SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
|
|
- Juliana Carroll
- 5 years ago
- Views:
Transcription
1 SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
2 Consider 2. Based on DNS, identified the IP address of is Go to 3. Forward the request User computer ISP Provider (CUHK Server) 5. Forward the reply to the user 4. Reply from cuhk server NOTE: He knows EVERYTHING!
3 What if 2. Based on DNS, identified the IP address of Store X ( is xx.xx.xx.xx 1. Send the Credit Card information to Store X via 3. Forward the request, which includes Credit Card Information User computer ISP Provider xx.xx.xx.xx 5. Forward the reply 4. Reply NOTE: He knows EVERYTHING including the Credit Card information!
4 In Addition ISP Provider User computer ISP Provider xx.xx.xx.xx NOTE: Everyone along the line knows everything!
5 So To avoid any people except the target recipient can understand our data, we need encryption. Technically, we cannot prevent people reading our data. We need to rely on ISP to help us forward our data. But we can only prevent people from understanding the data even if they read it. E.g. Encode the data Solution: SSL.
6 SSL If you re serious about doing business online, you need SSL. It s the best way to protect user data and defend against identity theft and man-in-the-middle attacks. It is theoretically impossible to sniff or modify the data as it travels down the wire. Many customers will refuse to do business with a website that doesn't have SSL. Displaying your SSL Site Seal tells customers they can shop with confidence, knowing they're protected. Different certificates provide different levels of validation.
7 SSL in Action 1. The user send the Credit Card information to Store X via 2. The browser detected that the url begins with https 4. Based on DNS, identified the IP address of Store X ( is xx.xx.xx.xx Note: the credit card information is not sent y 3. The browser sends a request to for establishing a secure connection without sending the credit card information 5. Forward the request that the browser wants to establish a secure connection. User computer ISP Provider xx.xx.xx.xx
8 SSL in Action (cont d) User computer ISP Provider xx.xx.xx.xx 7. Forward the reply 6. Reply its SSL Certificate. A SSL Certificate contains a public key 8. The browser checks if the SSL Certificate is valid. It will notify the user if the certificate is invalid. 9. If everything is fine, the browser then generate a session key 10. The browser encrypt the session key using the public key in the SSL Certificate
9 SSL in Action (cont d) 11. The browser sends the encrypted session key 12. The server tries to decrypt the encrypted session key with its private key (a private key can decrypt messages that are encrypted by a public key). User computer ISP Provider xx.xx.xx.xx 14. Forward the reply. 13. If the decryption can be done successfully, then the server will reply the user everything is correct. Note that even in this simply reply, it is encrypted with the session key.
10 SSL in Action (cont d) 15. The browser decrypt the message using the session key and knows everything is OK. It then encrypt everything (e.g. credit card information) using the session key now. 16. The encrypted data (credit card information) is sent now. Since it is encrypted, the ISP cannot understand the data. 17. Forward the request (the encrypted data) User computer ISP Provider xx.xx.xx.xx NOTE: He cannot understand the data because it is encrypted! (i.e. he knows nothing!) 18. Decrypt the data using session key and obtain the credit card information
11 SSL in Action (cont d) There are three keys involved: Public key (distribute by the server) An asymmetric key that works with private key. Used for encrypting the session key (step 9). Private key (stored inside the server. Never distribute) An asymmetric key that works with public key. Used for decrypting the session key (step 12). Must store in a safe place. Session key (generate by client) A symmetric key. Only generate once per session. Only exchange in handshaking (step 9 15)
12 SSL Certificates SSL Certificates are small data files that digitally bind an encryption key to an organization s details. When installed on a web server, it activates the https protocol (over port 443 by default) and allows secure connections from a web server to a browser. We will talk more about port later. Some important information that a SSL Certificate contains A domain name. An organizational identity (i.e. company name) and location. An encryption algorithm (the method used to encrypt the data) An encryption key called public key
13 SSL Certificates (cont d) The structure of SSL Certificate follows X.509 standard: Certificate Version Serial Number Algorithm ID Issuer Validity Not Before Not After Subject Subject Public Key Info Public Key Algorithm Subject Public Key Issuer Unique Identifier (optional) Subject Unique Identifier (optional) Extensions (optional)... Certificate Signature Algorithm Certificate Signature
14 SSL Certificates (cont d) Previously: User computer The browser try to check if the domain name written inside the certificate is the same as the domain name you are requesting. E.g., if the domain you are requesting is but the domain name written in the certificate is cuhk.edu.hk, then it is invalid (even a character different is not tolerant). 8. The browser checks if the SSL Certificate is valid. It will notify the user if the certificate is invalid.
15 SSL Certificates (cont d)
16 A Self-Signed Certificate If you are using Linux or Mac, open a terminal and type the followings (if you are using Windows, you need to install openssl): Generate some keys: openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 openssl rsa -passin pass:x -in server.pass.key -out server.key Remove passphrase (so when you restart Apache, it will not ask you a password to read the certificate): rm server.pass.key Generate a self-sign request: openssl req -new -key server.key -out server.csr Generate a certificate which follows X.509 standard: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
17 How to Obtain a SSL Certificate? Since SSL Certificate is just a small piece of data, everyone can generate one! E.g. It is possible that someone generated a SSL Certificate, installed on his own web server, and then claim that his web server is the official CUHK web server but in fact it is NOT! To avoid the above problem (at least warn the user), we need to have a third-party to valid our identity. Certificate authority (CA) Using Digital Signature (we will talk about it soon)
18 Certificate Authority In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. As we ask someone to verify our identity, we need to pay them back That s why SSL Certificate cost money Quick question: Can I open a company and become a CA? Answer: Yes. Yet, who trust you
19 Level of Certification Depends on the amount of information you want to disclose to the CA, the level of trust you want your clients feel, your purpose, etc, you can purchase different kinds of SSL Certification: Domain SSL Certification Extended Validation SSL Certification Wild Card SSL Certification Multi-Domain SSL Certification
20 Domain SSL vs. Extended Validation SSL
21 Wild Card SSL Remember that in the previous example: If the domain you are requesting is but the domain name written in the certificate is cuhk.edu.hk, then it is invalid. In e-commerce, we always have many sub-domain. It is sometimes impossible to know all sub-domain in advance at the time we purchase the SSL Certificate. Hence, Wild Card SSL appears. E.g., *.cuhk.edu.hk
22 Multi-Domain SSL It is also know as SANs (Subject Alternative Names) SSL Certificate. Technically, one IP Address can install one SSL Certificate only In practice, we usually host many web sites in one single server with one single IP address. Multi-domain SSL can protect a number of domain names in one certificate. Limitations: Usually can put up to 100 domain names. Need to re-issue the certificate once a new domain name is added. The re-issuing process is well
23 Encryption Algorithm Asymmetric encryption algorithm. There are two keys. One is encryption key and the other one is decryption key. The encryption key can only be used for encryption. The decryption key can only be used for decryption. Theoretically, it is impossible to derive the encryption key from the decryption key, and vice versa. A Secret Message + A Key Generation Algorithm Private Key Public Key
24 Encryption Keys The public key can distribute to any people. Common usages: Encrypt the information sent over the Internet Verify a digital signature The private key should be stored in a very secure place and never distribute to anyone. Common usage: Decrypt the information received from the Internet Create a digital signature
25 Encryption Keys (cont d) What exactly are the pair of encryption keys looks like? You can try to generate a pair of encryption keys easily if you are using Linux or Mac. If you are using Windows, you need to install software like OpenSSL. To generate a pair of keys, in a terminal, type: ssh-keygen -f mykeyname.key
26 Encryption Algorithm and Keys Putting all together:? Plain text Public Encryption Key Cipher text Private Decryption Key Plain text As it is impossible to derive the private key from the public key, it should be safe even if the encrypted data is being read. To decrypt the data other than the target server, one would need to have a copy of the server s private key by stealing it from the target server. While this is not impossible, it is very unlikely to happen.
27 Digital Signature A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. We talked about Digital Signature on P.17 A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity).
28 Create a Digitally Signed Certificate Creating a digital signature and a digitally signed data 3. Combine them Server certificate 1. The CA apply a Hash Algorithm (e.g. MD5) Digitally Signed Certificate A Hash Code ( bits) 2. The CA apply his Private Key Digital Signature It is signed by the CA now
29 Verify a Digitally Signed Certificate Extract A Hash Code ( bits) Digital Signature Public Key Decryption (obtained from the trusted CA in the browser) Compare if they are the same? Digitally Signed Certificate Apply a Hash Algorithm based on the trusted CA in the browser Server certificate A Hash Code ( bits)
30 Create a Digitally Signed Data A more general overview: 3. Combine all three of them Plain Text 1. Apply a Hash Algorithm (e.g., MD5) Digitally Signed Data A Hash Code ( bits) Digital Signature 2. Apply the Private Key Digital certificate
31 Verify a Digitally Signed Data Extract A Hash Code ( bits) Digital Signature Public Key Decryption (obtained from the digital certificate) Digitally Signed Data Digital certificate Apply a Hash Algorithm based on the digital Certificate A Hash Code ( bits) Compare if they are the same? Plain Text
32 Questions Can a coffee shop monitor my traffic over their network if I am using my computing devices (e.g. mobile, labtop)? No. The magic of public-key cryptography means that an attacker can watch every single byte of data exchanged between your client and the server and still have no idea what you are saying to each other except roughly how much data you are exchanging. Can a coffee shop monitor my traffic over their network if I am using their computing devices? Yes, (although probably won t). Can you think about how?
33 FTPS SSL can be used in a number of other scenarios, including FTPS. Note: Instead of using FTP (no encryption), try to use FTPS Don t confuse FTPS with SFTP. FTPS, like HTTPS, is based on SSL Certificate. On the other hand, SFTP is based on another technology called SSH.
34 SSH Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. Default port is 22 (SSL is 489) No digital certificate is involved. It is usually used for secure data transfer between two known parties.
35 SSH Vulnerabilities On December 28, 2014 Edward Snowden suggests that the US National Security Agency (NSA) is able to decrypt certain SSH traffic, though the technical details associated with this attack were not released yet so far.
36 References Books: URL: Behrouz A. Forouzan. Data Communications and Networking. McGraw Hill. 4th Edition James F. Kurose and Keith W. Ross. Computer Networking. Addison Wesley. 3rd Edition
Cryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationApache Security with SSL Using FreeBSD
Apache Security with SSL Using FreeBSD cctld Workshop February 14, 2007 Hervey Allen Network Startup Resource Center Some SSL background Invented by Netscape for secure commerce. Only available using Netscape
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationLinux Network Administration
Secure Remote Connections with OpenSSH Objective At the conclusion of this module, the student will be able to: Configure the ssh daemon start, stop, and restart sshd 17 January 2005 NETW 111 - SSH 2 SSH
More informationPublic-Key Infrastructure (PKI) Lab
SEED Labs PKI Lab 1 Public-Key Infrastructure (PKI) Lab Copyright 2018 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation under Award
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationSEEM4540 Open Systems for E-Commerce Lecture 02 Computer Networks and Data Communication
SEEM4540 Open Systems for E-Commerce Lecture 02 Computer Networks and Data Communication Objectives Understand: DNS (Domain Name System) MAC address and IP address Local and wide area networks Subnetting
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationSecurity in ECE Systems
Lecture 11 Information Security ECE 197SA Systems Appreciation Security in ECE Systems Information security Information can be very valuable Secure communication important to protect information Today
More informationSSL, Credit Card Transactions. CS174 Chris Pollett Nov. 5, 2007.
SSL, Credit Card Transactions CS174 Chris Pollett Nov. 5, 2007. Outline HTTPS and the Secure Socket Layer Credit Card Transactions HTTPS and the Secure Socket Layer When we use HTTP to browse the web,
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationIntroduction to SSL. Copyright 2005 by Sericon Technology Inc.
Introduction to SSL The cornerstone of e-commerce is a Web site s ability to prevent eavesdropping on data transmitted to and from its site. Without this, consumers would justifiably be afraid to enter
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationSEEM3490 Information Systems Management Lecture 03 Web Information System II
SEEM3490 Information Systems Management Lecture 03 Web Information System II Browsers! Today, we have many browsers!! Internet Explorer! Firefox! Safari! Opera! Chrome! More browsers means more difficult
More informationContent and Purpose of This Guide... 1 User Management... 2
Contents Introduction--1 Content and Purpose of This Guide........................... 1 User Management........................................ 2 Security--3 Security Features.........................................
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationContents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4
Contents SSL-Based Services: HTTPS and FTPS 2 Generating A Certificate 2 Creating A Self-Signed Certificate 3 Obtaining A Signed Certificate 4 Enabling Secure Services 5 SSL/TLS Security Level 5 A Note
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationAuthentication CHAPTER 17
Authentication CHAPTER 17 Authentication Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources. getting entrance
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationAuthentication & Authorization
Authentication & Authorization Anuj Gupta 1, 1 M.Tech Scholar, Department of C.F.I.S, G.I.T.A.M, Kablana, Jhajjar Ashish Kumar Sharma 2 2 Assistant Professor, Department of C.F.I.S & C.S.E, G.I.T.A.M,
More informationChapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationAccessing the Ministry Secure File Delivery Service (SFDS)
Ministry of Health Services Accessing the Ministry Secure File Delivery Service (SFDS) A Guide for New Users To SFDS And Digital Certificate Installation May 2004 Preface Purpose Audience Structure This
More informationLecture III : Communication Security Mechanisms
Lecture III : Communication Security Mechanisms Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 X.800 : Security
More informationContents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4
Contents SSL-Based Services: HTTPS and FTPS 2 Generating A Certificate 2 Creating A Self-Signed Certificate 3 Obtaining A Signed Certificate 4 Enabling Secure Services 5 A Note About Ports 5 Connecting
More informationPublic Key Infrastructure. What can it do for you?
Public Key Infrastructure What can it do for you? What is PKI? Centrally-managed cryptography, for: Encryption Authentication Automatic negotiation Native support in most modern Operating Systems Allows
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationCryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators
Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators Belfast, 11-Nov-2010 Innovative Software Solutions. Thomas Bahn - graduated in mathematics, University of Hannover - developing
More informationGenerating Certificate Signing Requests
SSL Generating Certificate Signing Requests Page 1 Contents Introduction... 1 What is a CSR?... 2 IIS 8... 2 IIS 7... 7 Apache... 12 Generate a Key Pair... 12 Generate to CSR... 13 Backup your private
More informationSecurity Fundamentals
COMP 150-IDS: Internet Scale Distributed Systems (Spring 2015) Security Fundamentals Noah Mendelsohn Tufts University Email: noah@cs.tufts.edu Web: http://www.cs.tufts.edu/~noah Copyright 2012 & 2015 Noah
More informationFasthosts Customer Support Generating Certificate Signing Requests
Fasthosts Customer Support Generating Certificate Signing Requests Generating a CSR is the first step to take when you want to apply an SSL certificate to a domain on your server. This manual covers how
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationSSH. Partly a tool, partly an application Features:
Internet security SSH 1 Secure Shell: SSH Partly a tool, partly an application Features: Encrypted login and shell connections Easy, drop-in replacements for rlogin, rsh, rcp Multiple means of authentication
More informationPractical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February
Practical Magic with SSH By David F. Skoll Roaring Penguin Software Inc. 1 February 2001 http://www.roaringpenguin.com dfs@roaringpenguin.com Overview of Presentation Why SSH? Problems with Telnet & Friends
More informationSecuring Internet Communication: TLS
Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationCOSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS
COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationPROTECTING CONVERSATIONS
PROTECTING CONVERSATIONS Basics of Encrypted Network Communications Naïve Conversations Captured messages could be read by anyone Cannot be sure who sent the message you are reading Basic Definitions Authentication
More informationAuthenticating on a Ham Internet
Authenticating on a Ham Internet The FCC regulations for amateur radio, part 97, rule that encryption cannot be used to obscure the meaning of communications. Many read the rules and assume that there
More informationTransport Layer Security
Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationAuthentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005
Authentication in real world: Kerberos, SSH and SSL Zheng Ma Apr 19, 2005 Where are we? After learning all the foundation of modern cryptography, we are ready to see some real world applications based
More informationNetwork Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions
CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from
More informationLet's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX
Let's Encrypt - Free SSL certificates for the masses Pete Helgren Bible Study Fellowship International San Antonio, TX Agenda Overview of data security Encoding and Encryption SSL and TLS Certficate options
More informationSSH SECURITY. If you ve never used SSH before on a computer, the chances are very high that
SSH SECURITY If you ve never used SSH before on a computer, the chances are very high that when you tried to play along with the previous section you encountered a strange notification that may have looked
More informationNigori: Storing Secrets in the Cloud. Ben Laurie
Nigori: Storing Secrets in the Cloud Ben Laurie (benl@google.com) April 23, 2013 1 Introduction Secure login is something we would clearly like, but achieving it practically for the majority users turns
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationCYBER SECURITY MADE SIMPLE
CYBER SECURITY MADE SIMPLE Author: Christopher Gorog www.logiccentral.org www.newcyberfrontier.com Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationConfiguring SSL Security
CHAPTER9 This chapter describes how to configure SSL on the Cisco 4700 Series Application Control Engine (ACE) appliance. This chapter contains the following sections: Overview Configuring SSL Termination
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationSecure Communication over MQTT. Ahmet Onat 2018
Secure Communication over MQTT Ahmet Onat 2018 onat@sabanciuniv.edu Why Security? Our data does not have commercial value There is no incentive for hackers to attack our systems I don t bank online, I
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationBEST PRACTICES FOR PERSONAL Security
BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple
More informationCCNA Security 1.1 Instructional Resource
CCNA Security 1.1 Instructional Resource Chapter 7 Cryptographic Systems 2012 Cisco and/or its affiliates. All rights reserved. 1 Explain how cryptology consists of cryptography (encoding messages) and
More information2/24/2018. Computer Security CS433 Luai E. Hasnawi, PhD
Computer Security CS433 Luai E. Hasnawi, PhD lhasnawi@taibahu.edu.sa Bits (or characters) in a file are independent from each other. These elements has no binding. If one element is changed, it can go
More informationA New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4
IJSRD - International Journal for Scientific Research & Development Vol. 2, Issue 08, 2014 ISSN (online): 2321-0613 A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam
More information