{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Module Four

N based on x509 transaction layer security n

Info iconThis preview shows pages 10–12. Sign up to view the full content.

View Full Document Right Arrow Icon
n Based on X.509 Transaction Layer Security n Successor to SSL Internet Open Trading Protocol – (IOTP) n Aimed at consumer to business transaction n Flexible and future focused MONDEX n Smart cash card application n Proprietary encryption algorithm n Card is same as cash IPSec n Provides encryption, access control, and non-repudiation over IP. n Two Main Protocols are n Authentication Header – integrity, authentication and non-repudiation n Encapsulating Security Payload – encryption, limited authentication
Background image of page 10

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
n Security Association is required between two parties – one way connection - Comprised of Security Parameter Index – (SPI) – 32 bit identifier n Bi-directional communication requires two Security Associations n In VPN implementation IPSec can operate in transport or tunnel mode n Tunnel mode – data and original IP header encrypted, new header is added n Transport mode – data encrypted, header not n New header has address of VPN gateway n MD5 and SHA are used for integrity n Security Associations can be combined into bundles using either n Transport Adjacency n Iterated Tunneling n IKE – Internet Key Exchange is used for key management with IPSEC n IKE is set of three protocols: n Internet Security and Key Management Protocol (ISAKMP) –phases for establishing relationship n Secure Key Exchange Mechanism – SKEME – secure exchange mechanism n Oakley – modes of operation needed to establish secure connection S/WAN – Secure WAN – defines IPSec based widespread use of VPNs on the internet S-HTTP – Alternative to SSL n Can be used to secure individual WWW Documents n SSL is session based Secure Shell – SSH-2 n Remote access via encrypted tunnel n Client to server authentication n Comprised of: n Transport Layer protocol n User Authentication protocol n Connection Protocol Wireless Security WAP – Wireless Application Protocol Designed for mobile devices (PDA, Phones) Set of protocols covering layers 7 to 3 of the OSI model Less overhead than TCP/IP n Wireless Markup language (WML) n Wireless Application Environment (WAE) n Wireless Session Protocol (WSP) n Wireless Transport Security Protocol (WTLS) n Wireless Datagram Protocol (WDP) For security WAP uses Wireless Transport Security Protocol (WTLS) Three classes of security n Class 1 – Anonymous Authentication n Class 2- Sever Authentication n Class 3 – Two way client and server authentication Security vulnerability of WAP n WAP GAP – where WTLS is decrypted and re-encrypted to SSL at the WAP gateway C-HTML is competing with WML from Japan C-HTML is stripped down HTML, C-HTML can be displayed on standard browser
Background image of page 11
IEEE – 802.11 Standards n Interface between clients and base station n 802.11 Layers n The physical layer PHY can use: n DSSS - Direct Sequence Spread Spectrum n FH – Frequency Hoping Spread Spectrum n IR – Infrared pulse modulation n MAC Layer – Medium Access Control n Specifies CSMA/CA Carrier Sense Multiple Access Collision Avoidance n Provides: n Data Transfer n Association n Re-association n Authentication - WEP n Privacy - WEP n Power Management
Background image of page 12
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page10 / 12

n Based on X509 Transaction Layer Security n Successor to...

This preview shows document pages 10 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online