Z39'50 and Cryptography - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Z39'50 and Cryptography

Description:

Both sender and receiver must know the common key ... Simple symmetric keys may require modifications to Z39.50 protocol and to z-servers and clients ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 16
Provided by: poulhenri
Learn more at: http://www.loc.gov
Category:
Tags: cryptography | keys | z39

less

Transcript and Presenter's Notes

Title: Z39'50 and Cryptography


1
Z39.50 and Cryptography
  • ZIG July 13th 2000
  • Poul Henrik Jørgensen, mailtophj_at_dbc.dk
  • DBC www.dbc.dk

2
Is Cryptography Relevant to Z39.50?
  • Authentication identify users (and servers)
    internally.
  • Confidentiality keep searches, responses (and
    users) secret to from others.
  • Integrity prevent tampering with searches and
    responses.
  • Non-repudiation prove the transactions.

3
Security Threats
  • Spoofing Masquerading as one of the parties.
  • Eavesdropping Snooping on traffic between
    parties.
  • Tampering Forgery or modification of messages.
  • Repudiation Denying the transaction.

4
Symmetric Encryption
  • A single common encryption key is used to encode
    and decode messages
  • Both sender and receiver must know the common key
  • The common key need to be exchanged beforehand by
    some other secure method
  • Symmetric encryption is simple and fast
  • But - key management is impractical with large
    number of senders and receivers!

5
Public-key Cryptography
  • Public-key (PK) encryption algorithms use pairs
    of matched (asymmetric) keys for encryption and
    decryption.
  • Each user has a Public key and a corresponding
    Private (secret) key
  • Public-key cryptography is used to exchange
    symmetric keys securely.
  • Public-keys are also used to validate digital
    signatures.

6
Public-key Usage
  • Alice creates a new symmetric session-key.
  • Alice encrypts the session-key by means of Bobs
    public key.
  • Alice transmits the encrypted message containing
    the session-key to Bob.
  • Bob decrypts Alices message with the session-key
    by means of his private key.
  • Alice and Bob both encrypt and decrypt subsequent
    messages by means of the session-key.

7
Digital Signatures and Certificates
  • Sendersign messages by means of his private
    secret key.
  • Recipient verify the senders signature by means
    of the senders public key.
  • The senders identity is certified by means of
    aCertificate which is digitally signed by a
    trusted third party.

8
Secure Socket Layer (SSL)
  • SSL is a communication layer on top of TCP/IP
  • SSL is supported by current browsers
  • Browser request a copy of a HTTPS servers
    certificate
  • Browser verify identity of the server by checking
    the certificate and the digital signature
  • Browser create a symmetric session key

9
Secure Socket Layer cont.
  • Browser encrypt the session key by means of the
    HTTP servers public key and transmits the session
    key to the server
  • Session data is encrypted and decrypted both ways
    at both ends by means of the symmetric session
    key
  • http//developer.netscape.com/tech/security/ssl/ho
    witworks.html

10
Z39.50 and Symmetric Keys
  • A new Z39.50 Init Request option may specify use
    of a symmetric encryption algorithm within a
    Z39.50 session
  • Symmetric encryption key must be exchanged
    outside of the Z39.50 protocol, e.g. based on a
    predefined user password
  • Only Z39.50 user data is encrypted not protocol
    elements

11
Z39.50 and Symmetric Keys cont.
  • Encryption and decryption must be handled by
    Z39.50 server and client applications.
  • This solution require limited changes to Z39.50
    toolkits in order to handle a new Init Request
    option.
  • Z39.50 servers and clients must be modified to
    encrypt- and decrypt data via passwords or other
    symmetric keys.

12
Z39.50 with Symmetric Keys
Encryption Toolkit
Encryption Toolkit
ZS-Client Application
ZS-Server Application
Z-Client Toolkit
Z-Server Toolkit
Z39.50 Session
13
Z39.50 and SSL
  • Z39.50 over SSL offers a complete security
    solution
  • Transparent to Z39.50 server and z-client
    applications
  • Require no changes to the Z39.50 protocol
  • Require a compatible Z39.50 toolkit on both
    z-server and z-client that utilise a SSL library
  • May require key certificates on Z39.50 server

14
Z39.50 Over SSL
Z-Client Application
Z-Server Application
ZS-Client Toolkit
ZS-Server Toolkit
Encrypted Z39.50 Session
SSL Toolkit
SSL Toolkit
15
Summary
  • Security is primarily relevant to identify Z39.50
    users
  • Confidentiality of queries and presented data may
    also be an issue
  • SSL require Z39.50 SRPM toolkits to utilise SSL
    libraries, but is transparent to z-servers and
    clients
  • Simple symmetric keys may require modifications
    to Z39.50 protocol and to z-servers and clients
  • www.portia.dk/zigjuly2000/z3950crypto.htm
Write a Comment
User Comments (0)
About PowerShow.com