|
SET - Secure Electronic Transaction:
Developed to send encrypted credit card numbers
Comprised of three main parts: the electronic wallet, the software running on the merchant's server at its web site and the payment server that is located at the merchant's bank.
Cookies:
Text files that a browser maintains on a user's hard drive.
Are used for demographic and advertising information
Are used as timestamps to ensure that a session between a user and a server is restricted to a specific length of time.
Cookies that contain sensitive information should be encrypted by the server on the site that distributed them.
SSH - Secure Shell:
Functions as a type o tunnelling mechanism that provides terminal like access to remote computers.
Should be used instead of telnet, ftp, rlogin, rexec or rsh.
Two computers goes through a handshake and a secure channel is established.
IPSec - Internet Protocol Security:
A method of setting up a secure channel for protected data exchange between two devices.
Widely accepted standard for secure network layer transport.
Have strong encryption and authentication methods that employ public key cryptography.
Is usually used to establish VPN.
It is an open, modular framework that provides a lot of flexibility.
Have two basic security protocols:
- AH - Authentication Header: Is the authenticating protocol.
- ESP - Encapsulating Security Payload: Is an authenticating and encrypting protocol that uses cryptographic mechanism to provide source authentication, confidentiality and message integrity.
Can work in two modes:
- Transport mode: The payload of the message is encrypted
- Tunnel mode: The payload, the routing and header information of the message is encrypted
SA - Security association - Can contain the authentication and encryption keys, the agreed upon algorithms, key lifetime and the source IP address. One SA for each connection.
SPI - Security parameter index - And index that keeps track of the different SAs and tells the divide which one is appropriate to invoke.
ISAKMP - Internet Security Association and Key Management Protocol - An authentication and key exchange architecture that is independent of the type of keying mechanisms used.
Attacks
Ciphertext-only attack:
The attacker has the ciphertext of several messages. Each of the messages has been encrypted using the same encryption algorithm.
Known-plaintext only:
The attacker has the plaintext and ciphertext of one or more messages.
Chosen-plaintext attack:
The attacker has the plaintext and ciphertext and can choose the plaintext that gets encrypted.
Chosen-ciphertext attack:
The attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext.
|
|
