Presentation is loading. Please wait.

Presentation is loading. Please wait.

Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC

Similar presentations


Presentation on theme: "Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC"— Presentation transcript:

1 Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC

2 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC2 Is Cryptography Relevant to Z39.50?  Authentication: identify users (and servers) internally.  Confidentiality: keep searches, responses (and users) secret to from others.  Integrity: prevent tampering with searches and responses.  Non-repudiation: prove the transactions.

3 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC3 Security Threats  Spoofing: Masquerading as one of the parties.  Eavesdropping: Snooping on traffic between parties.  Tampering: Forgery or modification of messages.  Repudiation: Denying the transaction.

4 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC4 Symmetric Encryption  A single common encryption key is used to encode and decode messages  Both sender and receiver must know the common key  The common key need to be exchanged beforehand by some other secure method  Symmetric encryption is simple and fast  But - key management is impractical with large number of senders and receivers!

5 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC5 Public-key Cryptography  Public-key (PK) encryption algorithms use pairs of matched (asymmetric) keys for encryption and decryption.  Each user has a Public key and a corresponding Private (secret) key  Public-key cryptography is used to exchange symmetric keys securely.  Public-keys are also used to validate digital signatures.

6 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC6 Public-key Usage  Alice creates a new symmetric session-key.  Alice encrypts the session-key by means of Bob’s public key.  Alice transmits the encrypted message containing the session-key to Bob.  Bob decrypts Alice’s message with the session- key by means of his private key.  Alice and Bob both encrypt and decrypt subsequent messages by means of the session-key.

7 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC7 Digital Signatures and Certificates  Sender”sign” messages by means of his private secret key.  Recipient verify the senders signature by means of the senders public key.  The senders identity is certified by means of a”Certificate” which is digitally signed by a trusted third party.

8 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC8 Secure Socket Layer (SSL)  SSL is a communication layer on top of TCP/IP  SSL is supported by current browsers  Browser request a copy of a HTTPS servers’ certificate  Browser verify identity of the server by checking the certificate and the digital signature  Browser create a symmetric session key

9 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC9 Secure Socket Layer cont.  Browser encrypt the session key by means of the HTTP servers public key and transmits the session key to the server  Session data is encrypted and decrypted both ways at both ends by means of the symmetric session key 

10 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC10 Z39.50 and Symmetric Keys  A new Z39.50 Init Request option may specify use of a symmetric encryption algorithm within a Z39.50 session  Symmetric encryption key must be exchanged outside of the Z39.50 protocol, e.g. based on a predefined user password  Only Z39.50 user data is encrypted – not protocol elements

11 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC11 Z39.50 and Symmetric Keys cont.  Encryption and decryption must be handled by Z39.50 server and client applications.  This solution require limited changes to Z39.50 toolkits in order to handle a new Init Request option.  Z39.50 servers and clients must be modified to encrypt- and decrypt data via passwords or other symmetric keys.

12 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC12 Z39.50 with Symmetric Keys Encryption Toolkit ZS-Client Application Z-Client Toolkit Encryption Toolkit ZS-Server Application Z-Server Toolkit Z39.50 Session

13 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC13 Z39.50 and SSL  Z39.50 over SSL offers a complete security solution  Transparent to Z39.50 server and z-client applications  Require no changes to the Z39.50 protocol  Require a compatible Z39.50 toolkit on both z- server and z-client that utilise a SSL library  May require key certificates on Z39.50 server

14 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC14 Z39.50 Over SSL Z-Client Application ZS-Client Toolkit SSL Toolkit Z-Server Application ZS-Server Toolkit SSL Toolkit Encrypted Z39.50 Session

15 ZIG July 2000 CryptoPoul Henrik Jørgensen, DBC15 Summary  Security is primarily relevant to identify Z39.50 users  Confidentiality of queries and presented data may also be an issue  SSL require Z39.50 SRPM toolkits to utilise SSL libraries, but is transparent to z-servers and clients  Simple symmetric keys may require modifications to Z39.50 protocol and to z-servers and clients


Download ppt "Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC"

Similar presentations


Ads by Google