Web securityJernej Virag

SSLv3 and TLSSecure Socket Layer

SSLv3• Provides reliable end-to-end security service

• Two layers of protocols

SSL record protocol

Fragment

Compress

Add MAC Encrypt

Append SSL

header

SSL cypher spec and altert

• Ciper spec protocolo a single byte that makes new cypher settings valid from the moment

onward

• Alert protocolo notifies of possible SSL problems and errorso fatal errors cause immediate connection termination

SSL handshake protocol

TLS• Updated version of SSLv3

• Differences

o versiono MACo pseudorandom functiono alert codes in alert protocolo certificates, certificate types, certificate verificationo padding

SETSecure Electronic Transactions

SET• Provides secure channel of communication for all

payment transaction parties

• Provides trust with X.509v3 certificates

• Ensures privacy by providing minimal set of data for all parties

SET participants

SET payment sequence

Pre-transaction

Customer opens accountCustomer receives certificateMerchants have certificate

Customer order

Customer places orderMerchant is verifiedOrder and payment are sent

Merchant processing

Merchant requests payment authorizationMerchant confirms orderMerchant provides serviceMerchant requests payment

Dual signature

SNMPNetwork management security

SNMP• Collection of tools for network monitoring and

control

• Key elementso management stationo management agento management information baseo network management protocol

SNMP

USM• Protection and privacy in SNMP

o prevents modificationo prevents masqueradeo prevents message stream modificationo prevents disclosure

• Does not prevent DDoS and traffic analysis

VACM

?