We have considered a wide spectrum of potential areas of concern and implemented the latest and most effective technologies to combat those who seek to compromise us and our member's security. Through the use of multiple levels of encryption and account verification, members will experience a fast, safe interface with our beting software.
We have adopted the following 'mission statement' as the basis for system development and account activity management:
The SSL protocol operates "lower down" between the application level and the transport (TCP/IP) layer. This strategy allows SSL to encrypt the data stream itself, thereby establishing a secure transmission channel for any Internet application, independent of protocol. SSL and S-HTTP are not, however, mutually exclusive. Because they operate on different levels, the protocols could be layered to double-encrypt the data.
In addition to a secure data pipe, SSL makes provisions to authenticate the identity of each server session and the member using RSA's system of digital signatures. SSL also attaches an encrypted ID to each secure session. This ID, which is cached by both parties, allows a member and the server that previously established an SSL connection to re-establish a secure channel without repeating the entire handshaking process.
The SSL handshake has been designed to make its security services as transparent as possible to members. Members click a link or a button on a page that connects to the SSL-capable server. The SSL Web server will accept SSL connection requests on a different port (port 443 by default) than standard HTTP requests (port 80 by default). When the member connects to this port, it initiates a handshake that establishes the SSL session. After the handshake finishes, communication between the SSL-enabled web server and the member's browser is encrypted and message integrity checks are performed until the SSL session expires. The SSL handshake creates a session during which the handshake only needs to happen once.
The following high-level events take place during the SSL handshake:
The member's Web browser and the web server exchange X.509 certificates to prove their identity. This exchange may optionally include an entire certificate chain, up to some root certificate. Certificates are verified by checking validity dates and verifying that the certificate bears the signature of a trusted certificate authority.
The member's Web browser randomly generates a set of keys that will be used for encryption and calculating MACs. The keys are encrypted using the server's public key and securely communicated to the server. Separate keys are used for member to server and server to member communications for a total of four keys.
A message encryption algorithm (for encryption) and hash function (for integrity) are negotiated. In the SSL implementation, the member presents a list of all the algorithms it supports, and the server selects the strongest cipher available. We retains the ability to turn particular ciphers on and off.
SSL is an industry-standard protocol that makes substantial use of public-key technology. SSL is widely deployed over the public Internet in the form of SSL-capable servers and members from the leading vendors including Microsoft, IBM, Spyglass, Netscape and Open Market. All applications used and supported by the web site will incorporate SSL to provide advanced security services. SSL provides three fundamental security services, all of which use public-key techniques:
Diagram
| Service | Underlying Technology | Protection Against |
|---|---|---|
| Message integrity | Message authentication codes | Vandals |
| Message privacy | Encryption | Eavesdroppers |
| Mutual authentication | X.509 certificates | Impostors |
[ Top of Page ]
Microsoft is pursuing an effort to create a single standard for the transfer of secure business and personal communications over insecure phone lines. A central component of this effort is to develop a method of authentication. Encryption and authentication go hand-in-hand in a secure Internet environment. Each, though distinctly different, play an important role in allowing users to pass information that is unreadable except by the intended recipient and in verifying the identify of the sender.
Authentication in a digital setting is a process whereby the receiver of a digital message can be confident of the identity of the sender and/or the integrity of the message. Authentication protocols are based on public-key cryptosystems from RSA. In public-key systems, authentication uses digital signatures, which are the equivalent of handwritten signatures for printed documents. The signature is an unforgeable piece of data asserting that a named person wrote or otherwise agreed to the document on which the signature appears. The recipient, as well as a third party, can verify both that the document did indeed originate from the person who signed it and that the document has not been altered since it was signed. A secure digital signature system therefore consists of two parts:
- A method of signing a document so that forgery is unfeasible and
- A method of signature verification.
Furthermore, secure digital signatures cannot be repudiated; that is, the signer of a document cannot later disown it by claiming it was forged, since each digital signature is registered with a so-called Certificate Authority (CA).
Recently, Microsoft created Transport Layer Security (TLS). This specification starts with Netscape's SSL version 3.0 and adds features from Microsoft's PCT version 2.0 based on feedback from cryptographers and implementers. It is intended to provide a simpler and more robust implementation than SSL or PCT, with added scalability, improved security, and the additional functionality needed for wider application of the specification.
As the TLS protocol is fully developed and integrated into Microsoft's current Internet product offering, we will adhere to these newer, more robust standards.
[ Top of Page ]
In practice, both symmetric-key and public-key techniques are used in popular security protocols such as SSL because symmetric-key algorithms tend to be much faster than public-key algorithms. To communicate securely and quickly, here is what we do:
- The member generates a random number (key) that will be used for actually encrypting the message being sent to us.
- The member encrypts the random number (key) with the public key.
- We decrypt the random number with its private key. Now we can encrypt and decrypt messages with a secret shared with only with that particular member.
- Once a secure session has been established between us and the member, ALL information transferred between the Web browser member and the server is encrypted and secure and cannot be 'listened to', intercepted, or altered.
In practice, most security protocols are much more complicated than this, but the four-step process above is illustrative of security fundamentals. SSL is an excellent example of a security protocol that uses these techniques to safeguard communications.
Private-Key cryptography
Symmetric-key or private-key cryptography uses the same key to encrypt and decrypt messages and their advantage is speed. This is a familiar real-world phenomenon: we use the same key to unlock and lock our car doors, for instance. The problem with symmetric-key cryptography is having the sender and receiver agree on a secret key without anyone else finding out. The current methods for achieving this are using telephone or fax machines, mailing on a floppy disk and using a courier, but all of these are cumbersome, slow and error-prone techniques. In addition, the number of Keys tends to be much larger than the number of nodes; that is, people may have multiple keys they use for different purposes.
A major disadvantage of private key cryptography, however, is key management, since each pair of individuals who wishes to communicate must have a unique shared key. For example, for us to use private key encrypted communication, each member would need a separate private key to keep account data and transactions secure (using the same private key with all members would allow each member to access other member's account information).
Public-Key cryptography
Public-key cryptography was invented to solve the problem inherent in private key cryptography described above. With public-key cryptography, each person gets a pair of keys, a public key and a private key. Each person's public key is published, while the private key is kept secret. For example, when a member wishes to establish a secure connection to the web site, the member encrypts the connection using our public key. When we receives the message, we decrypt it using the private key. Neither the member nor us have to share secret information before secure communication is possible.
In other words, each key actually consists of two parts: an encryption half (the "public key") and a decryption half (the "private key," which unlocks data encrypted with the matching public key). This fail-safe system allows a more convenient key distribution method-members wishing to communicate with us can use the public key. Moreover, intruders can not use an intercepted public key to decrypt files. The downside is that public key cryptosystems are typically slower than private ones.
Public-key cryptosystems are based on trapdoor one-way functions. A one-way function is a mathematical function that is significantly easier to perform in one direction (the forward direction) than in the inverse direction. One might, for example, compute the function in minutes but only be able to compute the inverse in months or years. A 'trapdoor' one-way function is a one-way function where the inverse direction is easy if you know a certain piece of information (the trapdoor), but is difficult otherwise. The public key gives information about the particular instance of the function; the private key gives information about the trapdoor. Whoever knows the trapdoor can perform the function easily in both directions, but anyone not knowing the trapdoor can perform the function only in the forward direction. The forward direction is used for encryption and signature verification; the inverse direction is used for decryption and signature generation.
In almost all public-key systems, the larger the key, the greater the difference between the efforts necessary to compute the function in the forward and inverse directions. For a digital signature to be secure for years, for example, it is necessary to use a trapdoor one-way function with inputs great enough that someone without the trapdoor would need many years to compute the inverse function. Despite the improbability of breaking the algorithm, there is cryptosystem, an additional layer of security which mandates that all digital keys expire after one year.
[ Top of Page ]
We utilizes certificate authentication services and Digital IDs from Verisign, the leading provider of digital authentication services and products for electronic commerce and other forms of secure communications.
A Digital ID binds a person's or company's identity to a digital key which can be used to conduct secure communications or transactions. This binding is achieved through a strict assurance process conducted by a trusted third party which also electronically signs the Digital ID so that parties accepting it in a transaction have confidence in its origin. The Digital ID can then be attached to electronic transactions and communications as the critical authentication component.
Verisign will ensure the authenticity of each certificate request (making sure requesters are who they claim to be). The approval process helps protect members. Upon approval, Verisign digitally signs the request and returns the unique digitally signed certificate to us.
[ Top of Page ]
