Uwedu as usual replies include signatureskeys client

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: are called CAs (Cer7ficate Authori7es) I cer7fied the ABC website! Computer Networks 49 PKI (2) •  Need public key of PKI root and trust in servers on path to verify a public key of website ABC –  Browser has Root’s public key –  {RA1’s key is X} signed Root –  {CA1’s key is Y} signed RA1 –  {ABC’s key Z} signed CA1 Computer Networks I cer7fied the ABC website! 50 25 12/3/13 PKI (3) •  Browser/OS has public keys of the trusted roots of PKI –  >100 root cer7ficates! –  That’s a problem … –  Inspect your web browser Cer7ficate for wikipedia.org issued by DigiCert Computer Networks 51 PKI (4) •  Real- world complica7on: –  Public keys may be compromised –  Cer7ficates must then be revoked •  PKI includes a CRL (Cer7ficate Revoca7on List) –  Browsers use to weed out bad keys Computer Networks 52 26 12/3/13 SSL3 Authen7ca7on (2) Cer7ficate lets Alice check Bob Switch to Alice’s session key Encrypted data Computer Networks Nego7ate ciphers, send cer7ficate, … Real Bob can compute session key Encrypted data 53 Introduc7on to Computer Networks DNS Security (§8.9.2) Computer Science & Engineering 27 12/3/13 Goal and Threat Model •  Naming is a crucial Internet service –  Binds host name to IP address –  Wrong binding can be disastrous … 11.22.33.44 99.88.77.66 bank.com? Internet Computer Networks 55 Goal and Threat Model (2) •  Goal is to secure the DNS so that the returned binding is correct –  Integrity/authen7city vs confiden7ality •  ANacker can intercept/tamper with messages on...
View Full Document

This document was uploaded on 04/04/2014.

Ask a homework question - tutors are online