Short note on Secure Sockets Layer SSL (Secure Sockets Layer)

-

Secure Sockets Layer SSL (Secure Sockets Layer)

  • It is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook). 
  • It is used by most companies to provide security and privacy and establishes a secure session between a browser and a server. 
  • A channel is the two way-way communication stream established between the browser and the server, and the definition of channel security indicates three basic requirements: 
         - The channel is reliable. 
       -  The channel is private. 
           - The channel is authenticated.
  • This encryption is preceded by a ‘data handshake’ and has two major phases: The first phase is used to establish private communication and uses the key-agreement algorithm. The second phase is used for client authentication.

 Limits of SSL: 
  • While the possibility is very slight, successful cryptographic attacks made against these technologies can render SSL insecure. 
  • A downside of both SSL and SET protocols is that they both require to use of cryptographic algorithms that place a significant load on the computer systems involved in commerce transactions. 
  • There is no additional server cost for the low and medium e-commerce applications to support SET over SSL.


ROLES OF SSL IN E-COMMERCE

  •  To secure online credit card transactions. 
  • To secure system logins and any sensitive information exchanged online. 
  • To secure webmail and applications like Outlook Web Access, Exchange, and Office Communications Server. 
  • To secure workflow and virtualization applications like Citrix Delivery Platforms or cloud-based computing platforms. 
  • To secure the connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange. 
  • To secure the transfer of files over HTTPS and FTP(s) services such as website owners updating new pages to theirs. 
  • To secure intranet-based traffic such as internal networks, file sharing, extranets, and database connections. 
  • To secure network logins and other network traffic with SSL VPNs such as VPN Access Servers or applications like the Citrix Access Gateway. 

                                           OR,
 Secured Socket Layer

  • SSL is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Gmail).
  •  It is a TCP-based transport layer security service developed by Netscape. 
  • Two important SSL concepts are 1. SSL Connection and 2. SSL session.
  • The session is an association between the Client and a server created by using handshake Protocol i.e. TCP. 
  • Connection is a type of transport service that is transient, peer-to-peer, and associated with one session. 
  • Version 3.1 of SSL Protocol was designed with the public review & industry inputs and it subsequently became internet standard known as TLS (Transport Layer Security). 
  • TLS is the standardized (on the Internet Engineering Task Force—IETF— level) version of SSL. TLS is also referred to as SSL version 3.1, whereas the most commonly used SSL version is 3.0.
  •  Both protocols can provide the following basic security services: 
  • Mutual authentication: Verifies the identities of both the server and client through exchange and validation of their digital certificates. 
  • Communication privacy: Encrypts information exchanged between secure servers and secure clients using a secure channel. 
  • Communication integrity: Verifies the integrity of the contents of messages exchanged between client and server, which ensures that messages haven’t been altered en route.


    •  

 Sample Scenario Example 
  •  Here’s an example of an environment using SSL/TLS. When you use the Internet for online banking, it’s important to know that your Web browser is communicating directly and securely with your bank’s Web server. 
  • Your Web browser must be able to achieve Web server authentication before a safe transaction can occur. That is, the Web server must be able to prove its identity to your Web browser before the transaction can proceed. 
  •  Microsoft IE uses SSL to encrypt messages and transmit them securely across the Internet, as do most other modern Web browsers and Web servers. Prepared by Hem Sagar Pokhrel, Lecturer E-Commerce, Prime College

Comments

Post a Comment

Popular posts from this blog

Suppose that a data warehouse consists of the three dimensions time, doctor, and patient, and the two measures count and charge, where a charge is the fee that a doctor charges a patient for a visit. a) Draw a schema diagram for the above data warehouse using one of the schemas. [star, snowflake, fact constellation] b) Starting with the base cuboid [day, doctor, patient], what specific OLAP operations should be performed in order to list the total fee collected by each doctor in 2004? c) To obtain the same list, write an SQL query assuming the data are stored in a relational database with the schema fee (day, month, year, doctor, hospital, patient, count, charge)

-
Image
Solution: a) Star Schema is shown in the figure below: b) First, we should use the roll-up operation to get the year 2004(rolling-up from the day then month to a year). After getting that, we need to use the slice operation to select (2004). Second, we should use roll-up operation again to get all patients. Then, we need to use the slice operation to select (all). Finally, we get a list of the total fee collected by each doctor in 2004. So, 1. roll up from day to month to year 2. slice for year = “2004” 3. roll up on patient from the individual patient to all 4. slice for patient = “all” 5. get the list of the total fees collected by each doctor in 2004 c) Select doctor, Sum(charge) From fee Where year = 2004 Group by doctor
Read more

Suppose that a data warehouse consists of the four dimensions; date, spectator, location, and game, and the two measures, count and charge, where charge is the fee that a spectator pays when watching a game on a given date. Spectators may be students, adults, or seniors, with each category having its own charge rate. a) Draw a star schema diagram for the data b) Starting with the base cuboid [date; spectator; location; game], what specific OLAP operations should perform in order to list the total charge paid by student spectators at GM Place in 2004?

-
Image
  b) The specific OLAP operations to be performed are: 1. Roll-up on date from date id to year. 2. Roll-up on spectator from spectator id to status. 3. Roll-up on location from location id to location name. 4. Roll-up on the game from game id to all. 5. Dice with status= “students”, location name= “GM Place”, and year=2004
Read more

Suppose that a data warehouse for Big-University consists of the following four dimensions: student, course, semester, and instructor, and two measures count and avg_grade. When at the lowest conceptual level (e.g., for a given student, course, semester, and instructor combination), the avg_grade measure stores the actual course grade of the student. At higher conceptual levels, avg_grade stores the average grade for the given combination. a) Draw a snowflake schema diagram for the data warehouse. b) Starting with the base cuboid [student, course, semester, instructor], what specific OLAP operations (e.g., roll-up from semester to year) should one perform in order to list the average grade of CS courses for each BigUniversity student. c) If each dimension has five levels (including all), such as “student < major < status < university < all”, how many cuboids will this cube contain (including the base and apex cuboids)?

-
Image
a) A Snowflake Shema is shown in figure below: b) The specific OLAP operations to be performed: 1. Roll-up on course from course_id to department. 2. Roll-up on a student from student_id to university. 3. Dice on course, student with department ="CS" and university = "biguniversity" 4. Drill-down on a student from the university to student_name. c) N = 4 dimensions The cube will contain 54 = 625 cuboids.
Read more