Countermeasures are procedures to recognize, reduce, or eliminate security threats.
Not all threats are worth active prevention; low impact risks (e.g., spam) are better ignored or contained.
Impact (cost) Low High Contain and Control Prevent Insurance or backup Ignore Probability Low High
CommerceNet’s proposed HTTP extension to enhance Internet security.
Encrypts individual messages (rather than entire sessions as in SSL).
During handshake, S-HTTP sets up special packet headers with multiple security features (server authentication, client authentication, message integrity, etc.) which may be designated as required, optional, or refused.
Authentication done using digital certificates issued by a trusted certification agency.
All client or server messages are wrapped in a “secure envelope” with the necessary security fields.
Application layer standard: Works only with HTTP (not with FTP, telnet).
A hash algorithm is used to calculate a hash value (message digest) from a message (two messages may not have the same hash value).
One-way function: hash values cannot be decoded to original message.
Sender sends both message and hash values; receiver recomputes hash value and compares with received hash value to determine if message was altered during transit.
Combines public key encryption (for authentication), private key encryption (for message encryption) and hash coding (for data integrity).
Strongest encryption technology available.
Digital Signatures Buy 100 shares of company X XY%@4?2> Plaintext M Hash Value encrypted using S’s private key Session key encrypted using R’s public key Buy 100 shares of company X WV6%$#21 Session key 85TR&%$8F Hash value decrypted using S’s public key GHJ&*96w() Session key decrypted using R’s private key Decrypted session key used to decrypt message 85TR&%$8F Hash value XY%@4?2> 85TR&%$8F Hash value recomputed from message and compared with received hash value ? 56FG@%4D Encrypted message, encrypted hash value and encrypted session key send to R Original message encrypted using session key 56FG@%4D Original message encrypted using session key