Web Security

Network Security Web Security
04/24/06
Hofstra University Network Security Course, CSC290A
HTTP Fundamentals
RFC 1945 HTTP 1.0 RFC 2616 HTTP 1.1 RFC 2396 URL/URI syntax www.w3.org - World Wide Web Consortium (W3C) - Check this site regularly
04/24/06
Tim Berners-Lee
Biography http://www.ibiblio.org/pioneers/lee.html http://www.w3.org/People/Berners-Lee/ Interview With Christopher Lydon http://media.skybuilders.com/Lydon/Berners-Lee.1.mp3

04/24/06 Hofstra University Network Security Course, CSC290A 3
HTTP Fundamentals
Traditional Client/Server Model Listens on port 80 Glorified FTP server HTTP transmits resources rather than files Universal Resource Locator (URL) a subset of URI
04/24/06
HTTP Fundamentals
A request line has three parts, separated by spaces: a method name, the local path of the requested resource, and the version of HTTP being used.
GET /path/to/file/index.html HTTP/1.0
Other methods: HEAD and POST

HTML Fundamentals
<h1>An important heading</h1> <h2>A slightly less important heading</h2> <p>This is the first paragraph.</p> <p>This is the second paragraph.</p> This is a really <em>interesting</em> topic!
HTML Fundamentals
04/24/06
Famous Web Attacks

These cyber assaults have caused millions of Internet users to be denied services. At this time we are not aware of the motives behind these attacks. But they appear to be intended to disrupt legitimate electronic commerce. Janet Reno in response to a series of DoS attack in early 2000.
Famous Web Attacks

The Royal Canadian Mounted Police have charged a teenage computer hacker in one of the February cyber attacks that crippled several popular Web sites. The suspect is a 15-year-old boy known online by the nickname "Mafiaboy" FOX News, 4/19/2000
04/24/06
Famous Web Attacks

A 17-year-old New Hampshire computer junkie known as "Coolio" may be charged in a handful of vandalism incidents at private and government Web sites according to U.S. federal law enforcement sources. Coolio hacked into and defaced three Web sites: D.A.R.E., an anti-drug organization; Internet security company RSA Security; and the U.S. government's Chemical Weapons Convention site, FBI sources said. Reuters, 3/3/2000
Web Security Considerations

Internet is two way unlike tradition publishing, its vulnerable to attacks High visibility public image, reputation, copyrights Complex software protocol is simple, but client/server application is complex Vulnerability point web server can be a launch pad for further attacks
Web Security Threats
04/24/06
12
Web Traffic Security Approaches

Classify security threats by location: web server, web browser and network traffic Were concerned with traffic IPsec Secure Sockets Layer (SSL) Transport Layer Security (TLS) Secure Electronic Transaction (SET)
Web Security Approaches
Transparent to end users
Above TCP. Embedded in packages
Application Specific - SET
04/24/06
14
SSL Origins
Originated by Netscape Competed with SHTTP Version 3 became Internet draft TLS (Transport Layer Security) is an attempt to develop a common standard SSLv3.1 = TLS
SSL Architecture
Depends on TCP for end-to-end reliability Two layers of protocols: SSL Record Protocol basic security services to higher layers Three higher layer protocols used in the management of SSL exchanges
SSL Protocol Stack

Manages SSL Exchanges
Basic Security Services
04/24/06
17
SSL Architecture/Concepts
Connection peer-to-peer relationships in the transport layer. Every connection is associated with one session Session an association between a client and a server created by the Handshake Protocol
Define a set of cryptographic security parameters, which can be shared among multiple connections Avoid the expensive negotiation of new security parameters for each connection
SSL Statefullness
Multiple secure connections in a session Number of states associated with each session Current operating state for read and write (receive and send) Pending read and write states created during Handshake Protocol
Session State
Session identifier arbitrary byte sequence chosen by the server Peer certificate X.509.v3 digital certificate of peer; may be null Compression method Cipher spec algorithms used (AES, MD5) Master secret 48 byte shared key Is resumable session can be used to initiate new connections
Connection State
Server and client random byte sequences chosen for each connection Server/Client write MAC secret secret key used in MAC operations on data sent by the server/client Server/Client write key conventional encryption key Initialization vectors needed for CBC mode Sequence numbers separate for xmit & recv
SSL Record Protocol

Provides two important services for SSL connections: Confidentiality Handshake Protocol defines a secret key for conventional encryption of SSL payloads Integrity Handshake Protocol defines a shared secret key used to form a message authentication code (MAC)

04/24/06
22
SSL Record Protocol Ops

message
optional
04/24/06
23

Fragmentation block of 16K bytes or less Compression optional, must not increase content length beyond 1024 bytes Message authentication code (MAC) uses shared secret key, similar to HMAC algorithm
04/24/06
24
Recall: HMAC
Effort to develop a MAC derived from a cryptographic hash code Executes faster in software No export restrictions Relies on a secret key RFC 2104 list design objectives Used in IPsec
HMAC Structure
Message, M
secret key By passing Si and So through the hash algorithm, we have pseudoradomly generated two keys from K.
output
04/24/06
26

Message authentication code (MAC) two pads are concatenated in SSLv3 but XORed in HMAC SSLv3 was based on original internet draft for HMAC, which used concatenation
hash(secret_key || 0x5C_pad || hash(secret_key || 0x36_pad || seq_num || compress_type || length || fragment))
04/24/06
27

Compressed message plus the MAC are encrypted using symmetric encryption Cant increase content length by more than 1K bytes May use padding for cipher block IDEA, DES, 3DES, Fortezza (NSA product)

Final step is to prepend a header with following fields:
Content type the higher layer protocol used to process the enclosed fragment Major version SSLv3 Minor version value of 0 Compressed length plaintext fragment length in bytes
SSL Record Format
04/24/06
30
Content Types
Four types: Change Cipher Spec simplest protocol consists of a single byte message that causes the pending state to be copied into the current state which updates cipher suite to be used 1 byte
1
Change Cipher Spec Protocol
Content Types
Four types: Alert 2 byte protocol used to convey SSL related alerts to the peer entity. 1st byte is either a warning or fatal, which terminates the connection. 2nd byte indicates specific alert
1 byte 1 byte
level alert
Alert Protocol
Content Types
Four types: Application Data this is opaque data to SSL. No distinction made among the various applications
u1 byte
opaque content
Other upper-layer protocol (e.g., HTTP)
04/24/06
33
Content Types
Four types: Handshake allows server and client to authenticate each other and negotiate and encryption and MAC algorithm. Used before any application data is transmitted. Consists of a series of messages
1 byte 3 bytes
u0 bytes
type
length
content
Handshake Protocol
Handshake Protocol Message Types
04/24/06
35
Handshake Protocol Action

Phase 1
Phase 2
Phase 3
Phase 4
04/24/06
36
Handshake Protocol
04/24/06
37
Handshake Protocol Phase 1

Initiate a logical connection and establish security capabilities Client send client_hello message with nonce, session ID, cipher suite (decreasing order of preference), compress method Server returns server_hello message with nonce and selection of proposed parameters Key exchanges: RSA | fixed, ephemeral, or anonymous Diffie-Hellman | Fortezza

Most of this is optional Server sends its certificate (X.509s) if it needs to be authenticated server_key_exchange message is sent. This is a hash which includes nonces to prevent replay attacks Server can send a certificate_request message to the client Finally the server_done message (no parms) is always sent by the server to indicate the end of hello, authentication and exchange message Server waits for client response

Client now verifies the certificate if requested and checks parameters A certificate message is sent if server requests it client_key_exchange message sent to exchange keys certificate_verify message may be sent to verify the clients ownership of the private key for the client certificate
04/24/06
40
Completes the setting up of a secure connection Client sends a change_cipher_spec message and copies the pending CipherSpec into the current CipherSpec Client sends finished message under the new algorithm, keys and secrets In response to these two messages, the server does the same Handshake is complete and the client and server may begin to exchange application layer data
Cryptographic Computations
Master Secret Creation two stages: pre-master-secret exchange (RSA or Diffie-hellman) and master secret computation by both sides Generation of Cryptographic Parameters the master-secret is a seed value for functions that generate the client/server MAC secret, keys, and IV
Transport Layer Security

TLS is an Internet standard to replace SSLv3 Defined in RFC 2246 Record format is the same as SSL Record Format TLS makes use of HMAC (padding bytes are XORed)
04/24/06
43
Transport Layer Security

PRF, pseudorandom function, expands small shared secrets into longer blocks of data. Uses two hash functions (RSA & SHA-1) for added security Similar alert codes to SSL with a few new additions Cipher suites are the same except for Fortezza (not supported)
Digital Watermarks
Watermark
Image with watermark
04/24/06
45
Digital Watermarks
Complements the cryptographic processes Visible or invisible identification code that is permanently embedded in the multimedia data Removal of the watermark is virtually impossible Composed of a bit pattern distributed throughout the data based on noise theory Causes no visual aural degradation of the image
Jessica Fridrich
Inventor of the most commonly used method for speed-solving the Rubik's Cube, better known as speedcubing. Specialist in all aspects of watermarking for authentication and tamper detection, self-embedding, robust watermarking, steganography and steganalysis, forensic analysis of digital images (detection of forgeries), advanced image processing and encryption techniques http://www.ws.binghamton.edu/fridrich/
04/24/06
47
Important URLs
http://docs.sun.com/source/816-615610/contents.htmIntroduction to SSL
from
Netscape http://www.openssl.org/ A very good open source version

http://www.ietf.org/html.charters/tlscharter.htmlIETF TLS WOrkgroup
http://www.forensics.nl/digital-watermarking
Good collection of digital watermarking papers

Homework
Read Chapter Seven (7.1 & 7.2) Submit topic for term paper by next week
04/24/06
49
SET Transactions
04/24/06
Secure Electronic Transaction (SET)

Pht tri n b i Visa and MasterCard c thi t k th tn d ng b o v cc giao d ch c m ha
B o m t: T t c thng tin
Tin c y: Cc bn tham gia truy n thng ph i c ch ng ch s Ring t : Thng tin ch khi c n thi t. c cung c p
04/24/06
SET Business Requirements

Cung c p d ch v b o m t cho thng tin thanh ton v thng tin t hng. m b o tnh ton v n c a thng tin Cung c p d ch v ch ng th c, xc nh ch th l ng i dng h p php c a ti kho n. Cung c p d ch v ch ng th c, qua nh cung c p c th ti p nh n giao d ch th tn d ng thng qua quan h v i th ch ti chnh.
04/24/06 Hofstra University Network Security Course, CSC290A
SET Transactions
Khch hng m ti kho n t i m t nh cung c p d ch v th tn d ng (MasterCard, Visa, etc.) Khch hng nh n c 1 ch ng ch s c k b i ngn hng. Nh cung c p ( n v ch p nh n lo i th c a khc hng) s h u 2 ch ng ch s : M t k v m t trao i kha. Khch hng ti n hnh t hng m t s hng ha ho c d ch v c a nh cung c p. Nh cung c p g i ch ng ch s xc minh. Hofstra University Network 04/24/06
Security Course, CSC290A
SET Transactions
Khch hng g i thng tin t hng v thng tin thanh ton cho nh cung c p. Nh cung c p yu c u ki m ch ng thng tin thanh ton t i ngn hng tr c khi chuy n hng cho khch. Nh cung c p xc nh n n t hng v chuy n hng cho khch hng. Nh cung c p yu c u thanh ton t ngn hng.
04/24/06
Key Technologies of SET

B o m t thng tin: DES Ch ng th c d li u: Ch k s RSA v i m hash SHA-1 Ch ng th c ti kho n ch th v nh cung c p: Ch ng ch s v i ch k RSA B o m t ring r : Tch ring thng tin t hng v thng tin thanh ton v i ch k kp.
04/24/06
Ch
K t n i 2 b n tin 1 cch an ton, nh ng ch cho php m i bn c th c thng tin dnh cho mnh. MESSAGE 1 MESSAGE 2
HASH 1 & 2 WITH SHA GHP 2 M HASH
k kp (dual signature)
DIGEST 1
DIGEST 2
T O M HASH M I B NG SHA
NEW DIGEST PRIVATE KEY DUAL SIGNATURE

M HA M HASH M I B NG KHA B M T C A NG IG I
04/24/06
Dual Signature for SET

Khi ni m: Lin k t 2 b n tin ng i nh n khc nhau: g i cho 2 Thng tin t hng - Order Information (OI): Khch hng g i cho nh cung c p Thng tin thanh ton - Payment Information (PI): Khch hng g i ngn hng. M c ch: Gi i h n thng tin ch ng i c n bi t: c bi t b i
Nh cung c p khng c n bi t s th tn d ng Ngn hng khng c n bi t thng tin t hng. S lin k t gi a 2 thng tin l c n thi t xc nh n s ti n thanh ton l cho n t hng ny (trnh vi c l i d ng b t h p php).
Why Dual Signature?

Gi s khch hng g i cho nh cung c p 2 b n tin: Thng tin t hng ( k) - OI Thng tin thanh ton ( k ) - PI Nh cung c p chuy n thng tin thanh ton cho ngn hng rt ti n. N u nh cung c p ti p nh n 1 thng tin t hng khc t khch hng, nh cung c p c th nh l a ngn hng l n hng ny i cng v i thng tin thanh ton tr c thay v thng tin thanh ton chu n.
T o ch
k kp trong SET
Cc b c: Take the hash (SHA-1) of the payment and order information. These two hash values are concatenated [H(PI) || H(OI)] and then the result is hashed. Customer encrypts the final hash with a private key creating the dual signature. DS = EKRC [ H(H(PI) || H(OI)) ]
Nh cung c p xc minh ch
Nh cung c p c kha public c a khch hng thng qua ch ng ch s . Nh cung c p tnh 2 gi tr H(PIMD || H(OI)) DKUC[DS] Hai gi tr ny ph i b ng nhau
04/24/06
Ngn hng xc minh ch
Ngn hng c thng tin v ch k, PI, v m hash c a OI (OIMD) v kha public c a khch hng. Ngn hng c th tnh v so snh: H(H(PI) || OIMD) DKUC [ DS ]
04/24/06
t hng
The cardholder generates a one-time symmetric encryption key, KS,
04/24/06
Nh cung c p xc minh hng

Khi nh cung c p nh n n t hng, ti n hnh xc minh: Xc minh ch ng ch c a khch hng qua ch k c a CA Xc minh ch k kp s d ng kha public c a khch hng.
04/24/06
Merchant Verification (contd)

X l n hng v g i thng tin thanh ton cho ngn hng xc minh. G i ph n h i v n hng cho khch hng.
04/24/06
Network Security Web Security Part 2
04/24/06
65
Secure Electronic Transaction

Matercard & Visa 1996 SET is an open encryption and security specification designed to protect credit card transactions on the Internet Microsoft, Netscape, RSA, Versign 1998 first set of SET compliant products
3-D Secure
3-D Secure is a XML-based protocol to allow authentication of cardholders of credit card companies in ePayment transactions. The protocol was developed by Visa and was adopted under the names Verified By Visa and Mastercard Secure Code. Visa 3-D Secure Payment Program
04/24/06
67
This Week In Aviation
The Spirit of St. Louis Was Completed


Web Security

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Web Security

Diunggah oleh

Hak Cipta:

Format Tersedia

Network Security Web Security

Hofstra University Network Security Course, CSC290A

Hofstra University Network Security Course, CSC290A

Biography http://www.ibiblio.org/pioneers/lee.html http://www.w3.org/People/Berners-Lee/ Interview With Christopher Lydon http://media.skybuilders.com/Lydon/Berners-Lee.1.mp3

Other methods: HEAD and POST

Hofstra University Network Security Course, CSC290A

Famous Web Attacks

Famous Web Attacks

Famous Web Attacks

Web Security Considerations

Web Security Threats

Hofstra University Network Security Course, CSC290A

Web Traffic Security Approaches

Web Security Approaches

Transparent to end users

Above TCP. Embedded in packages

Application Specific - SET

Hofstra University Network Security Course, CSC290A

SSL Protocol Stack

Basic Security Services

Hofstra University Network Security Course, CSC290A

SSL Record Protocol

Hofstra University Network Security Course, CSC290A

SSL Record Protocol Ops

Hofstra University Network Security Course, CSC290A

SSL Record Protocol Ops

Hofstra University Network Security Course, CSC290A

SSL Record Protocol Ops

Hofstra University Network Security Course, CSC290A

SSL Record Protocol Ops

SSL Record Protocol Ops

SSL Record Format

Hofstra University Network Security Course, CSC290A

Hofstra University Network Security Course, CSC290A

Handshake Protocol Message Types

Hofstra University Network Security Course, CSC290A

Handshake Protocol Action

Hofstra University Network Security Course, CSC290A

Hofstra University Network Security Course, CSC290A

Handshake Protocol Phase 1

Handshake Protocol Phase 2

Handshake Protocol Phase 3

Hofstra University Network Security Course, CSC290A

Handshake Protocol Phase 4

Transport Layer Security

Transport Layer Security

Image with watermark

Hofstra University Network Security Course, CSC290A

Hofstra University Network Security Course, CSC290A

Netscape http://www.openssl.org/ A very good open source version

Good collection of digital watermarking papers

Hofstra University Network Security Course, CSC290A

Hofstra University Network Security Course, CSC290A

Secure Electronic Transaction (SET)

Hofstra University Network Security Course, CSC290A

SET Business Requirements

Hofstra University Network Security Course, CSC290A

Key Technologies of SET

NEW DIGEST PRIVATE KEY DUAL SIGNATURE

Hofstra University Network Security Course, CSC290A

Dual Signature for SET

Why Dual Signature?

Hofstra University Network Security Course, CSC290A