Internet Security Basics

of 32/32
Internet Security Basics
  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of Internet Security Basics

  • 1. Internet Security Basics

2. Symmetric Encryption 3.

  • Symmetric key shouldNOTtravel un-protected over a network. Following are two algorithms normally used to exchange the keys.
    • Diffie-Hellman key exchange (D-H)is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish ashared secret key over an insecure communications channel .
    • RSAas key exchange algorithm.

4. Alice Bob 5.

  • Encryption Algorithms
    • RC4( Rivest Cipher 4 ) was designed by Ron Rivest of RSA Security in 1987. RC4 5% performance degradation.
    • DES (Data Encryption Standard (IBM))24% performance degradation.

6. PKI Encryption 7. 8. Important: These forms the basis for all the internet security protocols. 9. Alice Bob 10. 11. 12. 13. PKI Digital Signatures 14. 15. Third PKI-Rule Satisfied. 16. 17. 18. First & Third PKI Rule Satisfied. Unique sequence number is used inside the Digital Signatures to prevent interception and replay of the messages. 19. 20. 21. Certificates and Certificate Authorities 22. 23. Heres a trust relationship between a customer, his bank and his credit card company. When he drops a cheque at his bank to pay-off his credit card bill, he is assured that his credit card will be paid. 24.

  • Some of the well known are:
      • Verisign, Inc.
      • Entrust Technologies.
      • Baltimore Technologies.
      • Thawte.
  • You can be a CA on your own using free and open source OpenSSL.

25. 26. 27. 28. Carries Bobs Distinguished Name (DN) and his Public Key with other details. CA will do a lot of physical validations and issue a certificate to Bob. Normally Bob gets that either through email or CA requests him to download it from their web site. 29. 30. You can store the certificate on your file system as a file (.cer), right click and check the properties.You can check the CAs and trusted parties certificates installed on your browser. Internet Explorer > Tools > Internet Options > Content > Certificates (button) 31. X.509 v3Structure of a certificate

  • The structure of an X.509 v3digital certificateis as follows:
  • Certificate
      • Version
      • Serial Number
      • Algorithm ID
      • Issuer
      • Validity
        • Not Before
        • Not After
      • Subject
      • Subject Public Key Info
        • Public Key Algorithm
        • Subject Public Key
      • Issuer Unique Identifier (Optional)
      • Subject Unique Identifier (Optional)
      • Extensions (Optional)
  • Certificate Signature Algorithm
  • Certificate Signature
  • Issuer and subject unique identifiers were introduced in Version 2, Extensions in Version 3.

32. Certificate filename extensions

  • Common filename extensions for X.509-certificates are:
      • .DER -DERencoded certificate
      • . PEM- ( Privacy Enhanced Mail )Base64encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" (also sometimes represented as .CER)
      • .P7B - See .p7c
      • .P7C -PKCS#7SignedData structure without data, just certificate(s) or CRL(s)
      • .PFX - See .p12
      • .P12 -PKCS#12 , may contain certificate(s) (public) and private keys (password protected)
      • PKCS#7is a standard for signing or encrypting (officially called "enveloping") data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C-file is just a degenerated SignedData structure, without any data to sign.
      • PKCS#12 evolved from the PFX (Personal inFormation eXchange) standard and is used to exchange public and private objects in a single file.
      • A .PEM-file may contain certificate(s) or private key(s), enclosed between the appropriate BEGIN/END-lines (CERTIFICATE or RSA PRIVATE KEY).

PeopleSoft uses PEM format.