Chapter 17 – Web Security
Use your mentality
Wake up to reality
—From the song, "I've Got You under
My Skin“ by Cole Porter
docsity.com
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Web Security: SSL, TLS, and SET Protocols for Secure Transactions, Slides of Cryptography and System Security
An overview of web security, focusing on ssl (secure socket layer) and tls (transport layer security) protocols, and the secure electronic transactions (set) protocol for secure credit card transactions. Ssl and tls ensure secure communications between clients and servers by providing message integrity, confidentiality, and authentication. Set, on the other hand, is a set of security protocols and formats designed to protect internet transactions, enabling secure communications among parties and ensuring trust and privacy.
Typology: Slides
2011/2012
1 / 23
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download Web Security: SSL, TLS, and SET Protocols for Secure Transactions and more Slides Cryptography and System Security in PDF only on Docsity!
Chapter 17 – Web Security
Use your mentality
Wake up to reality —From the song, "I've Got You underMy Skin“ by Cole Porter
Web Security
Web now widely used by business,government, individuals
but Internet & Web are vulnerable
have a variety of threats
integrity confidentiality denial of service authentication
need added security mechanisms
SSL Architecture
SSL Architecture
SSL connection
a transient, peer-to-peer, communications link associated with 1 SSL session
SSL session
an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections
SSL Record Protocol
Operation
SSL Change Cipher Spec Protocol
one of 3 SSL specific protocols which usethe SSL Record protocol
a single message
causes pending state to become current
hence updating the cipher suite in use
SSL Handshake Protocol
allows server & client to:
authenticate each other to negotiate encryption & MAC algorithms to negotiate cryptographic keys to be used
comprises a series of messages in phases
Establish Security Capabilities
Server Authentication and Key Exchange
Client Authentication and Key Exchange
Finish
SSL Handshake Protocol
Secure Electronic Transactions (SET)
open encryption & security specification
to protect Internet credit card transactions
developed in 1996 by Mastercard, Visa etc
not a payment system
rather a set of security protocols & formats
secure communications amongst parties trust from use of X.509v3 certificates privacy by restricted info to those who need it
SET Components
Dual Signature
customer creates dual messages
order information (OI) for merchant payment information (PI) for bank
neither party needs details of other
but
must
know they are linked
use a dual signature for this
signed concatenated hashes of OI & PI DS=E(PR c , [H(H(PI)||H(OI))])
SET Purchase Request
SET purchase request exchangeconsists of four messages
Initiate Request - get certificates
Initiate Response - signed response
Purchase Request - of OI & PI
Purchase Response - ack order
Purchase Request – Merchant 1.
verifies cardholder certificates using CA sigs
verifies dual signature using customer's publicsignature key to ensure order has not beentampered with in transit & that it was signedusing cardholder's private signature key
processes order and forwards the paymentinformation to the payment gateway forauthorization (described later)
sends a purchase response to cardholder