The K Zone, Home

About Me

K View

Projects

Papers

Gallery

Email
 

 

  
  A review of security techniques used in protecting Active Server Pages (ASP) - Page 6

 

Back to Contents Page

  
 

 

Security Techniques used in protecting Active Server Pages

4. Remote Procedure Call (RPC) Encryption
RPC is a protocol that allows methods on remote systems to communicate and coordinate their activities. The role of RPC Encryption is to provide a secure layer upon which data between the communicating remote systems can be transmitted safely. The RPC Encryption is applied at the application layer.

Using RPC Encryption
Upon starting a session a request is made for secure services whereby a secure context is established. This security context might include a shared session key, sequence numbers, verification state, and so on [7]. The security context is used to form a secure connection between the client and the server. The client can then send RPC messages encrypted, using the generated session key, with an optional authentication header to the server. The server upon receiving the message decrypts the message with the session key before processing the RPC.

RPC Encryption Security Review
RPC can be protected against most threats if RPC Encryption is applied. However the effectiveness of the security is dependant upon the use of the authentication header in all messages. Failure to use an authentication header exposes the session to hijacking.


Next Page

 

  

Home | About Me | K View | Projects | Papers | Gallery | Email