









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Material Type: Notes; Class: Distributed Systems; Subject: Computer Science; University: University of Illinois - Urbana-Champaign; Term: Unknown 2006;
Typology: Study notes
1 / 15
This page cannot be seen from the preview
Don't miss anything!










©^ 2006, Mehdi T. Harandi, All Rights Reserved
©^ 2006, Mehdi T. Harandi, All Rights Reserved
Cryptography is also used to verify that a messageor document is a true copy by verified signature.
<m,{m}
KA-^
A’s Priv.Key, K
A-
B’s PubKey, K
B+
m
m,{m}
B’s Priv.Key, K
B-
A’s PubKey, K
m A+
m,{m}
A^
B
<m, D(m)>
DigestFunction
A’s Priv.Key, K
A-
m
m,D(m)
Compare
A’s PubKey, K
m A+
A^
B^
DigestFunctionm,D(m)
D(m)
Digital Signature Using Public-Private KeysDigital Signature Using Message Digest
©^ 2006, Mehdi T. Harandi, All Rights Reserved
©^ 2006, Mehdi T. Harandi, All Rights Reserved
Three approaches forprotection againstsecurity threats a)^
Protection against invalidoperations b)^
Protection againstunauthorized invocations c)^
Protection againstunauthorized users
©^ 2006, Mehdi T. Harandi, All Rights Reserved
©^ 2006, Mehdi T. Harandi, All Rights Reserved
^
Processes to monitor & control allcommunications into/out of interanet, for:^ ^
Service Control Behavior Control User Control ^
Firewall filtering can be done at diff. Levels^ ^
IP packet filtering TCP Gateway filtering Application Gateway filtering
©^ 2006, Mehdi T. Harandi, All Rights Reserved
-^ A common implementation of a firewall.
©^ 2006, Mehdi T. Harandi, All Rights Reserved
filter
filter
filter filter
Bastion
Bastion
Web/ftpserver
Web/ftpserver
Web/ftpserver
©^ 2006, Mehdi T. Harandi, All Rights Reserved
SSLHandshakeprotocol
SSL ChangeCipher Spec
SSL AlertProtocol Transport layer (usually TCP)Network layer (usually IP) SSL Record Protocol
HTTP
Telnet
SSL protocols:
Other protocols:
©^ 2006, Mehdi T. Harandi, All Rights Reserved
11
1
(^32) 4
(^65) 7 8
9 10 Client Server
Changeciphersuite &Finish Clientcertifi-cateandverifi-cation
Establish:SessionID, ciphersuite,compressmethod,etc.
Servercertific.& verifi-cation,req.certific.
abcdefghi abc
ghi def
The Handshake Protocol
Appl. Data
Fragment/combine Record Units
Compress Comp. Units
Hash
Encrypt Encrypted TCP Packet
The Record Protocol