext, using various mathematical algorithms. This ensures that
only authorized parties can access and understand the original data. Cryptography plays a crucial role
in ensuring the security of e-commerce transactions by safeguarding sensitive information like
payment details and personal data.

The role of cryptography in ensuring the security of e-commerce transactions:

1. Confidentiality: Cryptography helps keep sensitive information, such as credit card numbers and
personal data, confidential during online transactions. Even if intercepted, the encrypted data is
nearly impossible to decipher without the correct decryption key.

2. Integrity: Cryptographic techniques ensure that the data exchanged between a user and an e-
commerce website remains unchanged during transmission. If any alteration occurs, the decryption
process would fail, indicating a potential security breach.

3. Authentication: Cryptography helps verify the identity of both the user and the e-commerce
website. Users can trust that they are interacting with the legitimate website, and websites can
ensure the authenticity of their customers.

4. Non-repudiation: Cryptographic methods can be used to create digital signatures, which provide
proof that a particular message or transaction was initiated by a specific party. This helps prevent
disputes and fraud.

Common cryptographic techniques used in online shopping and banking:

1. Secure Sockets Layer (SSL) / Transport Layer Security (TLS): SSL and its successor, TLS, encrypt
data exchanged between a user's web browser and a website's server. This encryption
ensures the confidentiality and integrity of data. For example, when you see "https://" in a
website's URL, it indicates the use of SSL/TLS for secure communication.

2. Digital Signatures: Digital signatures, created using asymmetric cryptography, provide proof
of the authenticity of a message or transaction. They are used in e-commerce for signing
contracts, verifying emails, and confirming the authenticity of digital documents.
3. Public Key Infrastructure (PKI): PKI is used for creating digital signatures and certificate
management. It helps verify the authenticity of websites and users. For instance, when you visit a
website and see a padlock symbol ( ) in the browser's address bar, it signifies the use of PKI for
authentication.

4. Encryption Algorithms: Symmetric and asymmetric encryption algorithms like Advanced

Encryption Standard (AES) and RSA (Rivest-Shamir-Adleman) are used to protect data at rest and in
transit. AES is often employed to encrypt credit card information stored on servers, while RSA is used
for key exchange and digital signatures.

5. Tokenization: Tokenization replaces sensitive data (e.g., credit card numbers) with unique tokens.
Even if attackers access the tokens, they won't have access to the original data. Tokenization is
commonly used in payment processing systems.

6. Hash Functions: Hash functions like SHA-256 are used to verify data integrity. For example, a hash
value is often used to check if a downloaded file has been tampered with during transit.

7. Two-Factor Authentication (2FA): 2FA enhances security by requiring users to provide two forms of
authentication. This can include something they know (e.g., a password) and something they have
(e.g., a one-time code from a mobile app).

In summary, cryptography plays a vital role in ensuring the security of e-commerce transactions by
providing confidentiality, integrity, and authentication.