Skip to main content

Security summary

I started working on security issues. There are many terms that need to be understood. So I write short explanation of them:

PKI - Public Key Infrastructure

General name for 'all stuff that is needed for security': hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

SSL - Secure Sockets Layer

A protocol for secure connection over the net. It insure

  • Confidentiality – secure communication between server-client
  • Integrity assurance – data sent from the client was not tampered with in transit
  • Authentication (optional) – server AuthN to Client and vice versa

SSL latest version is 3.1 and is also known as TLS

CRL - Certificates Revocation List

A list is a list of revoked certificates from a specific certificate issuer.

Each certificate can hold an address as URL where the issuer places its CRL and anyone like a web server could fetch the CRL and insure the certificate presented has not been revoked by the Certificate issuer (CA).

CA

Certificate issuer


Authentication: Who sent this message?

“it’s from me, Julie. I swear! Trust me.”
“it’s from me, Bill Gates. I swear! Trust me. Heh heh.”

Solution: Credentials
Login/Password
Digital Certificate

Authorization: What can this person do?

Retrieve telephone numbers? Social Security numbers?
Delete Records?

Solution: Use Roles to define privileges

Confidentiality: Who can read this message?

*$#(UDUSF(*#WJF*SJ()jd90fd”Q@fdsj48!
“thanks for sending me that credit card number! Heh heh.”

Solution: Encryption
Shared secret or public/private key pairs to encrypt & decrypt

Integrity: Did anyone tamper with this message?

“darling, will you marry me?”
“darling, I must confess, I’m married”

Solution: Digital Signature used to compare sent & received message

Comments

eSignature said…
Thanks a lot for this contribution! It is very useful to me. Everything is very open and represents very clear explanation of issues. Really blogging is spreading its wings quickly. Your write up is a good example of it.
24/4/14 5:16 PM
Ziv said…
Thanks!
26/4/14 9:51 PM
Post a Comment

Popular posts from this blog

Best freeware - XML editor

As a software developer, I open XML files all the time. I a heavy commercial XML editor. But nothing can compare to a small, thin and free XML editor like 'foxe'. A great feature is has is the alignment of long XML strings to readable XML format (Shift-F8). It help lot of times when the XML file was generated by some tool and was not readable. Homepage: http://www.firstobject.com/dn_editor.htm
2 comments
Read more

SSL in pictures

Here is my summary on SSL (or as I like to call it 'SSL for dummies')
5 comments
Read more

Jenkins error: groovy.lang.MissingPropertyException

I tried to run groovy build step and got below error. This post will describe how I solved the problem. Caught: groovy.lang.MissingPropertyException: No such property: hudson for class: script
6 comments
Read more