Lecture 6 web security

Lecture 6 web security

• 1.
  WEB Security
• 2.
  Outline • Web Security Considerations • Secure Socket Layer (SSL) and Transport Layer Security (TLS) • Secure Electronic Transaction (SET) 2
• 3.
  Web Security Considerations • The WEB is very visible. • Complex software hide many security flaws. • Web servers are easy to configure and manage. • Users are not aware of the risks. 3
• 4.
  Security facilities inthe TCP/IP protocol stack Pretty Good Privacy (PGP): • a data encryption and decryption computer program • provides cryptographic privacy and authentication for data communication. • used for signing, encrypting and decrypting e-mails 4
• 5.
  Security facilities inthe TCP/IP protocol stack • S/MIME (Secure/Multipurpose Internet Mail Extensions)  a standard for public key encryption and signing of MIME data.  provides the following cryptographic security services: – Authentication – message integrity – non-repudiation of origin (using digital signatures) – privacy – data security (using encryption) • Kerberos (the hound of Hades ):  computer network authentication protocol  allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner.  provides mutual authentication — both the user and the server verify each other's identity.
• 6.
  SSL and TLS • SSL was originated by Netscape • TLS working group was formed within IETF • First version of TLS can be viewed as an SSLv3.1 • SSL  SSL Architecture  SSL Record Protocol  Change Cipher Spec Protocol  Alert Protocol  Handshake Protocol 6
• 7.
  SSL Architecture • Not a single protocol but Two layers of protocols • Provides basic security services to higher layer protocosl e.g. HTTP operates on top of SSL • Three higher layer protocols are part of SSL 7
• 8.
  SSL session /SSL connection • Two important concepts : SSL connection and SSL session • SSL connection  Transport that provides a suitable type of service  A SSL connection is peer-to-peer relationship (transient)  Every SSL connection is associated with one session • SSL session  Association between a client and a server  Created by the Handshake Protocol  Define a set of cryptographic security parameters • States :  Session Established : Current operating state for recieve and send  Handshake Protocol: Pending State for recieve and send – If handshake successful, pending state  current operating state 8
• 9.
  SSL Record Protocol: Services • Two Services for SSL Connections 1. Confidentiality  Defines a shared secret key that is used for conventional encryption 2. Message Integrity – Defines a shared secret key that is used to form a message authentication code (MAC) • Compression  Lossless compression to shrink the message size – Defined as NULL in SSLv3 and current version of TLS 9
• 10.
  SSL Record Protocol: Operation • No distinction is made among various applications using SSL; the content of data is opaque to SSL Fragment: 214 bytes Compression: Optional Message Authentication Code: shared secret key is used to compute MAC Encryption: Symmetric 10
• 11.
  SSL Record Protocol: Operation • First Step Fragmentation: Each upper layer message is fragmented into block of 214 bytes (16384 bytes) or less • Second Step Compression: Optional step, must be lossless and may not increase the length by more than 1024 bytes • Third Step Message Authentication Code (MAC): shared secret key is used to compute MAC • Fourth Step Encryption: compressed message (if applied) and MAC are encrypted using symmetric encryption • Final Step Header Preparation. 11
• 12.
  SSL Record Format • Header consists of following :  Conten Type (8 bits) : Higher layer protocol used to process the enclosed fragment such as change_cipher_spec, alert, handshake and application data  Major Version (8 bits) : Major Version of SSL e.g. For SSL v3 = 3  Minor Version (8 bits) : Minor Version of SSL e.g. For SSL v3 = 0  Compressed Length (16 bits) : The length in bytes of plaintext or compressed fragment 12
• 13.
  SSL Change CipherSpec Protocol • Uses SSL Record Protocol • Simplest one : Consists of a single message, which consists of single byte with value 1 • Purpose is to convert pending state into current state 13
• 14.
  Alert Protocol • Conveys SSL-related alerts to peer • Compressed and Encrypted • Consists of two bytes  The first byte indicates Alert Level (indicates severity) – Warning – Fatal • Will immediately terminate the connection • Alerts that always will be fatal  unexpected_message, bad_record_mac, decompression_failure, handshake_failure, illegal_parameter  The second bytes indicates the specific alert – Warning alerts • close_notify, no_certificate, bad_certificate, unsupported_certificate, certificate_revoked, certificate_expired, certificate_unknown 14
• 15.
  Handshake Protocol • The most complex part of SSL. • Server and client authenticate each other. • Server and client negotiate encryption, MAC algorithm and cryptographic keys. • Used before any application data is transmitted. • Message Format  Type: Indicate one of ten messages (e.g. Hello, certificate, key exchange)  Length: The length of message  Content: The parameters associated with this message 15
• 16.
  Handshake Protocol :Phases • Phase 1: Establish Security Capabilities  Initiate logical connection and establish security capabilities to be associated with it. • Phase 2: Server Authentication and Key Exchange  Sends a certificate (if authentication is required)  May send Server_Key_Exchange message • Phase 3: Client Authentication and Key Exchange  Client verify certificate from server and check server_hello parameters  May send a certificate (on request) or alert for no certificate or one or more message • Phase 4: Finish  Completes secure connection
• 17.
  Handshake Protocol Action 17
• 18.
  Transport Layer Security • The same record format as the SSL record format. • Defined in RFC 2246. • Similar to SSLv3. • Differences in the:  version number : major version 3, minor version 1  message authentication code  pseudo random function  alert codes  cipher suites : no longer support for Fortezza  client certificate types  certificate_verify and finished message  cryptographic computations  padding 18
• 19.
  Secure Electronic Transactions • An open encryption and security specification. • Protect credit card transaction on the Internet. • Companies involved:  MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign • Set of security protocols and formats. 19
• 20.
  Secure Electronic Transactions • Key Features of SET:  Confidentiality of information  Integrity of data  Cardholder account authentication  Merchant authentication • SET Services  Provides a secure communication channel in a transaction.  Provides trust by the use of X.509v3 digital certificates.  Ensures privacy. 20
• 21.
  SET Participants 21
• 22.
  SET Participants • Card Holder: person who uses a payment card to purchase • Merchant: business or organization who sells goods or services to the cardholder in the case of a SET transaction over the internet. • Issuer: financial institution that provides the cardholder with payment card. The issuer responsibility to guarantee payment on behalf of its cardholder. • Acquirer: financial institution that processes payment card authorizations and payment for the merchant. The acquirer’s responsibility is to obtain payment authority from the cardholder’s issuer.
• 23.
  SET Participants • Payment Gateway: an institution that works on the behalf of the acquirer to process the merchant’s payment messages, including payment instruction from the cardholders. • Certificate Authority: The certificate authority provides certification for the merchant, cardholder, and payment gateway. Certification provides a means of assuring that the parties involved in a transaction
• 24.
  Sequence of eventsfor transactions 1. The customer opens an account. 2. The customer receives a certificate. 3. Merchants have their own certificates. 4. The customer places an order. 5. The merchant is verified. 6. The order and payment are sent. 7. The merchant request payment authorization. 8. The merchant confirm the order. 9. The merchant provides the goods or service. 10. The merchant requests payments. 24
• 25.
  HTTPS • HTTP over SSL : combination of HTTP and SSL  RFC 2818 : HTTP Over TLS , no fundamental change in HTTP over SSL or TLS  Secure communication between Web browser and Web servers  Built into all modern Web browser  Web servers should support HTTPS communications • Connection Initiation  Client initiates a connection to server on appropriate port  Handshake is performed  Data is sent • Connection Closure  Client indicate closing of connection, Connection : close  Client must be able to cope with a situation, if a connection is terminated without close notification and issue security warning 25
• 26.
  SSH : SecureShell (Reading Assignment)