Security is often looked at as an afterthought in systems design. That is evident in common protocols; security related RFCs has historically been proposed after the main protocol. Notice that any communication over a public medium (like the internet) is vulnerable to man-in-the-middle attacks. An adversary might hijack the communication by carefully inspecting input packets from both sides. In light of that, some security related questions are reasonable: When a client connects to a server, how does it verify that the server is the one it claims to be? How do they decide on a shared secret key to use for encryption? In this chapter, we will see how these questions are commonly addressed.
We will cover the following topics:
- Securing web-based applications using certificates
- Key exchange using the Diffie-Hellman method