3.15.tls - Securing Internet Communication CS 161 -...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Securing Internet Communication CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ March 15, 2010 Todays Lecture Applying crypto technology in practice Goal #1: overview of the most prominent Internet security protocols SSL/TLS : transport-level (process-to-process) ala TCP DNSSEC : securing domain name lookups (Others: SSH, and to a lesser extent, IPSEC) Issues that arising in securing these Goal #2: cement understanding of crypto building blocks & how theyre used together Building Secure End-to-End Channels End-to-end = communication protections achieved all the way from originating client to intended server With no need to trust intermediaries Dealing with threats: Eavesdropping? Encryption (including session keys) Manipulation (injection, MITM)? Integrity (use of a MAC); replay protection Impersonation? Signatures End-to-End Powerful Protections Attacker runs a sniffer to capture our WiFi session? (maybe by breaking crummy WEP security) Encrypted communication is unreadable No problem! DNS cache poisoning? Client goes to wrong server Detects impersonation No problem! Attacker hijacks our connection, injects new traffic Data receiver rejects it due to failed integrity check No problem! Powerful Protections, cont DHCP spoofing? Client goes to wrong server Detects impersonation No problem! Attacker manipulates routing to run us by an eavesdropper or take us to the wrong server?...
View Full Document

This note was uploaded on 04/14/2010 for the course CS 161 taught by Professor Wagner during the Spring '10 term at University of Central Arkansas.

Page1 / 20

3.15.tls - Securing Internet Communication CS 161 -...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online