ZuoTi.Pro
Question

Describe how SSL/TLS works. Address issues such as the different key establishment mechanisms and the role...

Describe how SSL/TLS works. Address issues such as the different key establishment mechanisms and the role that certificates play. Also mention their Construction of the Algorithm (if applicable) , Security/ Attacks , Efficiency (if applicable) and Application

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

SSL- Secure Socket Layer : It's a networking protocol used for securing the connections between web servers and web clients over an insecure system/network,like the web/internet.

TLS- Transport Layer System is a better and upgraded version of Secure Socket Layer and it's more secure.

SSL/TLS works:

The fundamental standard is that when SSL certificate is installed on the server,and browser is connected to it, then the the SSL certificate present triggers the SSL/TLS standard/protocol that encrypts the information which is sent between the server and the client(browser).

SSL works straightforwardly over the TCP, successfully filling in as a security cover. It permits higher convention layers to stay unaltered while as yet providing secure connection. Such that the other protocols can work properly under the SSL layer  So underneath the SSL layer, the other convention layers can work as ordinary.

The different key establishment mechanisms and the role that certificates play:

In TLS, all security begins with an identity of cryptographic server; a solid private key is expected to keep attackers from doing pantomime attacks. Similarly critical is to have a legitimate and solid authentication, that gives the private key the privilege to speak to a specific hostname. If an SSL certificate(authentication) is being utilized accurately, an attacker can only see which port and IP are connected and generally how much information is being sent. They might can terminate the connection however both the server and client will almost certainly tell this hosts been finished by a third party. Thus, no information can be intercepted by them that makes it basically an ineffectual step.

Construction of the Algorithm (if applicable) , Security/ Attacks , Efficiency (if applicable) and Application:

  • RSA algorithm: It can be used within TLS protocol/standard for key exchange and authentication. It's an asymmetric encryption cipher. it makes use of two keys which are related mathematically such that the content which is encrypted by 1 key can be decrypted only by the other key
  • Diffie-Hellman Key Exchange: this algorithm permits 2 parties(unknown to each other), to exchange a key securely, despite the third-party might be noticing all the communications. The key feature is that it doesn't encrypts the data in actual but each party creates the same key on the basis of exchange of an unencrypted data.
0 0
Add a comment
Know the answer?
Add Answer to:
Describe how SSL/TLS works. Address issues such as the different key establishment mechanisms and the role...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • Need explanation so i can write the reasearch on it Authenticated encryption mode GCM 1) Detail...

    Need explanation so i can write the reasearch on it Authenticated encryption mode GCM 1) Detail overview of the mode with details including its authors, date of publication. 2) what problems it was designed to solve 3)Also, try to find and cite one or more application protocols or cryptographic libraries in which the chosen mode has been implemented 4) Describe in detail how the mode works (use our hypothetical communicators, Alice and Bob, going through the procedures of message construction,...

  • CASE 17: WATSON’S AMBULATORY EHR TRANSITION Major theme: System acquisition Primary care physicians play a key...

    CASE 17: WATSON’S AMBULATORY EHR TRANSITION Major theme: System acquisition Primary care physicians play a key role in the U.S. health care delivery system. These providers integrate internal and external information with their clinical knowledge to determine the patient’s treatment options. An effective ambulatory electronic health record (EHR) is critical to supply physicians with the information they need to provide quality care and maximize their efficiency. This case involves the decision-making process to replace an inadequate EHR system in a...

  • IT's About Business 4.1 The Heartbleed Bug What Is Heartbleed? OpenSSL, an open-source software package, is...

    IT's About Business 4.1 The Heartbleed Bug What Is Heartbleed? OpenSSL, an open-source software package, is a popular type of transport layer security (TLS) software (discussed later in this chapter) that secures numerous websites around the world. Web servers use OpenSSL to encrypt sites. Such sites show up in browsers with a “lock” icon and the “https” prefix in the address bar. The encryption protects Internet sites offering banking, shopping, email, and other private communications. Roughly two out of three...

  • Explain what enterprise resource planning (ERP) systems. Outline several of their key characteristics. Describe in reasonable...

    Explain what enterprise resource planning (ERP) systems. Outline several of their key characteristics. Describe in reasonable detail how a company leverages an ERP system and how its operations are improved after installing an ERP system like SAP. Explain how a supply chain management system helps an organization make its operations more efficient What is Upstream and Downstream management of the supply chain? Explain the concept of “Supply Network”, its benefits, and how technology made this concept available Explain the difference...

  • TRUE/FALSE QUESTIONS:  Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for...

    TRUE/FALSE QUESTIONS:  Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program. 2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values. 3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC)...

  • A new version of the operating system is being planned for installation into your department’s production...

    A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

  • i have the case study question with the answers but i need help to re-write the...

    i have the case study question with the answers but i need help to re-write the answers. please see the attached files Case Study Analysis (CSF3003) Assessment Description and Requirements CLO1: Case Study 1 Ahmad lef home to study master and PhD in Australia. He has fees for the first semester only. After he arrived to Sydney and settled down, he start looking for a part-time job to save money for the next term. Ahmad has some experience on making...

  • Below is the information: It is important to understand the different leadership styles employed by nursing...

    Below is the information: It is important to understand the different leadership styles employed by nursing leaders in healthcare organizations and to understand their significance on nursing practice and patient outcomes, for better or for worse. Objective: Read the articles from Nursing Standard (PDF) and Bradley University (PDF). In -250 words, formulate an opinion on the following: 1. Reflect on an occasion where you experienced ineffective leadership (doesn't have to be in the hospital). What behaviors did they display? What...

  • Q.3\ How could IT/e-banking assist an organization/ a bank to achieve a competitive advantage in the...

    Q.3\ How could IT/e-banking assist an organization/ a bank to achieve a competitive advantage in the marketplace? Explain through the case of Citibank. please make sure you give a unique answer (not copied one) ,Please no hand writing, and need references. This question is from ECOM 421 e-Business Strategies and Business Models course e-Business Strategy and Models in Banks : Case of Citibank E-business strategy in Citibank: Banks today are up-to-date with both the pros and cons of the internet....

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT