Chapter 17. Web Security


[Page 527]

17.1 Web Security Considerations

Web Security Threats

Web Traffic Security Approaches

17.2 Secure Socket Layer and Transport Layer Security

SSL Architecture

SSL Record Protocol

Change Cipher Spec Protocol

Alert Protocol

Handshake Protocol

Cryptographic Computations

Transport Layer Security

17.3 Secure Electronic Transaction

SET Overview

Dual Signature

Payment Processing

17.4 Recommended Reading and Web Sites

17.5 Key Terms, Review Questions, and Problems

Key Terms

Review Questions

Problems



[Page 528]

Use your mentality

Wake up to reality

From the song, "I've Got You under My Skin"by Cole Porter

Key Points

  • Secure socket layer (SSL) provides security services between TCP and applications that use TCP. The Internet standard version is called transport layer service (TLS).

  • SSL/TLS provides confidentiality using symmetric encryption and message integrity using a message authentication code.

  • SSL/TLS includes protocol mechanisms to enable two TCP users to determine the security mechanisms and services they will use.

  • Secure electronic transaction (SET) is an open encryption and security specification designed to protect credit card transactions on the Internet.


Virtually all businesses, most government agencies, and many individuals now have Web sites. The number of individuals and companies with Internet access is expanding rapidly and all of these have graphical Web browsers. As a result, businesses are enthusiastic about setting up facilities on the Web for electronic commerce. But the reality is that the Internet and the Web are extremely vulnerable to compromises of various sorts. As businesses wake up to this reality, the demand for secure Web services grows.

The topic of Web security is a broad one and can easily fill a book (several are recommended at the end of this chapter). In this chapter, we begin with a discussion of the general requirements for Web security and then focus on two standardized schemes that are becoming increasingly important as part of Web commerce: SSL/TLS and SET.




Cryptography and Network Security Principles and Practices
Cryptography and Network Security (4th Edition)
ISBN: 0131873164
EAN: 2147483647
Year: 2005
Pages: 209

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net