The fourth week of CST 311 focused on network security and encryption.
The major points of secure communication (that were covered in this week’s material) include:
Confidentiality: Only the sender and the intended recipient(s) of a message should be able to read it. The Internet is at its foundation an unsecure medium – there are ample opportunities for actors to sniff data while it is in transit. Thus, encryption is required to garble the data while it is being transferred. This “enroute” encryption of data has many historical analogies; a famous instance is Rome’s Caesar cipher.
Integrity: The guarantee that a message has not been altered in transit. A common way to ensure message integrity is to send a hash along with a message. If the message (once put through the relevant hash function) no longer matches the sent hash, the message has been tampered with. Note that sending a hash as plaintext is vulnerable to man-in-the-middle attacks. In truly secure systems, the hash must be protected somehow. This is normally accomplished by having the sender and receiver(s) of a message share a common secret which they incorporate into the hash generation. Alternatively, the hash can be protected under symmetric or public key encryption.
End-point authentication: The sender and recipient(s) of a message should be able to verify that the other party is indeed who they say they are. The main way this is done is with public key encryption. In this strategy, the sender will encrypt a message (or a hash of the message) with their private key. To test if the message was from the sender, the recipient(s) use the sender’s public key to decrypt the message, proving the expected sender was the author. Note that since public keys are often exchanged between the sender and recipients as part of setting up secure communication, a third party called a “Certificate Authority” is required to verify that a public key indeed belongs to a sender.
No comments:
Post a Comment