PLS ATTEMpT ALL QUESTIONS WITH NO PLAGIARISM The security provided by SSL to sec

Question

PLS ATTEMpT ALL QUESTIONS WITH NO PLAGIARISM

The security provided by SSL to secure a web session depends, partially, on the handling of the underlying public-key certificates.
(a) Explain how an SSL client can determine whether a server that they are communicating with has supplied them with a valid public-key certificate during the SSL Handshake Protocol.
(b) A university department decides to self-sign a public-key certificate for its own web server. What might go wrong when a prospective student tries to establish an SSL-protected connection with the departmental web server?
(c) A local government office decides to use a third-party payment provider to process payments for electronic services offered through the government website. What might go wrong when a local resident tries to make a secure payment from the government website using SSL?
(d) Comment on the extent to which you think that the way in which current web browsers manage certificate problems that arise during SSL sessions is effective.

Explanation / Answer

a) SSL client determines that the server they are communicating has supplied them with valid public key during handshake protocol by server's certificate which is sent by the server after initial SSL client message and server response to it(which contains server certificate) the client matches the server's name in the certificate by existing one which it enquires about. If you the match occurs then client server request takes place which is server's authentication request for the client (which is essential to be signed by the client for secure connection) that identifies the identity of the client by the server.

b) A university department's self signed public key certificate for its own Server may go wrong when student (client) forgets or enter wrong private key provided to him by university, as public key encrypts and private key decrypt the message. And it might be possible that the device may be outdated or certificate signed by the student device has been expired.

c) As we know, in SSL layer http and https are treated identically, the third party ( which are usually banks ) are subject to internal and external attacks . During the transaction the server holds the sensitive information of client and attacker can take hold on the data, as the bank underattack don't have adequate control over their systems. Also ,the third party don't have their own service providers(internet) and the information is passed through the service provider every time and when service provider fails to update its technology time to time then also the attacker can have access to the sensitive data, thus client transaction can be compromised,etc.

d) The ways current web browses manage certificate problem arises during SSL session is effective:

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.