Chapter 17. Web Security | Cryptography and Network Security (4th Edition)

[Page 527]

17.1 Web Security Considerations
Web Security Threats Web Traffic Security Approaches
17.2 Secure Socket Layer and Transport Layer Security
SSL Architecture SSL Record Protocol Change Cipher Spec Protocol Alert Protocol Handshake Protocol Cryptographic Computations Transport Layer Security
17.3 Secure Electronic Transaction
SET Overview Dual Signature Payment Processing
17.4 Recommended Reading and Web Sites
17.5 Key Terms, Review Questions, and Problems
Key Terms Review Questions Problems

[Page 528]
Use your mentality

Wake up to reality

From the song, "I've Got You under My Skin"by Cole Porter

Key Points

Secure socket layer (SSL) provides security services between TCP and applications that use TCP. The Internet standard version is called transport layer service (TLS).
SSL/TLS provides confidentiality using symmetric encryption and message integrity using a message authentication code.
SSL/TLS includes protocol mechanisms to enable two TCP users to determine the security mechanisms and services they will use.
Secure electronic transaction (SET) is an open encryption and security specification designed to protect credit card transactions on the Internet.

Virtually all businesses, most government agencies, and many individuals now have Web sites. The number of individuals and companies with Internet access is expanding rapidly and all of these have graphical Web browsers. As a result, businesses are enthusiastic about setting up facilities on the Web for electronic commerce. But the reality is that the Internet and the Web are extremely vulnerable to compromises of various sorts. As businesses wake up to this reality, the demand for secure Web services grows.

The topic of Web security is a broad one and can easily fill a book (several are recommended at the end of this chapter). In this chapter, we begin with a discussion of the general requirements for Web security and then focus on two standardized schemes that are becoming increasingly important as part of Web commerce: SSL/TLS and SET.