Presentation is loading. Please wait.

Presentation is loading. Please wait.

Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC

Published byRudy Boyden Modified over 9 years ago

Similar presentations

Presentation on theme: "Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC"— Presentation transcript:

1 Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, mailto:phj@dbc.dkmailto:phj@dbc.dk DBC www.dbc.dkwww.dbc.dk

2 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC2 Is Cryptography Relevant to Z39.50?  Authentication: identify users (and servers) internally.  Confidentiality: keep searches, responses (and users) secret to from others.  Integrity: prevent tampering with searches and responses.  Non-repudiation: prove the transactions.

3 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC3 Security Threats  Spoofing: Masquerading as one of the parties.  Eavesdropping: Snooping on traffic between parties.  Tampering: Forgery or modification of messages.  Repudiation: Denying the transaction.

4 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC4 Symmetric Encryption  A single common encryption key is used to encode and decode messages  Both sender and receiver must know the common key  The common key need to be exchanged beforehand by some other secure method  Symmetric encryption is simple and fast  But - key management is impractical with large number of senders and receivers!

5 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC5 Public-key Cryptography  Public-key (PK) encryption algorithms use pairs of matched (asymmetric) keys for encryption and decryption.  Each user has a Public key and a corresponding Private (secret) key  Public-key cryptography is used to exchange symmetric keys securely.  Public-keys are also used to validate digital signatures.

6 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC6 Public-key Usage  Alice creates a new symmetric session-key.  Alice encrypts the session-key by means of Bob’s public key.  Alice transmits the encrypted message containing the session-key to Bob.  Bob decrypts Alice’s message with the session- key by means of his private key.  Alice and Bob both encrypt and decrypt subsequent messages by means of the session-key.

7 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC7 Digital Signatures and Certificates  Sender”sign” messages by means of his private secret key.  Recipient verify the senders signature by means of the senders public key.  The senders identity is certified by means of a”Certificate” which is digitally signed by a trusted third party.

8 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC8 Secure Socket Layer (SSL)  SSL is a communication layer on top of TCP/IP  SSL is supported by current browsers  Browser request a copy of a HTTPS servers’ certificate  Browser verify identity of the server by checking the certificate and the digital signature  Browser create a symmetric session key

9 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC9 Secure Socket Layer cont.  Browser encrypt the session key by means of the HTTP servers public key and transmits the session key to the server  Session data is encrypted and decrypted both ways at both ends by means of the symmetric session key  http://developer.netscape.com/tech/security/ssl/howitworks.html

10 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC10 Z39.50 and Symmetric Keys  A new Z39.50 Init Request option may specify use of a symmetric encryption algorithm within a Z39.50 session  Symmetric encryption key must be exchanged outside of the Z39.50 protocol, e.g. based on a predefined user password  Only Z39.50 user data is encrypted – not protocol elements

11 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC11 Z39.50 and Symmetric Keys cont.  Encryption and decryption must be handled by Z39.50 server and client applications.  This solution require limited changes to Z39.50 toolkits in order to handle a new Init Request option.  Z39.50 servers and clients must be modified to encrypt- and decrypt data via passwords or other symmetric keys.

12 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC12 Z39.50 with Symmetric Keys Encryption Toolkit ZS-Client Application Z-Client Toolkit Encryption Toolkit ZS-Server Application Z-Server Toolkit Z39.50 Session

13 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC13 Z39.50 and SSL  Z39.50 over SSL offers a complete security solution  Transparent to Z39.50 server and z-client applications  Require no changes to the Z39.50 protocol  Require a compatible Z39.50 toolkit on both z- server and z-client that utilise a SSL library  May require key certificates on Z39.50 server

14 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC14 Z39.50 Over SSL Z-Client Application ZS-Client Toolkit SSL Toolkit Z-Server Application ZS-Server Toolkit SSL Toolkit Encrypted Z39.50 Session

15 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC15 Summary  Security is primarily relevant to identify Z39.50 users  Confidentiality of queries and presented data may also be an issue  SSL require Z39.50 SRPM toolkits to utilise SSL libraries, but is transparent to z-servers and clients  Simple symmetric keys may require modifications to Z39.50 protocol and to z-servers and clients www.portia.dk/zigjuly2000/z3950crypto.htm

Download ppt "Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
CP3397 ECommerce.

CP3397 ECommerce.
Presentation 5: Security Internetteknologi 2 (ITNET2)

Presentation 5: Security Internetteknologi 2 (ITNET2)
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.

Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.

Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)

6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Similar presentations

Ads by Google