{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

3.15.tls - Securing Internet Communication CS 161 Computer...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Securing Internet Communication CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ March 15, 2010 Today’s Lecture • Applying crypto technology in practice • Goal #1: overview of the most prominent Internet security protocols – SSL/TLS : transport-level (process-to-process) ala’ TCP – DNSSEC : securing domain name lookups – (Others: SSH, and to a lesser extent, IPSEC) – Issues that arising in securing these • Goal #2: cement understanding of crypto building blocks & how they’re used together Building Secure End-to-End Channels • End-to-end = communication protections achieved all the way from originating client to intended server – With no need to trust intermediaries • Dealing with threats: – Eavesdropping? • Encryption (including session keys) – Manipulation (injection, MITM)? • Integrity (use of a MAC); replay protection – Impersonation? • Signatures End-to-End ⇒ Powerful Protections • Attacker runs a sniffer to capture our WiFi session? – (maybe by breaking crummy WEP security) – Encrypted communication is unreadable • No problem! • DNS cache poisoning? – Client goes to wrong server – Detects impersonation • No problem! • Attacker hijacks our connection, injects new traffic – Data receiver rejects it due to failed integrity check • No problem! Powerful Protections, con’t • DHCP spoofing? – Client goes to wrong server – Detects impersonation • No problem! • Attacker manipulates routing to run us by an eavesdropper or take us to the wrong server?...
View Full Document

{[ snackBarMessage ]}

Page1 / 20

3.15.tls - Securing Internet Communication CS 161 Computer...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online