6.3 Consider the following threats to Web security and describe how each is countered by a particular feature of SSL. a. Brute-Force Cryptanalytic Attack: An exhaustive search of the key space for a conventional encryption algorithm. b. Known Plaintext Dictionary Attack: Many messages will contain predictable plaintext, such as the HTTP GET command. An attacker constructs a dictionary containing every possible encryption of the known-plaintext message. When an encrypted message is intercepted, the attacker takes the portion containing the encrypted known

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question
6.3 Consider the following threats to Web security and
describe how each is countered by a particular feature of
SL.
a. Brute-Force Cryptanalytic Attack: An exhaustive
search of the key space for a conventional
encryption algorithm.
b. Known Plaintext Dictionary Attack: Many
messages will contain predictable plaintext, such
as the HTTP GET command. An attacker
constructs a dictionary containing every possible
encryption of the known-plaintext message. When
an encrypted message is intercepted, the attacker
takes the portion containing the encrypted known
Transcribed Image Text:6.3 Consider the following threats to Web security and describe how each is countered by a particular feature of SL. a. Brute-Force Cryptanalytic Attack: An exhaustive search of the key space for a conventional encryption algorithm. b. Known Plaintext Dictionary Attack: Many messages will contain predictable plaintext, such as the HTTP GET command. An attacker constructs a dictionary containing every possible encryption of the known-plaintext message. When an encrypted message is intercepted, the attacker takes the portion containing the encrypted known
plaintext and looks up the ciphertext in the
dictionary. The ciphertext should match against an
entry that was encrypted with the same secret key.
If there are several matches, each of these can be
tried against the full ciphertext to determine the
right one. This attack is especially effective
against small key sizes (e.g., 40-bit keys).
c. Replay Attack: Earlier SSL handshake messages
are replayed.
d. Man-in-the-Middle Attack: An attacker interposes
during key exchange, acting as the client to the
server and as the server to the client.
e. Password Sniffing: Passwords in HTTP or other
application traffic are eavesdropped.
f. IP Spoofing: Uses forged IP addresses to fool a
host into accepting bogus data.
g. IP Hijacking: An active, authenticated connection
between two hosts is disrupted and the attacker
takes the place of one of the hosts.
h. SYN Flooding: An attacker sends TCP SYN
messages to request a connection but does not
Transcribed Image Text:plaintext and looks up the ciphertext in the dictionary. The ciphertext should match against an entry that was encrypted with the same secret key. If there are several matches, each of these can be tried against the full ciphertext to determine the right one. This attack is especially effective against small key sizes (e.g., 40-bit keys). c. Replay Attack: Earlier SSL handshake messages are replayed. d. Man-in-the-Middle Attack: An attacker interposes during key exchange, acting as the client to the server and as the server to the client. e. Password Sniffing: Passwords in HTTP or other application traffic are eavesdropped. f. IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus data. g. IP Hijacking: An active, authenticated connection between two hosts is disrupted and the attacker takes the place of one of the hosts. h. SYN Flooding: An attacker sends TCP SYN messages to request a connection but does not
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 4 steps

Blurred answer
Knowledge Booster
Fundamentals of Blockchaining
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education