Secure Sockets Layer

Loading...

Del curso dictado por New York University Tandon School of Engineering

Cyber Attack Countermeasures

202 calificaciones

New York University Tandon School of Engineering

Cyber Attack Countermeasures

202 calificaciones

Curso 2 de 4 en SpecializationIntroduction to Cyber Security

This course introduces the basics of cyber defense starting with foundational models such as Bell-LaPadula and information flow frameworks. These underlying policy enforcements mechanisms help introduce basic functional protections, starting with authentication methods. Learners will be introduced to a series of different authentication solutions and protocols, including RSA SecureID and Kerberos, in the context of a canonical schema. The basics of cryptography are also introduced with attention to conventional block ciphers as well as public key cryptography. Important cryptographic techniques such as cipher block chaining and triple-DES are explained. Modern certification authority-based cryptographic support is also discussed and shown to provide basis for secure e-commerce using Secure Sockets Layer (SSL) schemes.

De la lección

Overview of Public Key Cryptographic Methods

This module introduces the basics of public key cryptography including an overview of SSL and CA applications.

Assignments and Reading2:56

CBC Mode Block Cryptography4:53

Conventional Cryptography Scaling Issues4:47

Public Key Crypto (Basics)5:10

Public Key – Secrecy4:31

Public Key – Digital Signature3:28

Cryptographic Message Exchange5:39

Diffie-Hellman Key Exchange7:32

Key Distribution and Certification Authority10:04

Secure Sockets Layer6:56

The Story of James Ellis and Clifford Cox10:06

Welcome Franscis Cianfrocca16:46

Conoce a los instructores

Dr. Edward G. Amoroso
Research Professor, NYU and CEO, TAG Cyber LLC
Computer Science

Hi folks, Ed Amarossa here.

And I want to talk to you in this video about secure-sockets layer, SSL and

the problem of getting a public key from a CA, so

that I can decrypt a certificate that I've received from, say,

a commerce site that has a certificate signed by the CA using its secret key.

Boy is that a mouthful, right?

If you understood that, that's pretty good.

I'm always surprised that I can say it without getting it all jumbled up, but

here's the idea.

You've just received the certificate from wesellawesomesneakersontheinternet.com.

And it says, hey, we want you to buy our sneakers.

Look here's a certificate.

Embedded in the certificate is that website's public key,

which you can now use to send credit card information over, but to somehow get that,

I have to decrypt the public key of the CA who signed that cert.

Now, the solution to this is also just about as elegant as you can imagine, but

it was invented by a company, a fledgling company in the 90s, called Netscape.

Now, if you share a generation with me, you think of Netscape as the first

browser, as the brainchild of Marc Andreessen, who is now probably the most

famous venture capitalist in Silicon Valley, just an amazing person.

But back in the day, Netscape was a small company that was figuring out its ways and

figuring out how to make money with browsing.

And their idea, in my mind, is one of the great contributions to e-commerce,

in fact, we would have no Amazon, no online selling without the following idea.

Here's what Marc Andreessen's team came up with.

They said, your browser somehow needs the public key of that CA.

Because if it has a public key of the CA, it could decrypt the cert.

But I don't want users to have to go get the cert.

I'd rather go get the public key.

I don't want to be buying a book, and

then have to go get the public key of the store that I'm buying the book from.

Here's what they said, and again, so genius.

And if you see this theme of simple,

clean, elegant concepts moving things forward, then you got the right idea.

And here's what Marc Andreessen and the team said.

They said, you've gotta download a browser, right?

Everybody has to download a browser.

So we will put the public keys, burn them in to your browser.

How cool is that?

You download the browser.

The browser has all the public keys through prearrangement between the CAs and

the browser companies to put them in there.

And to the degree that you trust the download from Netscape or

from Microsoft or from Google or wherever,

if you trust the download, embedded in that, will be a frequently updated

list of valid certification authorities that they've gone off and checked.

It's a closed loop.

Your mom, your friend, you, whatever,

you want to go buy something on the Internet, you download a browser.

You're using the browser.

It's got public keys in there for CAs.

I go to wesellawesomesneakersontheinternet.com

I say, I want to buy this, and he goes, great.

Sends me a certificate, its got their public key.

The certificate is signed by a CA.

My browser does a look up, finds it.

Wow, that's a valid CA.

I have the public key.

I decrypt the certificate.

I get the public key.

I send the credit card information.

And we have the world we live in today.

That's it, that's how it works.

That's why you don't have to do anything to buy something securely on the Internet.

It's like magic.

Now, for some of you with a little bit more experience, and

you're thinking about this, you're going wait a minute, Ed.

There's a lot of problems here.

How do I know the CA is valid?

And how do I know they did a good deal with the browser?

You're right, there's no question that that's an issue.

There's a lot of little seams in the way these things work.

But for the most part, you've gone from no assurance to pretty solid assurance here.

I think you gotta admit that this is a closed loop in

the sense that it provides a means for

me to get my credit card to you without having to go off and look around for

keys, and search a directory or ask somebody for a public key.

I don't have to do any of that.

As long as I download the browser, I have pretty much everything I need.

And I don't need to be a technical person.

I don't need to go to a key exchange party.

I don't need, sort of,

a gear head to accomplish the kinds of things that you see on the Internet.

Now, contrast this with email.

Where I'll bet you, you and I, whoever you are watching me,

right now, I'll bet you, we couldn't send secure email to

each other without doing a bunch of work, because the infrastructure is not there.

But if you go off and set up a website and

get a certificate then I can buy something for you, and we don't have to meet.

I don't need to know who you are.

We don't ever have to meet.

I can come and use a standard protocol.

Why is it that security commerce it's all worked out, email it's not?

I think it's just because the financial model is better for security commerce,

that's the reason.

And I wish I could give you a better computer science reason but there isn't.

Its just the reason that's been put together

is because there's such a wonderful business model there.

Nothing evil about that at all, you just need to understand that as a technologist.

A lot of you are probably fledgling entrepreneurs.

Maybe you're thinking about starting a company.

The bottom line is having great technology's going to be important, but

luck and business models, and hitting things at the right time and

knowing what you're doing from a business perspective may be just as important.

Give Marc Andreessen a lot of credit.

We think of him as a great entrepreneur, venture capitalist, but

I think the contributions of that he and his team at Netscape made, in and

around secure-sockets layer, is one of the great contributions of cybersecurity.

So I hope you've enjoyed this.

In the next video,

I'm going to tell you a story that's going to really seem kind of interesting.

I hope if you have some free time, you'll go right onto the next one and

look at our discussion of James Alice and Clifford Cox and some of the real

origins of public e-cryptography that I bet you never heard of.

I'll see you in the next one.

Explora nuestro catálogo

Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.

Coursera brinda acceso universal a la mejor educación del mundo, al asociarse con las mejores universidades y organizaciones, para ofrecer cursos en línea.

© 2019 Coursera Inc. Todos los derechos reservados.

Descargar en la App Store

Consíguelo en Google Play