Systems, Security and Data Analysis- week 9

Systems, Security and Data Analysis

Certificates and Web Security

NOTE: lecture involves knowledge of symmetric and asymmetric cryptography theories. Due to knowing this, no notes were made on this.

X.509

Acts as a third party- a certificate authority

Has a public key which is known enough to prevent spoofing

Will sign to say Alice has a specific public key, which is then passed to Bob and others, it is Alice’s certificate

A distinguished name (DN) is a set of attribute=value points, example below:

CN= MY computer OU- My organisational unit, O- my organisation, L- my Locality, S- My state, C- My country name

Each individual one of these is known as a relative DN

Picture taken from Microsoft

CA root certificate

Contains the DN and public key of a trusted certification authority

So, this can issue an intermediary CA certificate which can issue Alice’s certificate

This provides a level of confidence that the certificate is genuine

Certificate Signing Request

Following general guidelines for keypair management- subjects generate their own keys

The public key is placed in a Certificate Signing Request

This is sent to the Certificate Authority

A certificate is sent which binds the public key to the DN when the authority is satisfied

HTTP and TLS

HTTP sends requests and responses in plain text over TCP protocol

HTTPS- secure HTTP, does the same but adds on Secure sockets Layer, and more recently now, TLS

This authenticates the web server, encrypting traffic

Security of application data

This data is encrypted using sym encryption- key is shared between client and server

This, along with the authentication key is known as session keys

SSL has sub protocols-

Record- transport of data for higher level protocols

Handshake- establishes shared secrets

Change cipher spec- used in establishment of sessions

Alert protocol- reports errors