lect18 - 1.264 Lecture 18 Security: certificates, SSL...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
1.264 Lecture 18 Security: certificates, SSL Banking, monitoring
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Case study 3 Network attack and defense List 4 strategies that firewalls and SSL don’t address List measures to mitigate these risks
Background image of page 2
Case study 4 What is the credit card fraud rate in various countries? What is the merchant discount? What fraction of merchant discount goes to Fraud costs Interest costs Incentives How do credit card companies make money? Focus on the US What implications does this have for your organization?
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Digital signatures Sender signature Digital signature Sender signature Sender’s private key Sender’s public key Sender Recipient Use public/private key in opposite fashion from message encryption to provide sender authentication Sender signs document with her private key Receiver decrypts with sender’s public key If the decryption is correct, message must have been sent by sender Compare: Encryption: Sender signs message with receiver public key and sends Receiver decrypts with her private key This allows any sender to send secure messages to any receiver Secure Sockets Layer(SSL) distributes public keys– covered next Digital signature: Sender signs message with own private key and sends Receiver decrypts with sender’s public key This allows any receiver to verify the sender of any message
Background image of page 4
Digital signatures, cont. Problems with digital signatures Spoofer can cut and paste encrypted signature from old message to new faked message. One solution is for receiver to send ‘challenge phrase’ to sender Sender then encrypts with private key and sends to receiver, who can check if it’s what she sent initially Spoofer can alter parts of the message Solution is message digest functions to provide integrity check Message digest is function run on entire message that produces short digest, often 128 bits (note that 2 128 is a very big number of combinations!) Send hash and message. Receiver hashes message and checks if same hash.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Digital envelopes To solve performance problems with public key encryption 1. Client generates session key, a secret symmetric key, at random 2. Client encrypts msg using session key and symmetric algorithm 3. Client encrypts session key with receiver’s public key: digital envelope 4. Client sends encrypted message and digital envelope to receiver 5. Receiver uses her private key to decrypt envelope and get session key 6. Receiver uses session key to decrypt message 7. When session is over, both parties discard session key 8. Optionally, digital certificate could be used at start of session to verify client identity Secure Sockets Layer (SSL) essentially implements this Most widely used security system on Web
Background image of page 6
Secure Sockets Layer (SSL) Dominant protocol for browser-server communications Being standardized as Transport Layer Security (TLS), TLS 1.0 is essentially the same as current
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 25

lect18 - 1.264 Lecture 18 Security: certificates, SSL...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online