EMAIL SECURITY
E-Mail
- One of the most heavily used network-based applications.
- Have sender and receiver. However, the receiver is not online.
- Some email system only can deliver ASCII codes.
- Developed by Phil Zimmermann
- Uses public key encryption, signature scheme, hash function, secret key encryption, compression function and email compatibility.
S/MIME = Secure/Multipurpose Internet Mail Extension
- Another security enhanced email system.
- Similar to PGP which is uses signature scheme, session key and secret key encryption.
Function of S/MIME:
- Enveloped data
- Signed data
- Clear-signed data
- Signed and enveloped data
Applications of Email Security
- PGPmail
- Expressmail
- POTP Securemail
- SecretAgent
- Safe-mail
- PrivacyX
- Stealth Messages
- YNN
- HyperSend
WEB SECURITY
Includes three parts which are security of server, security of client and network traffic security between a browser and a server.
Network security can considered at different levels, examples:
- Network level: Use IPSec
- Transport level: Use SSL or TLS
- Application level: Use PGP, S/MIME or SET
Secure Socket Layer (SSL)
- Developed by Netscape
- Main part of SSH contain several protocol which are SSL Handshake Protocol, SSL Change Cipher Spec Protocol, SSL Alert Protocol and SSL Record Protocol
- Basically, SSH is used to secure the transmission between a client and server.
Secure Electronic Transaction (SET)
- Open encryption and security specification designed to protect credit card transaction on the Internet.
- Confidentiality of information
- Integrity of data
- Cardholder account authentication
- Merchant authentication
Participants:
- Cardholder
- Merchant
- Issuer
- Acquirer
- Payment gateway
- Certification authority
The sequence of events required for a transaction are as follows:
- The customer obtains a credit card account with a bank that supports electronic payment and SET
- The customer receives an X.509v3 digital certificate signed by the bank.
- Merchants have their own certificates
- The customer places an order
- The merchant sends a copy of its certificate so that the customer can verify that it's a valid store
- The order and payment are sent
- The merchant requests payment authorization
- The merchant confirms the order
- The merchant ships the goods or provides the service to the customer
- The merchant requests payment
SECURITY AND HTTP
- By default, HTTP not hugely secure
- It does not support for HTTP-authentication
0 comments:
Post a Comment