CIS 4615 meeting -*- Outline -*- * Modeling and Analysis with UMLSec These notes are based on the book: J. Jurgens, Secure Systems Development with UML, Springer, 2005, mostly chapter 3. ** Transport Layer Security (TLS) Give context, focus on the sequence diagram, Fig 5.3 p. 96 and Fig 5.4, p.100 ** CEPS purchase transaction Give context, focus on the sequence diagram Fig. 5.7, p. 107 ** Airline Reservation System Example Work out more of the sequence diagram Let's leave the router out of it for now and concentrate on the exchanges between the client and the server (or we could have the client first get the server's identity from the router) +----------+ +------------+ | C:Client | | S: Server | +----------+ +------------+ ++ ++ || || ||book({N}_K_S, K_C, Sign_KC^-1(C,K_C)) || ||------------------------------------->|| || || || return({Sign_{K_S}^-1(k_j::N')}_K', || [snd(Ext_K'(cc)) = K'] || Sign_{K_CA}^-1(S::K_S)) || ||<-------------------------------------|| || || || || || || || || || || || || || || || || || || || || || || || || || || || || || || || || || || || || || || || || Q: What could be the exchange between the client and the router? Q: What can be done now that the client and server have exchanged keys?