509 signed by ca computer networks 48 24 12313 pki

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: rity is part of 802.11 protocol –  Encrypted message between client and AP; removed aCer AP WPA2 HTTP TCP IP 802.11 Client Computer Networks Contents of 802.11 frame are encrypted 802.11 IP TCP HTTP HTTP TCP IP 802.11 AP 36 18 12/3/13 Home Network •  AP is set up with network password •  Each client also knows password •  Client proves it knows password » –  AP grants network access if successful Internet Client AP Computer Networks 37 Home Network (2) •  For access, client authen7cates to AP » –  Both compute a shared session key based on the password –  If client knows the session key it has proved that is has the password •  For usage, client/AP encrypt messages –  For confiden7ality, integrity/authen7city –  No access without the session key –  Also group key for AP to reach all clients Computer Networks 38 19 12/3/13 Home Network (3) •  Master key is from password; nonces for freshness –  KS lets client talk to AP; KG lets AP talk to all clients Computer Networks 39 Enterprise Network •  Network has authen7ca7on server •  Each client has own creden7als •  AP lets client talk to auth. server –  Grants network access if successful (wire) Client Computer Networks AP Network Auth. Server 40 20 12/3/13 Introduc7on to Computer Networks Web Security (§8.9.3, §8.5) Computer Science & Engineering Goal and Threat Model •  Much can go wrong on the web! –  Clients encounter malicious content –  Web servers are target of break- ins –  Fake content/servers trick users –  Data sent over network is stolen … Internet Client Computer...
View Full Document

This document was uploaded on 04/04/2014.

Ask a homework question - tutors are online