1 how does trudy know when the dns query is sent and

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Networks Server 42 21 12/3/13 Goal and Threat Model (2) •  Goal of HTTPS is to secure HTTP •  We focus on network threats: 1.  Eavesdropping client/server traffic 2.  Tampering with client/server traffic 3.  Impersona7ng web servers Network Client Server Computer Networks 43 HTTPS Context •  HTTPS (HTTP Secure) is an add- on –  Means HTTP over SSL/TLS –  SSL (Secure Sockets Layer) precedes TLS (Transport Layer Security) HTTPS Computer Networks HTTP SSL/TLS TCP IP Insert 44 22 12/3/13 HTTPS Context (2) •  SSL came out of Netscape –  SSL2 (flawed) made public in ‘95 –  SSL3 fixed flaws in ‘96 •  TLS is the open standard –  TLS 1.0 in ‘99, 1.1 in ‘06, 1.2 in ‘08 •  Mo7vated by secure web commerce –  Slow adop7on, now widespread use –  Can be used by any app, not just HTTP Computer Networks 45 SSL Opera7on •  Protocol provides: 1.  Verifica7on of iden7ty of server (and op7onally client) 2.  Message exchange between the two with confiden7ality, integrity, authen7city and freshness •  Consists of authen7ca7on phase (that sets up encryp7on) followed by data transfer phase Computer Networks 46 23 12/3/13 SSL/TLS Authen7ca7on •  Must allow clients to securely connect to servers not used before –  Client must authen7cate server –  Server typically doesn’t iden7fy client •  Uses public key authen7ca7on –  But how does client get server’s key? –  With cer7ficates » Computer Networks 47 Cer7ficates •  A cer7ficate binds public key to an iden7ty, e.g., domain –  Distributes public keys when signed by a party you trust –  Commonly in a format called X.509 Signed by CA Computer Networks 48 24 12/3/13 PKI (Public Key Infrastructure) •  Adds hierarchy to cer7ficates to let many par7es issue –  Issuing par7es...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online