Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats o Integrity o Confidentiality o denial of service o authentication need added security mechanisms
15/11/2017 Lecturer: Nguyễn Thị Thanh Vân – FIT - HCMUTE Introduction Security facilities in the TCP/IP Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell (SSH) 15/11/2017 15/11/2017 15/11/2017 15/11/2017 15/11/2017 15/11/2017 15/11/2017 15/11/2017 transparent to end users and applications provides a generalpurpose solution includes a filtering capability so that only selected traffic need incur the overhead of IPsec processing could be provided as part of the underlying protocol suite, therefore be transparent to applications can be embedded in specific packages Ex, Netscape and IE Application-specific security services embedded within the particular application the service can be tailored to the specific needs of a given application 15/11/2017 Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats o Integrity o Confidentiality o denial of service o authentication need added security mechanisms 15/11/2017 15/11/2017 15/11/2017 Two types of web security threats: o Passive attacks include eavesdropping on network traffic between browser and server and gaining access to information on a Web site that is supposed to be restricted o Active attacks include impersonating another user, altering messages in transit between client and server, and altering information on a website Another way to classify Web security threats is in terms of the location of the threat: o Web server, o Web browser, and o network traffic between browser and server 15/11/2017 10 15/11/2017 HTTPS (HTTP over SSL) refers to the combination of HTTP and SSL to implement secure communication between a Web browser and a Web server o HTTPS is simply HTTP inside of a TLS session Secure Socket Layer (SSL) provides security services between TCP and applications that use TCP The Internet standard version is called Transport Layer Service (TLS) SSL/TLS provides confidentiality using symmetric encryption and message integrity using a message authentication code (MAC) SSL/TLS includes protocol mechanisms to enable two TCP users to determine the security mechanisms and services they will use 15/11/2017 11 SSL/ TLS is used to secure communication between two parties using both asymmetric cryptography as well as symmetric cryptography to o provide data privacy, integrity, and authentication A man in the middle is unable to read the contents of their messages o Two parties are able to authenticate to ensure they really are talking to whom they think 15/11/2017 12 15/11/2017 15/11/2017 13 A tool that provides website protection and guarantees the confidentiality of data transmitted electronically SSL certificates are registered on a particular domain name that contains information about the domain owner, his address, etc Three basic types of SSL Certificates are issued by Certificate Authorities (CAs): o Domain Validated o Organization Validated o Extended Validation 15/11/2017 14 15/11/2017 15/11/2017 15 Strong authentication, message privacy, and integrity o secure transmitted data using encryption o data integrity through an integrity check value o help protect against masquerade attacks, man-in-the-middle, rollback attacks, and replay attacks Interoperability: works with o most Web browsers and on most OS and Web Server Algorithm flexibility o authentication mechanisms, encryption algorithms, and hashing algorithms Ease of deployment: Ease of use: o transparently on a Windows Server o most of its operations are completely invisible to the client o The client to have little or no knowledge of the security of communications and still be protected from attackers 15/11/2017 16 15/11/2017 Increased processor load o Cryptography, specifically public key operations, is CPU- intensive o TLS uses the greatest resources while it is setting up connections Administrative overhead o A TLS/SSL environment is complex and requires maintenance; the system administrator must configure the system and manage certificates 15/11/2017 17 SSL-secured transactions with an e-commerce Web site o certificate of the Web site is valid, o sends the client’s credit card information as cipher text o must be enabled for the Web page: an order form Authenticated client access to an SSL-secured Web site o Both the client and server need certificates from a mutually -trusted certification authority (CA) Remote access o provide authentication and data protection when users remotely log in to Windows-based systems or networks SQL access o client or server can be configured to require encryption of the data that is transferred between them E-mail o protect data in a server-to-server exchange allows companies to use the Internet to securely transfer e-mail among divisions within the same company 15/11/2017 18 15/11/2017 Connection: o A connection is a transport that provides a suitable type of service o Connections are peer-to-peer relationships o The connections are transient o Every connection is associated with one session Session: o An association between a client and a server o Sessions are created by the Handshake Protocol o Sessions define a set of cryptographic security parameters which can be shared among multiple connections o Sessions are used to avoid the expensive negotiation of new security parameters for each connection 15/11/2017 19 SSL is designed to make use of TCP to provide a reliable end-toend secure service SSL is not a single protocol but rather two layers of protocols are used in the management of SSL exchanges provides the transfer service for Web client/server interaction provides basic security services to various higher layer protocols 15/11/2017 20 10 15/11/2017 Change Cipher Spec Protocol: o is the simplest o consists of a single message: • consists of a single byte with the value • to cause the pending state to be copied into the current state, which updates the cipher suite to be used on this connection 15/11/2017 23 The Alert Protocol: o is used to convey SSL-related alerts to the peer entity o alert messages are compressed and encrypted, as specified by the current state o Each message in this protocol consists of two bytes • The first byte takes the value warning (1) or fatal (2) to convey the severity of the message • The second byte contains a code that indicates the specific alert 15/11/2017 24 12 15/11/2017 Handshake Protocol o The most complex part of SSL o This protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record o It is used before any application data is transmitted o It consists of a series of messages exchanged by client and server Each message has three fields: • Type (1 byte): Indicates one of 10 messages Table 16.2 lists the defined message types • Length (3 bytes): The length of the message in bytes • Content ( bytes): The parameters associated w ith this message 15/11/2017 25 Message Type Parameters hello_request null client_hello version, random, session id, cipher suite, compression method server_hello version, random, session id, cipher suite, compression method certificate chain of X.509v3 certificates server_key_exchange parameters, signature certificate_request type, authorities server_done null certificate_verify signature client_key_exchange parameters, signature finished hash value 15/11/2017 26 13 Finish Server Authentication and Key Exchange Establish Security Capabilities Client Authentication and Key Exchange 15/11/2017 15/11/2017 27 Phase Establish security capabilities, including protocol version, session ID, cipher suite, compression method, and initial random numbers Phase Server may send certificate, key exchange, and request certificate Server signals end of hello message phase Phase Client sends certificate if requested Client sends key exchange Client may send certificate verification Phase Change cipher suite and finish handshake protocol 15/11/2017 28 14 15/11/2017 15/11/2017 29 Symantec Wormly DigiCert SSL Shopper GlobalSign Qualys Free SSL Server Test COMODO SSL Checker 10 HowsMySSL 15/11/2017 https://geekflare.com/ssl-test-certificate/ 30 15 15/11/2017 Two further items are of interest: o the creation of a shared master secret by means of the key exchange and • a one-time 48-byte value • generated using secure key exchange (RSA / DiffieHellman) and then hashing info • tw o stages • First, a pre_master_secret is exchanged (RSA / DiffieHellman) • Second, the master_secret is calculated by both parties o the generation of cryptographic parameters from the master secret • Client and Server w rite: • MAC secret, • key, • Initialization Value • generated by hashing master secret into a sequence of secure bytes of sufficient length for all needed parameters 15/11/2017 31 TLS is an IETF standardization initiative whose goal is to produce an Internet standard version of SSL TLS is defined as a Proposed Internet Standard in RFC 5246 It is very similar to SSLv3 There are minor differences: o o o o o o o 15/11/2017 in record format version number uses HMAC for MAC a pseudo-random function expands secrets - based on HMAC using SHA-1 or MD5 has additional alert codes some changes in supported ciphers changes in certificate types & negotiations changes in crypto computations & padding 32 16 15/11/2017 need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections: o w eb servers, SMTP servers, IMAP and POP servers 15/11/2017 33 HTTPS: o is documented in RFC 2818, HTTP Over TLS or SSL o refers to the combination of HTTP and SSL to implement secure communication between a Web browser and a Web server o is built into all modern Web browsers o Its use depends on the Web server supporting HTTPS communication • For example, search engines not support HTTPS • If HTTPS is specified, port 443 is used, which invokes SSL 15/11/2017 34 17 15/11/2017 When HTTPS is used, the following elements of the communication are encrypted: o URL of the requested document o Contents of the document o Contents of browser forms (filled in by browser user) o Cookies sent from browser to server and from server to browser o Contents of HTTP header HTTPS is documented in RFC 2818, There is no fundamental change in using HTTP over either SSL or TLS, and both implementations are referred to as HTTPS 15/11/2017 35 15/11/2017 36 18 15/11/2017 Session establishment (authentication, key exchange) Exchange of data over SSL, often a 1KB file over HTTP Session closure 15/11/2017 37 Connection Initiation: o The client initiates a connection to the server on the appropriate port o begin the TLS handshake: client sends the TLS ClientHello o Then, the client initiate the first HTTP request o All HTTP data is to be sent as TLS application data Connection closure o requires that TLS close the connection with the peer TLS entity on the remote side (closing the underlying TCP connection) o TLS level exchange close_notify alerts o must handle TCP close before alert exchange sent or completed 15/11/2017 38 19 15/11/2017 SSH: o is a protocol for secure netw ork communications designed to be relatively and inexpensive to implement SSHv1: o w as focused on providing a secure remote logon facility, o can be used for such netw ork functions as file transfer and e-mail SSH2: o fixes a number of security flaw s in the original scheme o is documented as a proposed standard in IETF RFCs 4250 through 4256 SSH client and server applications are widely available for most operating systems It has become the method of choice for remote login and X tunneling and is rapidly becoming one of the most pervasive applications for encryption technology outside of embedded systems 15/11/2017 39 15/11/2017 40 20 15/11/2017 - These strings are used in the DiffieHellman key exchange The cryptographic algorithm include: key exchange, encryption, MAC algorithm, and compression algorithm Diffie-Hellman key exchange are specified At this point, both sides may start using the keys generated from K - Request: User Authentication or the Connection Protocol - Then, all data is exchanged as the payload of an15/11/2017 SSH Transport Layer packet, protected by encryption and MAC 41 Packet length Padding length Payload Random padding MAC 15/11/2017 42 21 15/11/2017 Defines which the client is authenticated to the server three message types: o SSH_MSG_USERAUTH_REQUEST o SSH_MSG_USERAUTH_FAILURE SSH_MSG_USERAUTH_SUCCESS Authentication methods: o publickey: depend on the public-key algorithm chosen Client sends: (Pub,M(Sign_Pri)) Serrver: checks key is acceptable for authentication; checks signature is correct or not o password: Client sends En(Password) by TLP o hostbased: works: • Client send a signature created w ith the private key of the client host • The SSH server verifies the identity of the client host—and • then believes the host w hen it says the user has already authenticated on the client side 15/11/2017 43 The SSH Connection Protocol used a tunnel to multiplex a number of logical channels Channel Mechanism: o Support all types of communication using SSH o Each side associates a unique channel o Channels are flow controlled using a w indow mechanism o No data may be sent to a channel until a message is received to indicate that w indow space is available Channel Types o Session: may be a shell, an application such as file transfer or e-mail, a system command, or some built-in subsystem o x11: allow s applications to run on a netw ork server but to be displayed on a desktop machine o forw arded-tcpip: This is remote port forw arding o direct-tcpip: This is local port forw arding 15/11/2017 44 22 15/11/2017 The life of a channel progresses through three stages: Opening a channel, Data transfer o Closing a channel o o 15/11/2017 45 convert insecure TCP connection into a secure SSH connection o SSH Transport Layer Protocol establishes a TCP connection between SSH client & server o client traffic redirected to local SSH, travels via tunnel, then remote SSH delivers to server supports two types of port forwarding o local forwarding – hijacks selected traffic o remote forwarding – client acts for server 15/11/2017 46 23 15/11/2017 15/11/2017 47 48 24 15/11/2017 15/11/2017 Concepts Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell (SSH) 15/11/2017 49 50 25 15/11/2017 Experience o HTTPS: • Check if a web broswer can establish a secure connection (TLS/SSL) with the site o SSH: • Set up SSH Server – Client: on linux with authentication methods: • publickey • password • hostbased 15/11/2017 51 Cryptography and Network Security, Principles and Practice, William Stallings, Prentice Hall, Sixth Edition, 2013 o Chapter 16 o Others 15/11/2017 52 26 ...15/11/20 17 15/11/20 17 15/11/20 17 15/11/20 17 15/11/20 17 15/11/20 17 15/11/20 17 transparent to end users and applications provides a generalpurpose... client acts for server 15/11/20 17 46 23 15/11/20 17 15/11/20 17 47 48 24 15/11/20 17 15/11/20 17 Concepts Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) ... transfer e-mail among divisions within the same company 15/11/20 17 18 15/11/20 17 Connection: o A connection is a transport that provides a suitable type of service o Connections are peer-to-peer