WWW: Beyond the Basics

18. WWW Security

18.1. Introduction

The expansion of the Internet and the World Wide Web has allowed more people to have access to more and more information. At the same time, the ability to keep information private has become an important issue. It is vital for businesses that want to protect proprietary and other sensitive information, for individuals who want to protect their privacy and for electronic commerce. Encryption is one of the most effective tools for keeping the information secure.

Cryptography has a long history but for a long time only the government and the military were the users of the cryptographic systems. This has changed in the recent years. Today, more and more civil organizations and individuals are using cryptography to protect information. There are several reasons for this. First, the equipment for encryption/decryption (i.e. the computer) has become affordable. Second, more and more information is stored on computers and, this has changed the ways information is stored, transmitted and accessed. Next, because of the complexity of the communication systems, the users do not have complete control over the transmission channels. This is why users are looking for tools that allow secure communication over insecure channels. Finally, cryptography as a science has got the attention of the civilian sector and important theoretical results and products are available to the public.

There are many security challenges in building safe communication and collaboration. Typical security problems are:

  1. Authentication:
  2. Eavesdropping:
  3. Authorization:

The topic of Internet security is a very large one. Because WWW operates at the highest level (application) in the OSI open system model, all the security problems in the lower levels of the OSI model (data link, network, transport) are potential sources of security risk in the WWW too. For example, the fact that the naming resolution protocol (Domain Name System - DNS) is insecure makes the WWW system vulnerable to the same attacks. The extent to which this chapter covers security is limited. The goal is to present the basic elements of cryptography used in achieving security in the Internet in general, and in WWW in particular. The chapter also presents an example (the Secure Sockets Layer) of how these algorithms are applied.

[PREV][NEXT][UP][HOME][VT CS]

Copyright © 1996 Calin Groza, All Rights Reserved

Calin Groza <cgroza@cs.vt.edu>
Last modified: Dec. 16 12:00 1996