Author: | Lui, Kan Alfred |
Title: | Web secure information exchange using SSL |
Degree: | M.Sc. |
Year: | 1999 |
Subject: | Internet -- Security measures Data encryption (Computer science) Hong Kong Polytechnic University -- Dissertations |
Department: | Multi-disciplinary Studies Department of Electronic Engineering |
Pages: | xiv, 186 leaves : ill. ; 31 cm |
Language: | English |
Abstract: | This report described what have been done in the dissertation. Internet security is a broad topic. The dissertation mainly concentrates on data security on Internet. It is divided into 3 parts. The first part is a study on the Internet security and the role of SSL in information protection. SSL provides encryption function to encrypt data flow across the network. The encryption uses a session key. Without the session key, data cannot be decrypted. The session key is exchanged between the web site and the user by public-key exchange algorithm. It is regarded as a secured method to exchange the session key. The whole process is automatically done by the web server and web browser. In addition, with the advent of digital certificates, web site and web users are certified by well-known authorities. By using digital signature, digital certificates cannot be faked. It gives confidence to Internet users to submit personal information to preferred web site and to purchase goods and to do banking transaction on-line. The second part is a study of SSL packets by simple server client communication between web server and web browser. The data packets of non-SSL message and SSL messages are captured by a network monitoring application. The SSL packets are then analyzed and compared with HTTP data packets that do not use SSL function. Communication procedures and overhead are taking into consideration. In addition, digital certificates are analyzed to see how it provides server identify and client authentication function. The analysis is mainly on SSL handshaking procedures. Packets are viewed in byte stream form. Public key can be found in the certificate. Private key is required to decrypt data message. However, data decryption is not a subject of this dissertation because different application stores the private key in different format and protects it with its own proprietary method. For software development, software developer kit vendors, like Microsoft, has provided API (Application Programming Interface) to handle key management, encryption and decryption processes and those algorithm are hidden from general software developers. Through the packet analysis, the SSL functionality is understood more in depth. The third part is a practical task. A simple education institute web site is setup with SSL functionality for student's access on Internet. By implementing client certificate authentication function, students can retrieve their own student record on the Internet without the requirement to input their own personal data to identify themselves. This eliminates the possibility of fake who has the student personal data on hand and entering the web site to make illegal action. The usage can be extended to student electronic payment, which is currently a hot topic in the city as the E-commerce with the SET technology. By studying on different books and by try-and-error, a simple web site is established. All the required components, the web server, certificate server and database are housed in a single machine. A student with an issued digital certificate can check its data stored in the institute database and also can submit a selection of teaching modules for next semester to the database through the web server. Through the mapping of digital certificate to user account of file systems, files access is easily controlled. During the dissertation, Microsoft software including Microsoft Internet Information Server and Certificate Server are used. They are free of charge and can be easily obtained from the Internet. They also provide easy integration with other application development tools, such as Microsoft FrontPage, Access database program. At last, the increase in Internet user and acceptance of on-line transactions, the people behavior in purchasing and financial transaction is changing. Hong Kong Government understands the important on Information Technology and in order to push the electronic commerce, she realizes that it is necessary to have our own Certificate Authority in HK. Then a CA will be established at the end of this year. |
Rights: | All rights reserved |
Access: | restricted access |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
b14792539.pdf | For All Users (off-campus access for PolyU Staff & Students only) | 10.27 MB | Adobe PDF | View/Open |
Copyright Undertaking
As a bona fide Library user, I declare that:
- I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
- I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
- I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.
Please use this identifier to cite or link to this item:
https://theses.lib.polyu.edu.hk/handle/200/158