Key Terms
acquirer cardholder
certification authority (CA) dual signature
issuer merchant
payment gateway
Secure Electronic Transaction (SET) Secure Socket Layer (SSL)
Transport Layer Security (TLS)
Review Questions
17.1 What are the advantages of each of the three approaches shown in Figure 17.1
?
17.2 What protocols comprise SSL?
17.3 What is the difference between an SSL connection and an SSL session?
17.4 List and briefly define the parameters that define an SSL session state.
17.5 List and briefly define the parameters that define an SSL session connection.
17.6 What services are provided by the SSL Record Protocol?
17.7 What steps are involved in the SSL Record Protocol transmission?
17.8 List and briefly define the principal categories of SET participants.
17.9 What is a dual signature and what is its purpose?
Problems
17.1 In SSL and TLS, why is there a separate Change Cipher Spec Protocol, rather than including a change_cipher_spec message in the Handshake Protocol?
17.2 Consider the following threats to Web security and describe how each is countered by a particular feature of SSL.
a. Brute-Force Cryptanalytic Attack: An exhaustive search of the key space for a conventional encryption algorithm.
b. Known Plaintext Dictionary Attack: Many messages will contain predictable plaintext, such as the HTTP GET command. An attacker constructs a dictionary containing every possible encryption of the known-plaintext message. When an encrypted message is intercepted, the attacker takes the portion containing the encrypted known plaintext and looks up the ciphertext in the dictionary. The ciphertext should match against an entry that was encrypted with the same secret key. If there are several matches, each of these can be tried against the full ciphertext to determine the right one. This attack is especially effective against small key sizes (e.g., 40-bit keys).
[Page 562]
c. Replay Attack: Earlier SSL handshake messages are replayed.
d. Man-in-the-Middle Attack: An attacker interposes during key exchange, acting as the client to the server and as the server to the client.
e. Password Sniffing: Passwords in HTTP or other application traffic are eavesdropped.
f. IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus data.
g. IP Hijacking: An active, authenticated connection between two hosts is disrupted and the attacker takes the place of one of the hosts.
h. SYN Flooding: An attacker sends TCP SYN messages to request a connection but does not respond to the final message to establish the connection fully. The attacked TCP module typically leaves the
"half-open connection" around for a few minutes. Repeated SYN messages can clog the TCP module.
17.3 Based on what you have learned in this chapter, is it possible in SSL for the receiver to reorder SSL record blocks that arrive out of order? If so, explain how it can be done. If not, why not?
[Page 563]
Part Four: System Security
Security is a concern of organizations with assets that are controlled by computer systems.
By accessing or altering data, an attacker can steal tangible assets or lead an organization to take actions it would not otherwise take. By merely examining data, an attacker can gain a competitive advantage, without the owner of the data being any the wiser.
Computers at Risk: Safe Computing in the Information Age, National Research Council, 1991 The developers of secure software cannot adopt the various probabilistic measures of quality that developers of other software often can. For many applications, it is quite reasonable to tolerate a flaw that is rarely exposed and to assume that its having occurred once does not increase the likelihood that it will occur again. It is also reasonable to assume that logically independent failures will be statistically independent and not happen in concert. In contrast, a security vulnerability, once discovered, will be rapidly disseminated among a community of attackers and can be expected to be exploited on a regular basis until it is fixed.
Computers at Risk: Safe Computing in the Information Age, National Research Council, GAO/OSI-94-2, November 1993
Part Four looks at system-level security issues, including the threat of and countermeasures for intruders and viruses and the use of firewalls and trusted systems.
[Page 564]
Road Map for Part Four
Chapter 18: Intruders
Chapter 18 examines a variety of information access and service threats presented by hackers that exploit vulnerabilities in network-based computing systems. The chapter begins with a discussion of the types of attacks that can be made by unauthorized users, or intruders, and analyzes various approaches to prevention and detection. This chapter also covers the related issue of password
management.
Chapter 19: Malicious Software
Chapter 19 examines software threats to systems, with a special emphasis on viruses and worms. The chapter begins with a survey of various types of malicious software, with a more detailed look at the nature of viruses and worms. The chapter then looks at countermeasures. Finally, this chapter deals with distributed denial of service attacks.
Chapter 20: Firewalls
A standard approach to the protection of local computer assets from external threats is the use of a firewall. Chapter 20 discusses the principles of firewall design and looks at specific techniques. This chapter also covers the related issue of trusted systems.
[Page 565]