SlideShare une entreprise Scribd logo

Websphere - Introduction to ssl part ii

Télécharger en tant que PPT, PDF
Vibrant Technologies & Computers
Vibrant Technologies & Computers

This preentation is about - Inbound SSL, SSL Configuration object, Outbound SSL, Monitoring Certificate Expiry, For more details visit - http://vibranttechnologies.co.in/websphere-classes-in-mumbai.html

Technologie
1  sur  46
1/82
2/82 2 Web Services Security
3/82 3  Web services security is one of the most important Web services issues  Consider the following simple Web services-based application: Bank Data Center Bank Teller 1 Bank Teller 2 Network
4/82 4  If no security measure has been applied, the three major risk factors are: – Unauthorized transactions (Authorization) Teller 2 in fact is an imposer sending a SOAP message to the data center to request money withdrawal – Readable messages in clear text (Confidentiality) The account number and balance in the SOAP packet is read by the imposer on the network and he later uses them to withdraw money from that account – SOAP message susceptible to modification (Integrity) The SOAP message is intercepted and modified by the imposer. Money is deposited to another account
5/82 5  With the advance of Internet technology, various security measures have been imposed to protect Web communications  The most popular one is HTTPS/SSL which provides “protocol-level” or “transport-level” security – Facilitate identification, basic authentication, encryption, and built-in integrity check – Provide point-to-point security across one connection  The above security risks can be removed by using HTTPS/SSL
6/82 6 Web server protected by HTTPS Internet  Consider a more complicate Web services-based application: Backend Application Web server protected by HTTPS Backend Application Web Services Gateway protected by HTTPS secure secure secure secure??? Business Partner 1 Business Partner 2
7/82 7  Even if HTTPS has been used in all Internet connections, the above application still has security and other problems – HTTPS provides point-to-point security only. Hence the security after the Web server is not guaranteed (need end-to-end security) – Business Partner 1 can deny the messages it sent to Business Partner 2 since there is no proof about the originator of the messages (need non-repudiation) – There is no record of all transactions so there is no way to look for security problems after the fact (need auditing) – Since all incoming and outgoing messages need to encrypt, demand much CPU time from all servers
8/82 8 Internet  A message level security measure is required to provide not only point-to-point security but end-to-end security  Can be achieved by embedding security information in the SOAP message itself Web Services Gateway protected by HTTPS secure secure secure Secure Secure SOAP message credentials
9/82 9  To ensure interoperability, a standard to define new security elements in SOAP messages is needed  WS-Security specification covers a standard set of SOAP extensions that can be used when building secure Web services  It defines how to use and build upon existing security technologies (e.g. PKI, Kerberos, SSL, XML encryption, XML Digital Signature, etc.) for Web services  WS-Security specification was formalized in April 2002  More specifications have been added and consolidated by the OASIS consortium, a non-profit organization that drives the development of e-business standards  WS-Security v1.0 is an OASIS standard as of April 2004 which covers mainly the extension of SOAP messages
10/82 10 A Brief Review of Core Security Technologies  Common core technologies that are being used for security purpose include – Symmetric encryption – Asymmetric encryption – Hash function and digital signature – XML encryption – XML digital signature
11/82 11  Encryption – convert the data concerned into another form based on a key. Without the key, the data cannot be converted back to the original form  Symmetric – the same algorithm and key are used for both encryption and decryption (except for a slight rearrangement of the key)  Advantage – fast (compare with asymmetric algorithms)  Drawback – both encryption and decryption keys must remain secret  Interesting problem – how do you send your key to your partner securely?  Common symmetric encryption algorithms, DES, AES … Symmetric Encryption
12/82 12 Secret Key generator Sender Receiver Plain text message Cipher text message Plain text message The same key is used for both encryption and decryption
13/82 13  Asymmetric Encryption – different keys will be used for encryption and decryption  Usually one key is made known to public, the other key is kept secret  Advantage – solve the problem of distributing the key  Drawback – slower than symmetric algorithm  The most common asymmetric encryption algorithm, RSA, which is named after the three inventors, R. Rivest, A. Shamir and L. Adleman  Its security is based on the intractability of the factorization of large integers – what are the two factors of the number 8876044532898802067? Asymmetric Encryption
14/82 14 Asymmetric key pair generator Sender Receiver Plain text message Cipher text message Plain text message Different keys are used for encryption and decryption
15/82 15  Two common ways of using asymmetric encryption – Sender: public key. Receiver: private key To ensure the encrypted message (using the public key) can only be seen by a particular receiver (decrypted using the private key) – Sender: private key. Sender: public key If a recipient successfully decrypts a message encrypted with our public key, they know this message is sent by me Hence can be used for identifying the originator of the message
16/82 16 A hybrid approach – Digital Envelope Asymmetric key pair generator Sender Receiver Plain text message Plain text message Symmetric key generator Public key Private key Digital Envelope Cipher text message
17/82 17  Advantages: – Fast, since asymmetric encryption is applied only to a key, which is usually not so long in length – Secure, since we don’t need to send the symmetric key thru the network to the sender or receiver  SSL is an example that uses the above hybrid approach  Most of the security issues are solved with protocols based on combinations of symmetric encryption, asymmetric encryption, and hash functions
18/82 18  To ensure data integrity, an identifier needs to be sent with sender’s data to proof that the data have not been changed during transmission  To achieve non-repudiation, the identifier should further proof the source who generates the identifier  Based on the digital signature technique, a hash, or “digest" of the transmitted data is extracted and encrypted by a private key  The receiver extracts the encrypted digest and decrypted by a public key  The receiver uses the same algorithm to generate the digest of the data object & compare with the encrypted one  If they match, the data object is from the right source Hash Functions and Digital Signature
19/82 19 Data Object Hashing Algorithm Digest Private key of transmit entity Encrypted Digest Data Object Send to the receiver Digital signature Two important properties of the digest: • Given an input stream and its hash code, it is practically impossible to find a second stream with the same hash code • A small change to the original input stream produces a huge change in the hash code
20/82 20 Data Object Public key of transmit entity Hashing Algorithm If the digests match, the data object is from the right source Receive from the sender
21/82 21  Data integrity is ensured because if an attacker modifies the data object, the digests will not match  If an attacker tries to modify the data object as well as the digest, he will still fail because the attacker does not know the private key  Non-repudiation is achieved because if the receiver can decrypt the digest, the digest must be sent from the right source  In the above case, the data object is not encrypted. Anybody can read it  If the data object itself is considered as confidential, data encipherment can be applied to further encrypt the data object
22/82 22  The XML Encryption standard defines ways to encrypt all or part of an XML document  Encrypted info is replaced with a single <EncryptedData> element  Allow encrypting different parts of the same document with different keys  Allow encrypting the whole document, a single element, or just the text of an element XML Encryption
23/82 23  An <EncryptedData> element contains the following elements – <EncryptionMethods> The algorithm used to encrypted the data – <KeyInfo> Information about the key used to encrypt the data – <CipherData> Contain the actual encrypted data  W3C XML Encryption specifications were proposed by IBM, Microsoft and Entrust  Currently it is still a W3C recommendation. Details can be found in http://www.w3.org/Encryption Inside <EncryptedData>
24/82 24  The XML Digital Signature standard defines rules for creating a digital signature and storing that signature inside an XML document  The <Signature> element has 3 main parts – <SignedInfo> Information about what is signed (such as the algorithm used to generate the digest and the encryption algorithm) – <SignatureValue> The value of the digital signature itself – <KeyInfo> The public key used to verify the signature (optional)  Now a W3C recommendation (http://www.w3.org/Signature) XML Digital Signature
25/82 25 <S: Envelope xmlns:S=“http://schemas.xmlsoap.org/soap/envelope/”> <S:Header> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext”> <wsse:UsernameToken> ... </wsse:UsernameToken> <EncryptedKey xmlns="http://www.w3.org/2001/04/enc-enc-enc#"> ... </EncryptedKey> <Signature xmlns:"http://www.w3.org/2000/09/xmldsig#"> ... </Signature> </S:Header> Basic Syntax of WS-Security Authentication Confidentiality, adopt XML Encryption Integrity, adopt XML Digital Signature Define and use WS-Security namespace  <wsse:Security> is the “container” for security-related info  Place in the header means apply to the whole SOAP msg
26/82 26 <S:Body> ... <EncryptedData> ... </EncryptedData> </S:Body> </S:Envelope> <S:Body> ... <EncryptedData> ... </EncryptedData> </S:Body> </S:Envelope> Encrypted contents inside the Body can be included in the <EncryptedData> element
27/82 27 WS-Security for Authentication – Security Token  WS-Security defines security tokens, which can contain various requestors’ claims (a declaration made by some entity) – e.g. a username and optional password, an X.506 certificate, or a Kerberos ticket  Basically there are two types of tokens: – UsernameToken and BinarySecurityToken  UsernameToken is the simplest one. Contain a mandatory username and optional password  BinarySecurityToken however contains encoded binary data that is suitable for storing X.509 certificate or Kerberos ticket
28/82 28 <S: Envelope xmlns:S=“http://schemas.xmlsoap.org/soap/envelope/”> <S:Header> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext” soapenv:mustUnderstand=“1”> <wsse:UsernameToken wsu:ID=“myToken”> <wsse:Username>danielLun</wsse:Username> <wsse:Password>passw0rd</wsse:Password> </wsse:UsernameToken> </wsse:Security> </S:Header> <S:Body> ... </S:Body> </S:Envelope> Requester provides the claim (username and password) to the server for validation. Server must understand this header or an error should be returned  Sending username and password in this way is obviously not secure.  Need to be used with WS-Security encryption to hide away both username and password The other part of the message can refer to this UsernameToken with this ID
29/82 29 <S: Envelope xmlns:S=“http://schemas.xmlsoap.org/soap/envelope/”> <S:Header> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext” soapenv:mustUnderstand=“1”> <wsse:BinarySecurityToken wsu:ID=“myToken” ValueType=“wsse:Kerberosv5ST” EncodingType=“wsse:Base64Binary> XIFNWZz99UUbalqIEmJZc0 ... </wsse:BinarySecurityToken> </wsse:Security> </S:Header> <S:Body> ... </S:Body> </S:Envelope> Specify that the binary data of Kerberos service ticket will be encoded using Base64 representation  Since any third party can take the ticket or certificate and include in their application, the ticket or certificate alone cannot serve as proof of possession Using Kerberos service ticket Kerberos ticket or x.509 certificate are also referred as signed security tokens since the data has been cryptographically signed by a specific authority
30/82 30 WS-Security for Confidentiality – Using XML Encryption  For WS-Security, there is no intention to create new methods but integrating the existing technologies to achieve security, e.g. XML Encryption  <EncryptedKey> element is placed in security header for implementing digital envelope – <EncryptionMethod> Algorithm for the encryption of the symmetric key – <KeyInfo> Identifier of a public key used for encryption, assume both the client and server understand the meaning of the identifier – <CipherData><CipherValue> Encrypted symmetric key value – <ReferenceList> List of <DataReference> to contents encrypted with this symmetric key
31/82 31 Asymmetric key pair generator Sender Receiver Plain text message Plain text message Symmetric key generator Public key Private key Digital Envelope Cipher text message
32/82 32 <S: Envelope xmlns:S=“http://schemas.xmlsoap.org/soap/envelope/”> <S:Header> <wsse:Security ...> <EncryptedKey xmlns=“http://www.w3.org/2001/04/xmlenc#”> <EncryptionMethod Algorithm = “http://www.w3.org/2001/04/xmlenc#rsa-1_5”> </EncryptionMethod> <KeyInfo xmlns=“http://www.w3.org/2000/09/xmlsig#”> <wsse:SecurityTokenReference> <wsse:KeyIdentifier>u3AA1M+DMOA1bX/vWJ ... </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </KeyInfo> <CipherData> <CipherValue>cdck0cWh94oF5xBoEm ... </CipherValue> </CipherData> <ReferenceList> <DataReference URI = “#myToken”> </DataReference> </ReferenceList> </EncryptedKey> Symmetric key is encrypted with RSA-1.5 algorithm using the public key as stated below The key identifier (not the key itself) of a public key The encrypted symmetric key The URI should be referred to when the symmetric key is used by other part of message
33/82 33 <S:Body> <po xmlns: ...> <wsse:Security ...> <EncryptedData xmlns=“http://www.w3.org/2001/04/xmlenc#” Id=“myToken” Type=“http://www.w3.org/2001/04/xmlenc#Content”> <EncryptionMethod Algorithm = “http://www.w3.org/2001/04/xmlenc#tripledes-cbc”> </EncryptionMethod> <CipherData> <CipherValue>Ew7Zggr8z3 ... </CipherValue> </CipherData> </EncryptedData> <shipTo> <company>The Skateboard Warehouse</company> <street>One Warehouse Park</street> <postalCode>01775</postCode> </shipTo> : </po> </S:Body> Using the symmetric key as mentioned in the header for encrypting this part The encryption algorithm is triple-DES, a symmetric encryption algorithm The original data is the credit card info of the customer, but now is replaced by a ciphered code The less sensitive part is sent to the server without encryption
34/82 34 WS-Security for Integrity and Non- repudiation – Using XML Digital Signature Data Object Hashing Algorithm Digest Private key of transmit entity Encrypted Digest Data Object Send to the receiver Digital signatureDigital signature
35/82 35 <S: Envelope xmlns:S=“http://schemas.xmlsoap.org/soap/envelope/”> <S:Header> <wsse:Security ...> <wsse:BinarySecurityToken wsu:ID=“myToken” ValueType=“wsse:X509v3” : </wsse:BinarySecurityToken> <Signature xmlns=“http://www.w3.org/2000/09/xmldsig#”> ... XML Digital Signature of body_id is placed here ... ... It is encrypted with a private key of which its ... public key counterpart is indicated in myToken ... </Signature> </wsse:Security> </S:Header> <S:Body xmlns:wsu= ... wsu:ID=“body_id”> ... </S:Body> </S:Envelope> • The X.509 certificate contains the public key of the client • Its private counterpart will be used to encrypt the digest for generating the signature • The certificate will be sent to server Namespace for XML Digital Signature which defines the element <Signature>
36/82 36 <Signature xmlns=“http://www.w3.org/2000/09/xmldsig#”> <SignedInfo> ... Indicate what is to be signed ... ... A digest of body_id is generated and placed here... ... Define the algorithms used to generate the digest.. : </SignedInfo> <SignatureValue> : ... The actual signature ... ... The digest of <SignedInfo> part will be generated ... and encrypted using the private key as implied ... in <KeyInfo> ... : </SignatureValue> <KeyInfo> : ... Indicate the security token, i.e. myToken in this case, ... which keeps a public key. Its private key counterpart ... will be used for encrypting the digest of <SignedInfo> : </KeyInfo> </Signature>
37/82 37 <KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI=“#myToken”></wsse:Reference> </wsse:SecurityTokenReference> </KeyInfo>  A security token is referring to in <KeyInfo>  The URI “myToken” indicates that the X.509 certificate defined at the beginning of SOAP message will be used  X.509 certificate contains much information about its owner, one of them is the public key  Its private key counterpart will be used to encrypt the digest
38/82 38  The target is signed rather indirectly in order to ensure both the target and the <SignedInfo> subtree will not be altered unnoticeably by the imposer  A digest of the target (i.e. the Body in this case) is generated and put into the <SignedInfo> subtree  The encrypted digest of the whole <SignedInfo> subtree is then generated and put into <SignatureValue> <S: Envelope ... > <S:Header> <wsse:Security ...> : <Signature ... > <SignedInfo> : </SignedInfo> <SignatureValue> : </SignatureValue> </Signature> </wsse:Security> </S:Header> <S:Body...> : </S:Body> </S:Envelope> Digest Encrypted Digest
39/82 39  Imposer cannot change the target (i.e. Body) unnoticeably since it will not match with the digest in <SignedInfo>  Imposer cannot change the body and the digest in <SignedInfo> together unnoticeably , since it will not match with the digest in <SignatureValue>  Imposer cannot change digest in <SignatureValue> since he does not have the private key <S: Envelope ... > <S:Header> <wsse:Security ...> : <Signature ... > <SignedInfo> : </SignedInfo> <SignatureValue> : </SignatureValue> </Signature> </wsse:Security> </S:Header> <S:Body...> : </S:Body> </S:Envelope> Digest Encrypted Digest
40/82 40 <SignedInfo> <CanonicalizationMethod Algorithm = “http://www.w3.org/2001/10/xml-exc-c14n#”/> <SignatureMethod Algorithm = “http://www.w3.org/2000/09/xmlsig#rsa-sha1”/> <Reference URI=“#body_id”> <Transforms> <Transform Algorithm = “http://w3.org/2001/10/xml-exc-c14n#”/> </Transforms> <DigestMethod Algorithm = “http://www.w3.org/2000/09/xmldsig#sha1”/> <DigestValue>Ojjw8nkT3jJoNN/Axsd ...</DigestValue> </Reference> </SignedInfo>  The <Body> is first transformed using the algorithm EXC-C14N into a canonical form  The digest of it is generated using an algorithm SHA1  The digest is stored in <DigestValue> element
41/82 41 <SignedInfo> <CanonicalizationMethod Algorithm = “http://www.w3.org/2001/10/xml-exc-c14n#”/> <SignatureMethod Algorithm = “http://www.w3.org/2000/09/xmlsig#rsa-sha1”/> <Reference URI=“#body_id”> : </Reference> </SignedInfo>  Before generating the digest of <SignedInfo>, it should first be converted into a canonical form using EXC-C14N canonicalization algorithm  The digest of <SignedInfo> is generated using the SHA1 algorithm and encrypted using RSA asymmetric encryption algorithm (hence RSA- SHA1)
42/82 42 Verification of the Digital Signature When the server receives the signed SOAP message, it should 1. generate the digest of the target (i.e. Body in this case) using the indicated algorithms (EXC-C14N and SHA1) 2. Compare with the one in <SignedInfo> 3. If match, decrypt the signature using the public key given in the security token 4. Extract the <SignedInfo> subtree of the SOAP message 5. Generate the digest of <SignedInfo> using the algorithms indicated (EXC-C14N and SHA1) 6. Compare the generated digest and the one in <SignatureValue>
43/82 43 WS-Security Implementation in WebSphere Client WebSphere App Server Requester App Provider App Handler Request Response Deployment Descriptor Handler Request Response Deployment Descriptor  The security functions required in the handlers are defined in the respective Deployment Descriptor  No need to add or change any code in the Java source  Allow a security manager to control and change all security options without interfering with developer tasks
44/82 44  WebSphere Studio makes it easy to add WS-Security to a Web service  Security Handler module can be added to contains the code for Web Service Security functions – Client’s Request Unit: SOAP request header construction Security token generation, digital signature generation or content encryption – Server’s Request Unit: SOAP request header processing Validate security tokens, set up security content, decrypt content or digital signature validation – Server’s Response Unit: SOAP response header construction Digital signature generation, content encryption – Client’s Response Unit: SOAP response header processing Decrypt content and digital signature validation
45/82 45 The Roadmap of WS-Security SOAPFoundat WS-SecurityLaye WS-SecureConversation WS-Federation WS-Authentication WS-Policy WS-Trust WS-Privacy Current Standards Specifications in progress
46/82 ThankThank You !!!You !!! For More Information click below link: Follow Us on: http://vibranttechnologies.co.in/websphere-classes-in-mumbai.html

Recommandé

Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Security
SecuritySecurity
Securitymajstors
 
S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvanitrraincity
 
Online security & encryption
Online security & encryptionOnline security & encryption
Online security & encryptionQamar Farooq
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6 WE-IT TUTORIALS
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageat MicroFocus Italy ❖✔
 

Recommandé

Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Security
SecuritySecurity
Securitymajstors
 
S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvanitrraincity
 
Online security & encryption
Online security & encryptionOnline security & encryption
Online security & encryptionQamar Farooq
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6 WE-IT TUTORIALS
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageat MicroFocus Italy ❖✔
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web securityrajakhurram
 
A new algorithm for implementing message authentication and integrity in soft...
A new algorithm for implementing message authentication and integrity in soft...A new algorithm for implementing message authentication and integrity in soft...
A new algorithm for implementing message authentication and integrity in soft...TELKOMNIKA JOURNAL
 
Improving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmImproving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmIJCSEA Journal
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Web Security
Web SecurityWeb Security
Web SecurityRam Dutt Shukla
 
Design of Hybrid Cryptography Algorithm for Secure Communication
Design of Hybrid Cryptography Algorithm for Secure CommunicationDesign of Hybrid Cryptography Algorithm for Secure Communication
Design of Hybrid Cryptography Algorithm for Secure CommunicationIRJET Journal
 
SSl and certificates
SSl and certificatesSSl and certificates
SSl and certificatesNetri Chowdhary
 
web security
web securityweb security
web securityChirag Patel
 
Web security for e-commerce
Web security for e-commerceWeb security for e-commerce
Web security for e-commerceNishant Pahad
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerAkhil Nadh PC
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommercepriyanka Garg
 
Websecurity
Websecurity Websecurity
Websecurity Merve Bilgen
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
Wireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionWireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionDidar Hussain
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...IOSR Journals
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
security issue
security issuesecurity issue
security issueJAINIK PATEL
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...Kimberly Thomas
 

Contenu connexe

Tendances

PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web securityrajakhurram
 
A new algorithm for implementing message authentication and integrity in soft...
A new algorithm for implementing message authentication and integrity in soft...A new algorithm for implementing message authentication and integrity in soft...
A new algorithm for implementing message authentication and integrity in soft...TELKOMNIKA JOURNAL
 
Improving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmImproving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmIJCSEA Journal
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Design of Hybrid Cryptography Algorithm for Secure Communication
Design of Hybrid Cryptography Algorithm for Secure CommunicationDesign of Hybrid Cryptography Algorithm for Secure Communication
Design of Hybrid Cryptography Algorithm for Secure CommunicationIRJET Journal
 
Web security for e-commerce
Web security for e-commerceWeb security for e-commerce
Web security for e-commerceNishant Pahad
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerAkhil Nadh PC
 
Wireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionWireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionDidar Hussain
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...IOSR Journals
 

Tendances (20)

PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
 
A new algorithm for implementing message authentication and integrity in soft...
A new algorithm for implementing message authentication and integrity in soft...A new algorithm for implementing message authentication and integrity in soft...
A new algorithm for implementing message authentication and integrity in soft...
 
Improving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmImproving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA Algorithm
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Web Security
Web SecurityWeb Security
Web Security
 
Design of Hybrid Cryptography Algorithm for Secure Communication
Design of Hybrid Cryptography Algorithm for Secure CommunicationDesign of Hybrid Cryptography Algorithm for Secure Communication
Design of Hybrid Cryptography Algorithm for Secure Communication
 
SSl and certificates
SSl and certificatesSSl and certificates
SSl and certificates
 
web security
web securityweb security
web security
 
Web security for e-commerce
Web security for e-commerceWeb security for e-commerce
Web security for e-commerce
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket Layer
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
Websecurity
Websecurity Websecurity
Websecurity
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
Wireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionWireless Networks Encryption and Decryption
Wireless Networks Encryption and Decryption
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & Encryption
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...
 
IP Security
IP SecurityIP Security
IP Security
 

Similaire à Websphere - Introduction to ssl part ii

The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...Kimberly Thomas
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptxRushikeshChikane2
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systemsAbdulaziz Mohd
 
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEMSECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEMJournal For Research
 
Enhancement in data security and integrity using minhash technique
Enhancement in data security and integrity using minhash techniqueEnhancement in data security and integrity using minhash technique
Enhancement in data security and integrity using minhash techniquenooriasukmaningtyas
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORK
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORKA NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORK
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORKijmnct
 
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfAn Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfKailasS9
 
Encryption Data Measurement and Data Security of Hybrid AES and RSA Algorithm
Encryption Data Measurement and Data Security of Hybrid AES and RSA AlgorithmEncryption Data Measurement and Data Security of Hybrid AES and RSA Algorithm
Encryption Data Measurement and Data Security of Hybrid AES and RSA Algorithmijtsrd
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications TechnologiesSarah Jimenez
 
A Study of Location and Date-Time Encryption of Cloud using Android Application
A Study of Location and Date-Time Encryption of Cloud using Android ApplicationA Study of Location and Date-Time Encryption of Cloud using Android Application
A Study of Location and Date-Time Encryption of Cloud using Android ApplicationIRJET Journal
 
IRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using CryptographyIRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using CryptographyIRJET Journal
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 

Similaire à Websphere - Introduction to ssl part ii (20)

security issue
security issuesecurity issue
security issue
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
L017136269
L017136269L017136269
L017136269
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
 
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEMSECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
 
Enhancement in data security and integrity using minhash technique
Enhancement in data security and integrity using minhash techniqueEnhancement in data security and integrity using minhash technique
Enhancement in data security and integrity using minhash technique
 
Unit 7 : Network Security
Unit 7 : Network SecurityUnit 7 : Network Security
Unit 7 : Network Security
 
network security
network securitynetwork security
network security
 
SSLtalk
SSLtalkSSLtalk
SSLtalk
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Mj3422172221
Mj3422172221Mj3422172221
Mj3422172221
 
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORK
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORKA NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORK
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORK
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
 
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfAn Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
 
Encryption Data Measurement and Data Security of Hybrid AES and RSA Algorithm
Encryption Data Measurement and Data Security of Hybrid AES and RSA AlgorithmEncryption Data Measurement and Data Security of Hybrid AES and RSA Algorithm
Encryption Data Measurement and Data Security of Hybrid AES and RSA Algorithm
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
A Study of Location and Date-Time Encryption of Cloud using Android Application
A Study of Location and Date-Time Encryption of Cloud using Android ApplicationA Study of Location and Date-Time Encryption of Cloud using Android Application
A Study of Location and Date-Time Encryption of Cloud using Android Application
 
IRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using CryptographyIRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 

Plus de Vibrant Technologies & Computers

Data ware housing - Introduction to data ware housing process.
Data ware housing - Introduction to data ware housing process.Data ware housing - Introduction to data ware housing process.
Data ware housing - Introduction to data ware housing process.Vibrant Technologies & Computers
 

Plus de Vibrant Technologies & Computers (20)

Buisness analyst business analysis overview ppt 5
Buisness analyst business analysis overview ppt 5Buisness analyst business analysis overview ppt 5
Buisness analyst business analysis overview ppt 5
 
SQL Introduction to displaying data from multiple tables
SQL Introduction to displaying data from multiple tables SQL Introduction to displaying data from multiple tables
SQL Introduction to displaying data from multiple tables
 
SQL- Introduction to MySQL
SQL- Introduction to MySQLSQL- Introduction to MySQL
SQL- Introduction to MySQL
 
SQL- Introduction to SQL database
SQL- Introduction to SQL database SQL- Introduction to SQL database
SQL- Introduction to SQL database
 
ITIL - introduction to ITIL
ITIL - introduction to ITILITIL - introduction to ITIL
ITIL - introduction to ITIL
 
Salesforce - Introduction to Security & Access
Salesforce - Introduction to Security & Access Salesforce - Introduction to Security & Access
Salesforce - Introduction to Security & Access
 
Data ware housing- Introduction to olap .
Data ware housing- Introduction to olap .Data ware housing- Introduction to olap .
Data ware housing- Introduction to olap .
 
Data ware housing - Introduction to data ware housing process.
Data ware housing - Introduction to data ware housing process.Data ware housing - Introduction to data ware housing process.
Data ware housing - Introduction to data ware housing process.
 
Data ware housing- Introduction to data ware housing
Data ware housing- Introduction to data ware housingData ware housing- Introduction to data ware housing
Data ware housing- Introduction to data ware housing
 
Salesforce - classification of cloud computing
Salesforce - classification of cloud computingSalesforce - classification of cloud computing
Salesforce - classification of cloud computing
 
Salesforce - cloud computing fundamental
Salesforce - cloud computing fundamentalSalesforce - cloud computing fundamental
Salesforce - cloud computing fundamental
 
SQL- Introduction to PL/SQL
SQL- Introduction to PL/SQLSQL- Introduction to PL/SQL
SQL- Introduction to PL/SQL
 
SQL- Introduction to advanced sql concepts
SQL- Introduction to advanced sql conceptsSQL- Introduction to advanced sql concepts
SQL- Introduction to advanced sql concepts
 
SQL Inteoduction to SQL manipulating of data
SQL Inteoduction to SQL manipulating of data SQL Inteoduction to SQL manipulating of data
SQL Inteoduction to SQL manipulating of data
 
SQL- Introduction to SQL Set Operations
SQL- Introduction to SQL Set OperationsSQL- Introduction to SQL Set Operations
SQL- Introduction to SQL Set Operations
 
Sas - Introduction to designing the data mart
Sas - Introduction to designing the data martSas - Introduction to designing the data mart
Sas - Introduction to designing the data mart
 
Sas - Introduction to working under change management
Sas - Introduction to working under change managementSas - Introduction to working under change management
Sas - Introduction to working under change management
 
SAS - overview of SAS
SAS - overview of SASSAS - overview of SAS
SAS - overview of SAS
 
Teradata - Architecture of Teradata
Teradata - Architecture of TeradataTeradata - Architecture of Teradata
Teradata - Architecture of Teradata
 
Teradata - Restoring Data
Teradata - Restoring Data Teradata - Restoring Data
Teradata - Restoring Data
 

Dernier

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Dernier (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Websphere - Introduction to ssl part ii

  • 3. 3/82 3  Web services security is one of the most important Web services issues  Consider the following simple Web services-based application: Bank Data Center Bank Teller 1 Bank Teller 2 Network
  • 4. 4/82 4  If no security measure has been applied, the three major risk factors are: – Unauthorized transactions (Authorization) Teller 2 in fact is an imposer sending a SOAP message to the data center to request money withdrawal – Readable messages in clear text (Confidentiality) The account number and balance in the SOAP packet is read by the imposer on the network and he later uses them to withdraw money from that account – SOAP message susceptible to modification (Integrity) The SOAP message is intercepted and modified by the imposer. Money is deposited to another account
  • 5. 5/82 5  With the advance of Internet technology, various security measures have been imposed to protect Web communications  The most popular one is HTTPS/SSL which provides “protocol-level” or “transport-level” security – Facilitate identification, basic authentication, encryption, and built-in integrity check – Provide point-to-point security across one connection  The above security risks can be removed by using HTTPS/SSL
  • 6. 6/82 6 Web server protected by HTTPS Internet  Consider a more complicate Web services-based application: Backend Application Web server protected by HTTPS Backend Application Web Services Gateway protected by HTTPS secure secure secure secure??? Business Partner 1 Business Partner 2
  • 7. 7/82 7  Even if HTTPS has been used in all Internet connections, the above application still has security and other problems – HTTPS provides point-to-point security only. Hence the security after the Web server is not guaranteed (need end-to-end security) – Business Partner 1 can deny the messages it sent to Business Partner 2 since there is no proof about the originator of the messages (need non-repudiation) – There is no record of all transactions so there is no way to look for security problems after the fact (need auditing) – Since all incoming and outgoing messages need to encrypt, demand much CPU time from all servers
  • 8. 8/82 8 Internet  A message level security measure is required to provide not only point-to-point security but end-to-end security  Can be achieved by embedding security information in the SOAP message itself Web Services Gateway protected by HTTPS secure secure secure Secure Secure SOAP message credentials
  • 9. 9/82 9  To ensure interoperability, a standard to define new security elements in SOAP messages is needed  WS-Security specification covers a standard set of SOAP extensions that can be used when building secure Web services  It defines how to use and build upon existing security technologies (e.g. PKI, Kerberos, SSL, XML encryption, XML Digital Signature, etc.) for Web services  WS-Security specification was formalized in April 2002  More specifications have been added and consolidated by the OASIS consortium, a non-profit organization that drives the development of e-business standards  WS-Security v1.0 is an OASIS standard as of April 2004 which covers mainly the extension of SOAP messages
  • 10. 10/82 10 A Brief Review of Core Security Technologies  Common core technologies that are being used for security purpose include – Symmetric encryption – Asymmetric encryption – Hash function and digital signature – XML encryption – XML digital signature
  • 11. 11/82 11  Encryption – convert the data concerned into another form based on a key. Without the key, the data cannot be converted back to the original form  Symmetric – the same algorithm and key are used for both encryption and decryption (except for a slight rearrangement of the key)  Advantage – fast (compare with asymmetric algorithms)  Drawback – both encryption and decryption keys must remain secret  Interesting problem – how do you send your key to your partner securely?  Common symmetric encryption algorithms, DES, AES … Symmetric Encryption
  • 12. 12/82 12 Secret Key generator Sender Receiver Plain text message Cipher text message Plain text message The same key is used for both encryption and decryption
  • 13. 13/82 13  Asymmetric Encryption – different keys will be used for encryption and decryption  Usually one key is made known to public, the other key is kept secret  Advantage – solve the problem of distributing the key  Drawback – slower than symmetric algorithm  The most common asymmetric encryption algorithm, RSA, which is named after the three inventors, R. Rivest, A. Shamir and L. Adleman  Its security is based on the intractability of the factorization of large integers – what are the two factors of the number 8876044532898802067? Asymmetric Encryption
  • 14. 14/82 14 Asymmetric key pair generator Sender Receiver Plain text message Cipher text message Plain text message Different keys are used for encryption and decryption
  • 15. 15/82 15  Two common ways of using asymmetric encryption – Sender: public key. Receiver: private key To ensure the encrypted message (using the public key) can only be seen by a particular receiver (decrypted using the private key) – Sender: private key. Sender: public key If a recipient successfully decrypts a message encrypted with our public key, they know this message is sent by me Hence can be used for identifying the originator of the message
  • 16. 16/82 16 A hybrid approach – Digital Envelope Asymmetric key pair generator Sender Receiver Plain text message Plain text message Symmetric key generator Public key Private key Digital Envelope Cipher text message
  • 17. 17/82 17  Advantages: – Fast, since asymmetric encryption is applied only to a key, which is usually not so long in length – Secure, since we don’t need to send the symmetric key thru the network to the sender or receiver  SSL is an example that uses the above hybrid approach  Most of the security issues are solved with protocols based on combinations of symmetric encryption, asymmetric encryption, and hash functions
  • 18. 18/82 18  To ensure data integrity, an identifier needs to be sent with sender’s data to proof that the data have not been changed during transmission  To achieve non-repudiation, the identifier should further proof the source who generates the identifier  Based on the digital signature technique, a hash, or “digest" of the transmitted data is extracted and encrypted by a private key  The receiver extracts the encrypted digest and decrypted by a public key  The receiver uses the same algorithm to generate the digest of the data object & compare with the encrypted one  If they match, the data object is from the right source Hash Functions and Digital Signature
  • 19. 19/82 19 Data Object Hashing Algorithm Digest Private key of transmit entity Encrypted Digest Data Object Send to the receiver Digital signature Two important properties of the digest: • Given an input stream and its hash code, it is practically impossible to find a second stream with the same hash code • A small change to the original input stream produces a huge change in the hash code
  • 20. 20/82 20 Data Object Public key of transmit entity Hashing Algorithm If the digests match, the data object is from the right source Receive from the sender
  • 21. 21/82 21  Data integrity is ensured because if an attacker modifies the data object, the digests will not match  If an attacker tries to modify the data object as well as the digest, he will still fail because the attacker does not know the private key  Non-repudiation is achieved because if the receiver can decrypt the digest, the digest must be sent from the right source  In the above case, the data object is not encrypted. Anybody can read it  If the data object itself is considered as confidential, data encipherment can be applied to further encrypt the data object
  • 22. 22/82 22  The XML Encryption standard defines ways to encrypt all or part of an XML document  Encrypted info is replaced with a single <EncryptedData> element  Allow encrypting different parts of the same document with different keys  Allow encrypting the whole document, a single element, or just the text of an element XML Encryption
  • 23. 23/82 23  An <EncryptedData> element contains the following elements – <EncryptionMethods> The algorithm used to encrypted the data – <KeyInfo> Information about the key used to encrypt the data – <CipherData> Contain the actual encrypted data  W3C XML Encryption specifications were proposed by IBM, Microsoft and Entrust  Currently it is still a W3C recommendation. Details can be found in http://www.w3.org/Encryption Inside <EncryptedData>
  • 24. 24/82 24  The XML Digital Signature standard defines rules for creating a digital signature and storing that signature inside an XML document  The <Signature> element has 3 main parts – <SignedInfo> Information about what is signed (such as the algorithm used to generate the digest and the encryption algorithm) – <SignatureValue> The value of the digital signature itself – <KeyInfo> The public key used to verify the signature (optional)  Now a W3C recommendation (http://www.w3.org/Signature) XML Digital Signature
  • 25. 25/82 25 <S: Envelope xmlns:S=“http://schemas.xmlsoap.org/soap/envelope/”> <S:Header> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext”> <wsse:UsernameToken> ... </wsse:UsernameToken> <EncryptedKey xmlns="http://www.w3.org/2001/04/enc-enc-enc#"> ... </EncryptedKey> <Signature xmlns:"http://www.w3.org/2000/09/xmldsig#"> ... </Signature> </S:Header> Basic Syntax of WS-Security Authentication Confidentiality, adopt XML Encryption Integrity, adopt XML Digital Signature Define and use WS-Security namespace  <wsse:Security> is the “container” for security-related info  Place in the header means apply to the whole SOAP msg
  • 27. 27/82 27 WS-Security for Authentication – Security Token  WS-Security defines security tokens, which can contain various requestors’ claims (a declaration made by some entity) – e.g. a username and optional password, an X.506 certificate, or a Kerberos ticket  Basically there are two types of tokens: – UsernameToken and BinarySecurityToken  UsernameToken is the simplest one. Contain a mandatory username and optional password  BinarySecurityToken however contains encoded binary data that is suitable for storing X.509 certificate or Kerberos ticket
  • 28. 28/82 28 <S: Envelope xmlns:S=“http://schemas.xmlsoap.org/soap/envelope/”> <S:Header> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext” soapenv:mustUnderstand=“1”> <wsse:UsernameToken wsu:ID=“myToken”> <wsse:Username>danielLun</wsse:Username> <wsse:Password>passw0rd</wsse:Password> </wsse:UsernameToken> </wsse:Security> </S:Header> <S:Body> ... </S:Body> </S:Envelope> Requester provides the claim (username and password) to the server for validation. Server must understand this header or an error should be returned  Sending username and password in this way is obviously not secure.  Need to be used with WS-Security encryption to hide away both username and password The other part of the message can refer to this UsernameToken with this ID
  • 29. 29/82 29 <S: Envelope xmlns:S=“http://schemas.xmlsoap.org/soap/envelope/”> <S:Header> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext” soapenv:mustUnderstand=“1”> <wsse:BinarySecurityToken wsu:ID=“myToken” ValueType=“wsse:Kerberosv5ST” EncodingType=“wsse:Base64Binary> XIFNWZz99UUbalqIEmJZc0 ... </wsse:BinarySecurityToken> </wsse:Security> </S:Header> <S:Body> ... </S:Body> </S:Envelope> Specify that the binary data of Kerberos service ticket will be encoded using Base64 representation  Since any third party can take the ticket or certificate and include in their application, the ticket or certificate alone cannot serve as proof of possession Using Kerberos service ticket Kerberos ticket or x.509 certificate are also referred as signed security tokens since the data has been cryptographically signed by a specific authority
  • 30. 30/82 30 WS-Security for Confidentiality – Using XML Encryption  For WS-Security, there is no intention to create new methods but integrating the existing technologies to achieve security, e.g. XML Encryption  <EncryptedKey> element is placed in security header for implementing digital envelope – <EncryptionMethod> Algorithm for the encryption of the symmetric key – <KeyInfo> Identifier of a public key used for encryption, assume both the client and server understand the meaning of the identifier – <CipherData><CipherValue> Encrypted symmetric key value – <ReferenceList> List of <DataReference> to contents encrypted with this symmetric key
  • 31. 31/82 31 Asymmetric key pair generator Sender Receiver Plain text message Plain text message Symmetric key generator Public key Private key Digital Envelope Cipher text message
  • 32. 32/82 32 <S: Envelope xmlns:S=“http://schemas.xmlsoap.org/soap/envelope/”> <S:Header> <wsse:Security ...> <EncryptedKey xmlns=“http://www.w3.org/2001/04/xmlenc#”> <EncryptionMethod Algorithm = “http://www.w3.org/2001/04/xmlenc#rsa-1_5”> </EncryptionMethod> <KeyInfo xmlns=“http://www.w3.org/2000/09/xmlsig#”> <wsse:SecurityTokenReference> <wsse:KeyIdentifier>u3AA1M+DMOA1bX/vWJ ... </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </KeyInfo> <CipherData> <CipherValue>cdck0cWh94oF5xBoEm ... </CipherValue> </CipherData> <ReferenceList> <DataReference URI = “#myToken”> </DataReference> </ReferenceList> </EncryptedKey> Symmetric key is encrypted with RSA-1.5 algorithm using the public key as stated below The key identifier (not the key itself) of a public key The encrypted symmetric key The URI should be referred to when the symmetric key is used by other part of message
  • 33. 33/82 33 <S:Body> <po xmlns: ...> <wsse:Security ...> <EncryptedData xmlns=“http://www.w3.org/2001/04/xmlenc#” Id=“myToken” Type=“http://www.w3.org/2001/04/xmlenc#Content”> <EncryptionMethod Algorithm = “http://www.w3.org/2001/04/xmlenc#tripledes-cbc”> </EncryptionMethod> <CipherData> <CipherValue>Ew7Zggr8z3 ... </CipherValue> </CipherData> </EncryptedData> <shipTo> <company>The Skateboard Warehouse</company> <street>One Warehouse Park</street> <postalCode>01775</postCode> </shipTo> : </po> </S:Body> Using the symmetric key as mentioned in the header for encrypting this part The encryption algorithm is triple-DES, a symmetric encryption algorithm The original data is the credit card info of the customer, but now is replaced by a ciphered code The less sensitive part is sent to the server without encryption
  • 34. 34/82 34 WS-Security for Integrity and Non- repudiation – Using XML Digital Signature Data Object Hashing Algorithm Digest Private key of transmit entity Encrypted Digest Data Object Send to the receiver Digital signatureDigital signature
  • 35. 35/82 35 <S: Envelope xmlns:S=“http://schemas.xmlsoap.org/soap/envelope/”> <S:Header> <wsse:Security ...> <wsse:BinarySecurityToken wsu:ID=“myToken” ValueType=“wsse:X509v3” : </wsse:BinarySecurityToken> <Signature xmlns=“http://www.w3.org/2000/09/xmldsig#”> ... XML Digital Signature of body_id is placed here ... ... It is encrypted with a private key of which its ... public key counterpart is indicated in myToken ... </Signature> </wsse:Security> </S:Header> <S:Body xmlns:wsu= ... wsu:ID=“body_id”> ... </S:Body> </S:Envelope> • The X.509 certificate contains the public key of the client • Its private counterpart will be used to encrypt the digest for generating the signature • The certificate will be sent to server Namespace for XML Digital Signature which defines the element <Signature>
  • 36. 36/82 36 <Signature xmlns=“http://www.w3.org/2000/09/xmldsig#”> <SignedInfo> ... Indicate what is to be signed ... ... A digest of body_id is generated and placed here... ... Define the algorithms used to generate the digest.. : </SignedInfo> <SignatureValue> : ... The actual signature ... ... The digest of <SignedInfo> part will be generated ... and encrypted using the private key as implied ... in <KeyInfo> ... : </SignatureValue> <KeyInfo> : ... Indicate the security token, i.e. myToken in this case, ... which keeps a public key. Its private key counterpart ... will be used for encrypting the digest of <SignedInfo> : </KeyInfo> </Signature>
  • 37. 37/82 37 <KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI=“#myToken”></wsse:Reference> </wsse:SecurityTokenReference> </KeyInfo>  A security token is referring to in <KeyInfo>  The URI “myToken” indicates that the X.509 certificate defined at the beginning of SOAP message will be used  X.509 certificate contains much information about its owner, one of them is the public key  Its private key counterpart will be used to encrypt the digest
  • 38. 38/82 38  The target is signed rather indirectly in order to ensure both the target and the <SignedInfo> subtree will not be altered unnoticeably by the imposer  A digest of the target (i.e. the Body in this case) is generated and put into the <SignedInfo> subtree  The encrypted digest of the whole <SignedInfo> subtree is then generated and put into <SignatureValue> <S: Envelope ... > <S:Header> <wsse:Security ...> : <Signature ... > <SignedInfo> : </SignedInfo> <SignatureValue> : </SignatureValue> </Signature> </wsse:Security> </S:Header> <S:Body...> : </S:Body> </S:Envelope> Digest Encrypted Digest
  • 39. 39/82 39  Imposer cannot change the target (i.e. Body) unnoticeably since it will not match with the digest in <SignedInfo>  Imposer cannot change the body and the digest in <SignedInfo> together unnoticeably , since it will not match with the digest in <SignatureValue>  Imposer cannot change digest in <SignatureValue> since he does not have the private key <S: Envelope ... > <S:Header> <wsse:Security ...> : <Signature ... > <SignedInfo> : </SignedInfo> <SignatureValue> : </SignatureValue> </Signature> </wsse:Security> </S:Header> <S:Body...> : </S:Body> </S:Envelope> Digest Encrypted Digest
  • 40. 40/82 40 <SignedInfo> <CanonicalizationMethod Algorithm = “http://www.w3.org/2001/10/xml-exc-c14n#”/> <SignatureMethod Algorithm = “http://www.w3.org/2000/09/xmlsig#rsa-sha1”/> <Reference URI=“#body_id”> <Transforms> <Transform Algorithm = “http://w3.org/2001/10/xml-exc-c14n#”/> </Transforms> <DigestMethod Algorithm = “http://www.w3.org/2000/09/xmldsig#sha1”/> <DigestValue>Ojjw8nkT3jJoNN/Axsd ...</DigestValue> </Reference> </SignedInfo>  The <Body> is first transformed using the algorithm EXC-C14N into a canonical form  The digest of it is generated using an algorithm SHA1  The digest is stored in <DigestValue> element
  • 41. 41/82 41 <SignedInfo> <CanonicalizationMethod Algorithm = “http://www.w3.org/2001/10/xml-exc-c14n#”/> <SignatureMethod Algorithm = “http://www.w3.org/2000/09/xmlsig#rsa-sha1”/> <Reference URI=“#body_id”> : </Reference> </SignedInfo>  Before generating the digest of <SignedInfo>, it should first be converted into a canonical form using EXC-C14N canonicalization algorithm  The digest of <SignedInfo> is generated using the SHA1 algorithm and encrypted using RSA asymmetric encryption algorithm (hence RSA- SHA1)
  • 42. 42/82 42 Verification of the Digital Signature When the server receives the signed SOAP message, it should 1. generate the digest of the target (i.e. Body in this case) using the indicated algorithms (EXC-C14N and SHA1) 2. Compare with the one in <SignedInfo> 3. If match, decrypt the signature using the public key given in the security token 4. Extract the <SignedInfo> subtree of the SOAP message 5. Generate the digest of <SignedInfo> using the algorithms indicated (EXC-C14N and SHA1) 6. Compare the generated digest and the one in <SignatureValue>
  • 43. 43/82 43 WS-Security Implementation in WebSphere Client WebSphere App Server Requester App Provider App Handler Request Response Deployment Descriptor Handler Request Response Deployment Descriptor  The security functions required in the handlers are defined in the respective Deployment Descriptor  No need to add or change any code in the Java source  Allow a security manager to control and change all security options without interfering with developer tasks
  • 44. 44/82 44  WebSphere Studio makes it easy to add WS-Security to a Web service  Security Handler module can be added to contains the code for Web Service Security functions – Client’s Request Unit: SOAP request header construction Security token generation, digital signature generation or content encryption – Server’s Request Unit: SOAP request header processing Validate security tokens, set up security content, decrypt content or digital signature validation – Server’s Response Unit: SOAP response header construction Digital signature generation, content encryption – Client’s Response Unit: SOAP response header processing Decrypt content and digital signature validation
  • 45. 45/82 45 The Roadmap of WS-Security SOAPFoundat WS-SecurityLaye WS-SecureConversation WS-Federation WS-Authentication WS-Policy WS-Trust WS-Privacy Current Standards Specifications in progress
  • 46. 46/82 ThankThank You !!!You !!! For More Information click below link: Follow Us on: http://vibranttechnologies.co.in/websphere-classes-in-mumbai.html