CR YPTOGRAPHY

Secure E-Commerce:
Understanding the
Public Key Cryptography
Jigsaw Puzzle
Viswanathan Kodaganallur, Ph.D.

oday almost all organizations use BASICS OF SECRET COMMUNICATIONS

T the Internet extensively for both

intra- and inter-organizational com-
munications. The Internet is also the exclu-
sive vehicle for E-commerce transactions
involving customers and other business
partners. This eliminates the significant
infrastructure costs of private data commu-
nications networks and enables even small
companies to participate in E-commerce.
However, extensive use of public media for
transferring sensitive data poses serious
security challenges.
One of the main weapons in overcoming
these challenges is public key cryptography.
Although public key cryptography is exten-
sively used today, relatively few people
(managerial and technical) understand its
essence, preferring to leave that to the spe-
cialists. Although the intricate technical
details are best left to the specialists, a solid
understanding of the broad picture is neces-
sary and well within the reach of everyone.
This article sets out to convey just such an
understanding.
Perfectly secure communication is impossi-
ble in theory. It is always a possibility for
any message to fall into the wrong hands.
The practical approach is to reduce the like-
lihood of this happening to acceptably small
levels. Nowadays encryption is the main
approach to keeping communications
secret. A message being communicated
(plaintext) is encrypted in such a way that
the encrypted message (ciphertext) can be
understood only if it is decrypted. Clearly,
the message is secret only to the extent that
decrypting the ciphertext is difficult. A mes-
sage can be encrypted in several ways.
A procedure to encrypt a message is
called a cipher. A trivial (and not very
secure) example of a cipher is one that
reverses the characters in a message. The
recipient of the message, if aware of how
the message has been encrypted, can
decrypt it by reversing the characters in the
ciphertext to recreate the plaintext.
Another example is a substitution cipher,
which works by substituting each character

VISWANATHAN KODAGANALLUR, Ph.D., is an Associate Professor of Computing and Decision Sci-

ences at Seton Hall University's Stillman School of Business. He earned his Ph.D. in operations man-
agement from the Indian Institute of Management. Dr. Kodaganallur started his working career in
academia. He then switched to the software development industry where he spent a decade before
returning to academia in 2001. His research interests include information systems security, object-ori-
ented software development, intelligent tutoring systems, and combinatorial optimization.

44 I N F O R M A T I O N S Y S T E M S S E C U R I T Y
W W W . I N F O S E C T O D A Y . C O M
 FIGURE 1 Encryption and Decryption with Key-Based Symmetric Ciphers
Shared key
plaintext Symmetric
ciphertext
cipher
Encryption
of the plaintext message with some other
character. This can be decrypted via reverse
substitution by a recipient who is aware of
what substitutions have been made. In this
example, the cipher operates in conjunction
with a secret key (the substitution scheme).
The same cipher used on the same plaintext
with a different key will yield different
ciphertext.
Single-character substitution ciphers can
be easily cracked by cryptanalysts (people
who break ciphers) through techniques such
as frequency analysis. For example, the
most frequently occurring letters in English
are “e,” “t,” and “a.” By counting the fre-
quency of each letter in the ciphertext, a
cryptanalyst can make a guess about which
letters in the ciphertext probably map to
these letters. Once these are established,
other clues, such as which letters commonly
precede and follow these letters, can be used
to make further progress.
More powerful ciphers, called block
ciphers, encode a block of text at a time
rather than just a single character. Under
these, a block of text (say, 128 bits) is
replaced with a different block of the same,
or different, size. The number of possible
transformations increases rapidly with the
block size, consequently making cryptanal-
ysis more difficult.
Although people can come up with many
different methods of encoding, the need for
standardization makes it necessary to adopt
one or a few methods universally. On the
face of it this would seem to defeat the very
purpose of encrypted communication. How-
C R Y P T O G R A P H Y
J A N U A R Y / F E B R U A R Y
Shared key
Symmetric
cipher
Decryption
ever, with something called “key-based”
ciphers, the ciphertext depends not only on
the encryption procedure but also on a secret
key used during the encryption process.
For example, suppose the plaintext is
“6011 8767 3421 8875” (perhaps a credit
card number). Let us suppose that some
specified method X is being used for
encryption. With the secret key
“7463562781,” the plaintext might get
encoded to “6bgs 8ys9 0ehw yhfk”;
whereas, using the same method X but a dif-
ferent secret key, the plaintext would be
encoded to something completely different.
To decrypt messages encrypted using key-
based ciphers, one needs to know not only
the encoding procedure but also the secret
key value. Keeping the key hidden from all
except the message recipient makes it very
difficult for unauthorized parties to obtain
the plaintext from the ciphertext, even if
they know what kind of cipher has been
used. This process is illustrated in Figure 1.
An example of a key-based block cipher
is DES (Data Encryption Standard), which
was adopted as a standard by the U.S. gov-
ernment in 1977 and the financial industry
in 1981. DES uses a 56-bit key. Today, DES
is not considered safe enough primarily
because of its small key size. Computing
technology has become powerful enough
for a cryptanalyst to exhaustively try all
possible key combinations on a DES cipher-
text within a reasonable amount of time and
hence to decode DES ciphertext even with-
out having the secret key.
45
2 0 0 6
 Prominent among the new approaches
are AES (supports key sizes of 128, 192,
and 256 bits), Triple DES (overcomes the
limited key size by applying DES three
times with two or three different keys),
Rivest ciphers (RC2, RC4, RC5, and RC6),
and others such as IDEA (International Data
Encryption Algorithm) and CAST. All the
ciphers mentioned above are called “sym-
metric key” ciphers because the same secret
key is used for encryption and decryption.
Symmetric key ciphers that are almost
impossible to break are but one part of
secure E-commerce. Other issues must be
addressed for secure communications in
today’s world, where many parties need to
communicate over an insecure medium
such as the Internet. Any scheme that is
used must ideally meet all of the following
requirements:
■ Confidentiality: It should be almost
impossible for anyone but the intended
recipient to decipher the message. This is
the most obvious aspect of secure com-
munications and is well addressed by the
symmetric key ciphers already men-
tioned.
■ Scalability: The approach should be con-
venient to use when the number of com-
municants and messages is large. Secret
communication with symmetric keys is
not scalable when used in isolation. It
runs into various problems when many
unacquainted parties need to communi-
cate secretly; as, for example, in E-com-
merce transactions.
The biggest bottleneck with such sys-
tems is the distribution and management
of the secret keys. Suppose there are n
parties communicating with each other
and all communications need to be
secret; then each party has to keep track
of one secret key for each of the n–1 par-
ties with whom it needs to communicate.
An even bigger problem is that of
safely distributing the keys in the first
place so that the secret keys do not fall
into the wrong hands. It should be possi-
ble to exchange keys safely over insecure
46 I N F O R M A T I O N
W W W . I N F O S E C T O D A Y . C O M
media; after all, it is not practical to
expect that all communicating parties
will meet in person to exchange keys.
Furthermore, to break a cipher, a cryptan-
alyst needs a lot of ciphertext created
using a single key. Thus, to minimize the
risk of compromising secrecy, it would
be necessary to periodically change the
symmetric keys used. This requirement
further complicates the task of secure key
distribution.
■ Integrity: It should be possible for the
recipient to verify that the message was
not tampered with in transit. This is
important because an attacker might
intercept a message and insert a different
one in its place. A contemporary example
of this would be when a hacker intercepts
a transmission from an E-commerce
server to a client and inserts the hacker’s
own Web page in place of the server’s
page. An unsuspecting user might then
enter sensitive information on the
hacker’s page and submit it to the hacker.
■ Authentication: It should be possible for
a message recipient to verify the identity
of the message originator in order to avoid
dealing with an imposter. This is essential
because an imposter on the Web could eas-
ily pose as a genuine E-commerce vendor
and steal sensitive information.
Another related issue is that of non-
repudiation; a sender of a message (such
as an important legal business document)
should not be able to later claim to have
never sent it. This goal is achieved once the
identity of the sender of a message can be
irrevocably established.
I will now discuss the pieces of the public
key cryptography jigsaw puzzle that address
each of these issues. Table 1 summarizes the
issues and the techniques that address each
issue. Detailed descriptions of the tech-
niques follow.
ASYMMETRIC KEY CIPHERS
We have already seen that key distribution
and management is a problem with symmet-
ric key ciphers. Whitfield Diffie and Martin
S Y S T E M S S E C U R I T Y
 TABLE 1 Issues in Public Key Cryptography

Issue Technique

Confidentiality Key-based ciphers (symmetric and asymmetric)

Scalability Asymmetric key ciphers, digital certificates, and Secure Sockets Layer
Integrity Message digests and digital signatures
Authentication Digital certificates and certificate authorities

Hellman of Stanford University made path-
breaking discoveries that gave birth to mod-
ern cryptography. They demonstrated for
the first time that it is possible for commu-
nicating parties to exchange keys securely
over insecure media. They also suggested
the concept of asymmetric key ciphers,
wherein the keys used for encryption and
decryption are different.
Although they suggested the concept of
asymmetric key ciphers, they were unable
to develop a concrete realization of the con-
cept — an actual cipher that would work as
they suggested. That was later done by the
MIT team of Ron Rivest, Adi Shamir, and
Leonard Adleman, who created RSA, the
first asymmetric key cipher. Another well-
known asymmetric key cipher is the ElGamal
cipher.
The two keys of an asymmetric cipher
form a key pair, with one of them being the
private key and the other the public key. A
key pair has the following properties:
■ A message encrypted with a public key
can be decoded only with the matching
private key. In the case of reversible
asymmetric key ciphers, the converse
also works — a message encrypted with
a private key can be decrypted only with
the matching public key.
■ Given a public key, it is almost impossi-
ble to figure out the matching private
key. By “almost impossible,” we mean
that, although it is theoretically possible
to figure out the private key given only
the public key, in practice it would take
several years of computing.
As the names imply, a private key is kept
completely private — no one but the owner
knows this key — but the public key can be
widely distributed because it does not mat-
ter who gets hold of it. Communication
using asymmetric key ciphers is called pub-
lic key cryptography.
For a concrete illustration of how secure
communication would work under this sys-
tem, suppose person A wants to send a
secret message to person B, and A and B
already have each other’s public keys (they
could have exchanged them via e-mail, for
example). Further, suppose that a hacker
(H) is eager to listen in on this communica-
tion. A would first encrypt her message
using B’s public key and send the ciphertext
to B. On receiving the message, B can
decrypt it using his private key. Even if H
sees the ciphertext, not possessing B’s pri-
vate key, H can do nothing useful with the
data. This process is illustrated in Figure 2.
B can now reply to A by encrypting the
message with A’s public key, and the con-
versation can proceed securely even though
H can potentially intercept each and every
byte of the transmissions.
Although this seems to be a foolproof
arrangement, this alone does not prevent H
from being malicious. H might be able to
intercept a message from A to B and replace
it with his own message properly encrypted
with B’s public key (recall that B makes no
effort to hide his public key). On receiving
this message, B has no way of knowing that
the integrity of the message has been com-
promised and that the message has really
been sent by an imposter acting as A.
Although confidentiality has not been com-
promised, there has been a security breach.
How can B be sure of the authenticity of the
sender of the message just by looking at the
message?

C R Y P T O G R A P H Y 47
J A N U A R Y / F E B R U A R Y 2 0 0 6
 FIGURE 2 Secret Communication with Public Keys and Asymmetric Ciphers

A’s computer B’s computer

B’s public key B’s private key

Asymmetric Asymmetric
plaintext cipher ciphertext cipher plaintext

FIGURE 3 Double Encryption Scheme with Public Key Cryptography

B’s public key A’s private key

plaintext Asymmetric Asymmetric

ciphertext 1
cipher cipher

B’s computer ciphertext

B’s private key A’s public key

Asymmetric Asymmetric
plaintext ciphertext 1
cipher cipher

There is a way by which confidentiality, ■ This approach provides confidentiality.

integrity, and authentication can all be
achieved with asymmetric ciphers. Let us
assume as before that A and B have
exchanged public keys. Now, when A wants
to send a message to B, A first encrypts the
message using B’s public key and then
encrypts the resulting ciphertext once again
using her own private key and sends the
resultant doubly encrypted message to B. B
first uses A’s public key and, on the result,
uses his own private key to get back the
original message. Figure 3 illustrates this
process.
H can decrypt using A’s public key and
undo the effect of A’s private key; but the
result is still ciphertext created with B’s
public key that requires B’s private key to
decrypt. Not possessing B’s private key,
H can go no further.
■ This approach preserves integrity. The
second step in the decryption process by
B is to use A’s public key. This can work
only on a message encrypted with A’s
private key. Not having A’s private key,
H cannot insert anything that will decrypt
properly with A’s public key.

48 I N F O R M A T I O N S Y S T E M S S E C U R I T Y
W W W . I N F O S E C T O D A Y . C O M
■ This approach provides authentication.
When B uses A’s public key followed by
his own private key and gets anything
meaningful, it is clear that the message
was actually sent by A. No one other than
A could have sent anything that could be
decrypted meaningfully with A’s public
key.
Although this seems to be a complete
solution, it leaves open two problems:
■ Encryption and decryption with asym-
metric key ciphers are extremely com-
puting intensive. The operations are
slower by a factor of 100 when compared
with symmetric key ciphers. Thus, the
above scenario is actually impractical
from a computing-time perspective.
Asymmetric key ciphers are therefore
seldom used for entire communications
unless the amount of data being
encrypted is very small. We will see later
in the article that they are generally used
only to exchange public keys spontane-
ously when needed, and to use these keys
to agree on a symmetric session key. The
session key is then used for the rest of the
session with a symmetric key cipher.
■ Communicating parties would need to
manage large numbers of public keys,
and if two unacquainted parties needed to
communicate they would have to go
through the ritual of public key exchange
first — but how do they trust each other
in the first place? Digital certificates and
certificate authorities, discussed later,
address this issue.
Although the method of double encryp-
tion of the message does solve the integrity
problem, we have seen that it is not practi-
cal. A practical approach is based on digital
signatures.
DIGITAL SIGNATURES
To explain how digital signatures work, I
first need to introduce the concept of mes-
sage digests. A message digest is a simple
number that can be quickly calculated from
an input message. A good message digest
C R Y P T O G R A P H Y
J A N U A R Y / F E B R U A R Y
has the property that if even a single bit of
the input message is changed, the digest cal-
culated will have a different value. Further,
it is almost impossible to intentionally con-
struct two messages that have the same
digest value.
For the moment, assume that we are con-
cerned only about integrity and that there is
no requirement for confidentiality. (I will
bring confidentiality back into the equation
later.) In such a case, when A sends a mes-
sage to B, A can send the message along
with its calculated digest value. On receiv-
ing the message, B re-computes the digest
value and compares it to the value sent by A.
If the two match, B can be confident that the
message was not changed in any way in
transit; if the message was modified, the two
message digest values would not match.
It is easy to see that message digests
alone are insufficient to thwart a hacker.
After all, the hacker can interpose and
replace the message with a new one and also
replace the digest with the digest corre-
sponding to the new message. Thus, the recip-
ient will find that the digests match even
though the message has lost its integrity.
Digital signatures use the concept of
message digests with an added twist based
on asymmetric keys to completely thwart
hackers from surreptitiously modifying a
message in transit. Once again we assume
that our only concern is integrity. Using dig-
ital signatures, when A sends a message to
B, A first calculates the message digest. A
then encrypts the message digest with her
private key. The result is the digital signa-
ture of the message. A now sends the origi-
nal plaintext message along with its digital
signature to B. Because the message digest
is only a simple number, using asymmetric
key ciphers on it is not computationally
intensive.
On receiving the message, B first uses
A’s public key to decrypt the digital signa-
ture. This provides B with the message
digest value. B can then independently gen-
erate the message digest from the plaintext
message and compare the two. If they
49
2 0 0 6
 FIGURE 4 Creating and Verifying Digital Signatures
Digest
plaintext Algorithm
B’s computer
A’s public key
digital Asymmetric
signature cipher
Digest
plaintext
Algorithm
match, then B is confident that no one has
tampered with the message. This process is
illustrated in Figure 4.
Under this scenario, it is impossible for
the hacker (H) to undetectably replace the
transmission with a new message and a
matching digital signature because H does
not have A’s private key. Suppose H does
replace the message with a new message
and replaces the digital signature with one
generated using his own private key and
then sends the message and the signature to
B. B, assuming that the message is coming
from A, will use A’s public key on the digi-
tal signature. This will fail to produce the
actual message digest that H calculated
because H did not use A’s private key. B
will thus know that someone has tampered
with the message.
Digital signatures do not address the con-
fidentiality issue at all. They do solve the
integrity problem completely. To a limited
extent, they also solve the problem of
authentication, if the message recipient has
the public key of the sender. In real terms it
is impractical to expect that any two com-
municants will have each other’s public
keys readily available at all times. We need
a scalable way of exchanging public keys
spontaneously with a guarantee of the iden-
tities of the parties involved. This is where
50 I N F O R M A T I O N
W W W . I N F O S E C T O D A Y . C O M
A’s private key
message Asymmetric digital
cipher
digest signature
message If the two digests
digest 1 match then B
knows that the
message is genuine
message
digest 2
digital certificates and certificate authorities
come into the picture.
DIGITAL CERTIFICATES
As before, let us assume that A and B have
already exchanged public keys and trust
each other. Suppose C now wants to have a
secure communication with A, but A and C
are not mutually acquainted. Unless A
knows or trusts C, A will refuse to have a
secure conversation with C. Suppose B
knows and trusts C. Now, because A trusts
B and B trusts C, there is a chain of trust
potentially enabling A to trust C. How is
this chain of trust established electroni-
cally? Because B trusts C, B can issue a dig-
ital certificate to C. A digital certificate
consists of identifying information about an
entity along with the signed public key of
that entity. It essentially states that the issuer
of the certificate believes that the public key
in the certificate belongs to the person
whose identifying information appears in
the certificate.
To issue a digital certificate to C, B cre-
ates a structure that contains identifying
information about C (e.g., the name and
other important public information) and
attaches C’s public key encrypted with the
private key of B. Because B is the only entity
that can use B’s private key, the certificate
S Y S T E M S S E C U R I T Y
 FIGURE 5 B Creating a Digital Certificate for C
Digest
Algorithm
Information about B
Information about C
C’s public key
essentially represents that B vouches for C’s
identity, and anyone having B’s public key
can verify the fact. This process is illus-
trated in Figure 5.
The above arrangement works fine when
there is an intermediary such as B who can
establish a chain of trust between the com-
municating parties. In most business situa-
tions, especially in Web-based business-to-
consumer E-commerce, this requirement
would be cumbersome. This issue is
addressed by certificate authorities.
CERTIFICATE AUTHORITIES
Certificate authorities (CAs) are organiza-
tions specifically created to issue digital cer-
tificates after properly verifying the
identities of entities requesting them. Many
CAs exist; some well-known ones are Veri-
sign, Certisign, and Thawte. CAs are
assumed to be trusted parties and hence the
certificates issued by them serve to verify
the identities of the parties presenting them.
For example, in a Web-based E-commerce
transaction, a buyer would want to ensure
that she is really dealing with a genuine Web
site and not that of an imposter before enter-
ing sensitive information such as a credit card
number. The vendor can establish identity by
presenting a digital certificate issued by a
CA.
The public keys of CAs are widely dis-
tributed. All Web browsers typically come
C R Y P T O G R A P H Y
J A N U A R Y / F E B R U A R Y
B’s private key
message Asymmetric
digest cipher
digital
signature
C’s digital
certificate
pre-installed with these public keys. Sup-
pose two parties A and C are unacquainted
and one of them, say C, wishes to initiate a
secure conversation with the other. C first
gets a digital certificate from a CA and pre-
sents it to A. A already has the public key of
well-known CAs and hence can use the
appropriate one to extract C’s public key
from the certificate. Similarly, A can
present her certificate to C, from which C
can get A’s public key. The above mecha-
nism can be employed to spontaneously
exchange public keys with complete confi-
dence about the identities of the communi-
cating parties.
However, as already mentioned, using
public key encryption is computing inten-
sive and impractical for complete conversa-
tions. This final hurdle is addressed by
Secure Sockets Layer.
SECURE SOCKETS LAYER
Secure Sockets Layer (SSL) was created by
Netscape Corporation to address the diffi-
culty of using public key encryption for
complete conversations. It provides a way
to use a symmetric key cipher (much more
efficient than asymmetric key ciphers) in a
secure manner. It is specifically designed
for Web-based E-commerce wherein a
browser and server need to engage in a
secure conversation. The following steps
occur in an SSL-based exchange:
51
2 0 0 6
 ■ The server presents a digital certificate
issued by a CA.
■ The browser verifies the certificate and
extracts the server’s public key.
■ The browser then generates a symmetric
key (called session key).
■ The browser encrypts the session key
with the server’s public key and sends it
to the server.
■ The server extracts the session key.
■ The browser and server conduct a secret
conversation using the shared session
key, but they can use a symmetric key
cipher for much greater efficiency.
■ Server and browser discard the session
key at the end of the conversation.
In the above scenario, only the server is
authenticated by means of a digital certifi-
cate; this is all that is typically needed for
business-to-consumer E-commerce. A ver-
sion of SSL includes client authentication as
well, which can be used when both parties
need to be authenticated.
When we see “https://——” in our
browser’s address line, it indicates that SSL,
52 I N F O R M A T I O N
W W W . I N F O S E C T O D A Y . C O M
and therefore the full weight of public key
cryptography, is in use.
CONCLUSIONS
This article has introduced the essential
aspects of public key cryptography. We
looked at the shortcomings of symmetric
key ciphers used in isolation and showed
how public key cryptography based on
asymmetric key ciphers overcomes the
problems by enabling confidentiality, mes-
sage integrity, and authentication. Finally,
we looked at the essentials of SSL, which
combines the power of public key cryptog-
raphy with the speed of symmetric key
ciphers to provide security and effi-
ciency.
References
1. Harold F. Tipton (Editor), Micki Krause (Editor),
Information Security Management Handbook,
Fifth Edition, Auerbach Publications, 2004.
2. Charlie Kaufman, Radia Perlman, Mike Speciner,
Network Security: Private Communication in a
Public World, Second Edition, Prentice Hall,
2002.
S Y S T E M S S E C U R I T Y