Chapter 4

Web Security
 Outline
• Web security requirements
• Web Security
• Secure sockets layer/ Transport layer
security
• Kerberos
• Secure electronic transaction
• Dual signature
Infrastructure Protection Requirements

• Transport
• Integrity
• Confidentiality
• Authentication
• Multiple mechanisms – certificates, shared secrets, Kerberos/AD
• Application authentication
• User authentication
• Access control
• Multiple mechanisms – directory based...
• Credential propagation
• Credential caching
• Transaction level granularity – resource or application access
authorized separately from individual transaction authorization
Infrastructure Protection Requirements

• Resource protection
• Server and network isolation
• Server resource control
• Network bandwidth control
• Centralized
• Policy administration
• Provisioning
• Access control
• Auditing
• Monitoring
 Web Security
Key Points
• Secure socket layer (SSL) provides security services
between TCP and applications that use TCP.
• The Internet standard version is called transport layer
service (TLS).
• SSL/TLS provides confidentiality using symmetric
encryption and message integrity using a message
authentication code.
• Kerberos is an authentication service designed for
use in a distributed environment.
• Secure electronic transaction (SET) is an open
encryption and security specification designed to
protect credit card transactions on the Internet
 Web Security...
• Web now widely used by business, government,
individuals
• However, Internet & Web are vulnerable
• Have a variety of threats
• Integrity
• Confidentiality
• Denial of service
• Authentication
• Need added security mechanisms
 Web Security...
Types of Web threats and countermeasures
Threats Consequences Countermeasu
res
Integrity • Modification of user data • Loss of Cryptographic
• Trojan horse browser information checksums
• Modification of memory • Compromise of
• Modification of message machine
traffic in transit • Vulnerability to
all other
threats
Confidentiality • Eavesdropping on the • Loss of • Encryption
Net information • Web proxies
• Theft of info from server • Loss of privacy
• Theft of data from client
• Info about network
configuration
• Info about which client
talks to server
 Web Security...
Types of Web threats and countermeasures
Threats Consequences Countermeasures
DoS • Killing of user threads • Disruptive Difficult to prevent
• Flooding machine • Annoying
with bogus requests • Prevent user
• Filling up disk or from getting
memory work done
• Isolating machine by
DNS attacks
Authentication • Impersonation of • Misrepresenta Cryptographic
legitimate users tion of user techniques
• Data forgery • Belief that
false
information is
valid
 Web Security...
• Types of threats faced in using the Web can also be
classified in terms of the location of the threat:
• Web server (computer system security)
• Web browser (computer system security)
• Network traffic between browser and server
(network security)
• Web security (Web traffic security) mainly falls into
the category of Network traffic security

• Different Web security approaches provide similar

services but differ with respect to their scope of
applicability and their relative location in the TCP/IP
protocol stack
 Web Security...
• Security facilities in the TCP/IP protocol stack
 Web Security...
Secure Channels
• Encrypted Traffic may use
• Symmetric Key
• Public/Private Key
• Negotiated Secure Session
• Secure Socket Layer (SSL)
• Transport Layer Security (TLS)
• SSL or TLS provides the following services
• Authenticate users and servers
• Encryption to hide transmitted data - symmetric or
asymmetric
• Integrity to provide assurance that data has not been
altered during transmission
• SSL or TLS require certificates to be issued by a certificate
authority (CA)
 Web Security...
Secure Channels
• Internet Tunnels
• Virtual Private Network (VPN) circuit across the Internet
between specified remote sites
• uses an encrypting router that automatically encrypts all
traffic that traverses the links of the virtual circuit

• Tunneling Protocols
• PPTP by Microsoft - [Link]
• Layer 2 Forwarding (L2F) by Cisco - [Link]
• L2TP/IPSec(combines PPTP and L2F) - [Link]
• SSTP (Secured Socket Tunneling Protocol)
 Web Security...
HTTPS (HTTP Secure)
• HTTPS uses cryptography with HTTP
• Alice, Bob have public, private keys; public keys accessible
via certificate authority (CA)
• Alice encrypts message with Bob’s public key, signs message
with her private key
• Bob decrypts message with his private key, verifies message
using Alice’s public key
• Once they “know” each other, they can communicate via
symmetric crypto keys

• HTTPS provides greater assurance than HTTP

 Secure Socket Layer (SSL)
Overview
The SSL protocol (Secure Socket Layer) was developed by
Netscape to allow client/server applications to communicate safely
• It is transport layer security service
• Uses TCP to provide a reliable end-to-end service
• SSL probably most widely used Web security mechanism.
• TLS (Transport Layer Security) is an evolution of SSL proposed
by the IETF.
 Secure Socket Layer (SSL)...
• Secure Sockets Layer (SSL) is transport-layer protocol that
provides encryption technology for the web services.

• SSL ensures the secure transmission of data between a client

and a server through a combination of
• Privacy,
• authentication, and
• data integrity.
• SSL achieves these constraints of security through the use of
the following elements:

• Cryptography, key exchange

• Digital signature and

• Digital Certificates
 Secure Socket Layer (SSL)...
• SSL is a secure data exchange protocol providing
• Privacy between two Internet applications
• Authentication of server (authentication of browser optional)
• Uses enveloping: RSA used to exchange DES keys
• SSL Handshake Protocol
• Negotiates symmetric encryption protocol, authenticates
• SSL Record Protocol
• Packs/unpacks records, performs encryption/decryption
 Secure Socket Layer (SSL)...
• SSL Characteristics
• Operates at the TCP/IP transport layer
• Encrypts (decrypts) input from application (transport) layer
• Any program using TCP can be modified to use SSL connections
• SSL connection uses a dedicated TCP/IP socket (e.g. port 443 for
https or port 465 for ssmtp)
• SSL is flexible in choice of which symmetric encryption, message
digest, and authentication algorithms can be used
HTTP SMTP POP3 HTTPS SSMTP SPOP3
80 25 110 443 465 995

SSL

Transport
Network
 Secure Socket Layer (SSL)...
• SSL Characteristics…
• When SSL client makes contact with SSL server they try to pick
strongest encryption methods they have in common.
• SSL provides built in data compression
• compress first then encrypt
• When SSL connection established browser-to-server and server-to-
browser communications are encrypted.
• This includes:
• URL of requested document
• Contents of the document
• Contents of browser forms
• Cookies sent from browser to server
• Cookies sent from server to browser
• Contents of HTTP header…
 Secure Socket Layer (SSL)...
SSL Architecture

INITIALIZES SECURE
COMMUNICATION ERROR HANDLING

HANDLES COMMUNICATION
WITH THE APPLICATION

INITIALIZES
Protocols
COMMUNCATION
HANDLES DATA BETWEEN CLIENT &
COMPRESSION SERVER
AND ENCRYPTION
 Secure Socket Layer (SSL)...
SSL Architecture
• SSL consists two layers of protocols: SSL Record Protocol Layer
and Upper Layer Protocols.
• Handshake: Allows the
server and the client to
authenticate each other
and negotiate on MAC
algorithm and
Cryptographic key.
• Change Cypher Spec:
Allows pending state to be
copied into the current
state.
• Alert: Used to convey SSL
related alerts to the peer
entity.
 Secure Socket Layer (SSL)...
SSL session
• An SSL session is done in two steps:
• A handshake phase where client and server authenticate
each other (with X509 certificates), and agree on a ciphering
schema and the corresponding key

• The communication itself where data exchanged are

compressed, encrypted and signed
 Secure Socket Layer (SSL)...
SSL Record Protocol

• Confidentiality
– using symmetric encryption with a
shared secret key defined by
Handshake Protocol
– IDEA, RC2-40, DES, 3DES, RC4-40,
RC4-128
– message is compressed before
encryption
• Message integrity
– using a MAC with shared secret key

• SSL Record Protocol defines these two

services for SSL connections.
 Secure Socket Layer (SSL)...
SSL Record Protocol Operation

MAC - Message Authentication Code

 Secure Socket Layer (SSL)...
SSL Record Format

• Content Type (8bit): The higher

layer protocol used to process
the enclosed fragment
• Major/Minor version (8/8 bit):
Indicates major/minor version
of SSL in use
• Compressed Length (16 bit):
The length in bytes of the plain
text fragment (compressed
fragment)
 Secure Socket Layer (SSL)...
Cipher Suite
• For public-key, symmetric encryption
and certificate verification we need
• public-key algorithm
• symmetric encryption algorithm
• message digest (hash) algorithm
• This collection is called a cipher suite
• SSL supports many different suites
• Client and server must decide on
which one to use
• The client offers a choice; the server
picks one
 Secure Socket Layer (SSL)...
Cipher Suite
SSL_NULL_WITH_NULL_NULL = { 0, 0 } INITIAL (NULL) CIPHER SUITE

PUBLIC-KEY SYMMETRIC HASH

ALGORITHM ALGORITHM ALGORITHM

SSL_RSA_WITH_NULL_MD5 = { 0, 1 } CIPHER SUITE CODES USED

IN SSL MESSAGES
SSL_RSA_WITH_NULL_SHA = { 0, 2 }

SSL_RSA_EXPORT_WITH_RC4_40_MD5 = { 0, 3 }

SSL_RSA_WITH_RC4_128_MD5 = { 0, 4 }

SSL_RSA_WITH_RC4_128_SHA = { 0, 5 }

SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0, 6 }

SSL_RSA_WITH_IDEA_CBC_SHA = { 0, 7 }

SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0, 8 }

SSL_RSA_WITH_DES_CBC_SHA = { 0, 9 }

SSL_RSA_WITH_3DES_EDE_CBC_SHA = { 0, 10 }
 Secure Socket Layer (SSL)...
SSL Alert Protocol
• Conveys SSL-related alerts to peer entity
• Severity level of the message
• warning or fatal
• Specific alert
• fatal: unexpected message, bad
record mac, decompression failure,
handshake failure, illegal
parameter
• warning: close notify, no
certificate, bad certificate,
unsupported certificate, certificate
revoked, certificate expired,
certificate unknown
• Compressed & encrypted like all SSL data
 Secure Socket Layer (SSL)...
SSL Handshake Protocol
Allows server & client to:
• authenticate each other
• to negotiate encryption & MAC
algorithms
• to negotiate cryptographic keys to
be used
• Comprises a series of messages in phases
1. Establish Security Capabilities
2. Server Authentication and Key
Exchange
3. Client Authentication and Key
Exchange
4. Finish
 Secure Socket Layer (SSL)...
SSL Handshake Protocol
• Establishing an SSL Connection
• The client (browser) opens a connection to server port
• Browser sends “client hello” message. Client hello message
contains:
• Version of SSL browser uses
• Ciphers and data compression methods it supports
• The Server responds with a “server hello” message. Server
hello message contains
• Session id
• The chosen versions for ciphers and data compression
methods.
 Secure Socket Layer (SSL)...
SSL Handshake Protocol
• Establishing an SSL Connection…
• The server sends its certificate
• Used to authenticate server to client
• Optionally the server may request client’s certificate
• If requested, client will send its certificate of authentication
• If client has no certificate then connection failure
• Client sends a “ClientKeyExchange” message
• Symmetric session key chosen
• Digital envelope is created using server’s public key and
contains the symmetric session key
 Secure Socket Layer (SSL)...
SSL Handshake Protocol
• Establishing an SSL Connection…
• Optionally, if client authentication is used the client will
send a certificate verify message.
• Server and client send “ChangeCipherSpec” message
indicating they are ready to begin encrypted transmission.
• Client and server send “Finished” messages to each other
• These are a message digest of their entire conversation
up to this point.
• If the digests match then messages were received
without interference.
Secure Socket Layer (SSL)...
 Transport Layer Security
• The same record format as the SSL record format.
• Defined in RFC 2246.
• Similar to SSLv3.
• Differences in the:
• version number
• message authentication code
• pseudorandom function
• alert codes
• cipher suites
• client certificate types
• certificate_verify and finished message
• cryptographic computations
• padding
 Kerberos
What is Kerberos?

• Users wish to access services on servers

• Three threats exist:
• User pretend to be another user (impersonation)
• User alter the network address of a workstation
• User eavesdrop on exchanges and use a replay attack
• Kerberos: Developed at M.I.T.
• A secret key based service for providing authentication in open
distributed networks or
• Is an authentication service designed for use in a distributed
environment.
 Kerberos...
What is Kerberos?

• Kerberos makes use of a trusted third-part authentication

service that enables clients and servers to establish
authenticated communication.
• Authentication mediated by a trusted 3rd party on the network:
• Key Distribution Center (KDC)
• Allows users access to services distributed through network
without needing to trust all workstations rather all trust a
central authentication server
 Kerberos...
Authentication

• Authentication: Three factors:

• something you have key, card
• can be stolen

• something you know passwords

• can be guessed, shared, stolen

• something you are biometrics

• costly, can be copied (sometimes)

• Kerberos provides centralized authentication server to

authenticate clients to servers and servers to clients
• Relies on conventional encryption, making no use of public-
key encryption
• Two versions: version 4 and 5
• Version 4 makes use of DES
 Kerberos...
Kerberos: etymology

• The 3-headed dog that guards the entrance to Hades

• Those three heads in security: AAA (Authentication, Accounting,
Audit)
• However in Kerberos the last two heads never implemented
 Kerberos...
Kerberos: etymology
[Kerberos was named after Cerberus, the three-headed dog of
Greek mythology, because of its three components:]
• A Key Distribution Center (KDC), which is a server that has
two components: an Authentication Server and a Ticket
Granting Service.
• The client (user)
• The server that the client wants to access
 Kerberos...
Kerberos Requirements
• Security
• Opponents should not be able to gain access to KDC
• Reliability (availability)
• A Kerberos server or its substitute should be available all
the time
• Scalability
• System should be able to support large amount of users

• Reliability and scalability imply a distributed architecture

• Transparency
• Users should see the system as a username/password
system
 Kerberos...
Kerberos v4 Overview

• A basic third-party authentication scheme (KDC)

• Kerberos v4 have an Authentication Server (AS)
• Users initially negotiate with AS to identify self
• AS provides a non-corruptible authentication credential
(ticket granting ticket TGT)

• Have a Ticket Granting server (TGS)

• Users subsequently request access to other services from
TGS on basis of users TGT
 Kerberos...
Kerberos v4 Dialogue

1. Obtain ticket granting ticket (TGT) from AS

• Once per session
• AS knows the passwords of all users and stores in
centralized DB
• AS shares a unique secret key with each server
2. Obtain service granting ticket from TGS: for each distinct
service required
3. Client/server exchange to obtain service: on every service
request
 Kerberos...
A Simple Authentication Dialogue

Message 1

(1) C -> AS : IDC || PC || IDV

• C = client
• AS = authentication server
• IDC = identifier of user on C
• PC = password of user on C
• IDV = identifier of server V
• C asks user for the password
• AS checks that user supplied the right password
 Kerberos...
A Simple Authentication Dialogue

Message 2
(2) AS -> C : Ticket
Ticket = E K(V) [IDC || ADC || IDV]
• K(V) = secret encryption key shared by AS and V
• ADC = network address of C
• Ticket cannot be altered by C or an adversary

Message 3
(3) C -> V: IDC || Ticket
• Server V decrypts the ticket and checks various fields
• ADC in the ticket binds the ticket to the network address of
C
 Kerberos...
How it works
 Kerberos...
Kerberos Version 5

• Developed in mid 1990’s

• Provides improvements over v4
• Specified as Internet standard RFC 1510
 Kerberos...
Platform support
• Windows 2000, XP, Server 2003 and Vista, 7,…
• Use Kerberos as their default authentication method
• Microsoft additions to the Kerberos suite of protocols
• Documented in RFC 3244
• "Microsoft Windows 2000 Kerberos Change Password
and Set Password Protocols“

• Microsoft uses the Kerberos protocol

• Does not use the MIT software

• Apple's Mac OS X uses Kerberos

• client and server versions
 Kerberos...
Uses
The following software can use Kerberos for authentication:

• VMware ESX server

• CISCO routers and switches
• Coda file system
• Eudora
• MAC OS
• Microsoft windows (2000 and later) uses as default
authentication protocol
• Mulberry an e-mail client developed by Cyrusoft, Inc.
• NFS
• Oracle RDBMS
• SOCKS proxy
• Any Java based software (since 1.4.2) using JAAS/JGSS
can use Kerberos for security
Secure Electronic Transactions (SET)
• An open encryption and security specification.
• Designed to protect credit card transaction on the Internet.
• Companies involved:
• MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa
and Verisign

• Not a payment system but enables users to employ the

existing credit card payment infrastructure on an open network
(Internet) in a secure manner.
• Set of security protocols and formats.
Secure Electronic Transactions (SET)...
SET services

• Provides a secure communication channel among all parties

involved in a transaction.

• Provides trust by the use of X.509v3 digital certificates.

• Ensures privacy because the information is only available to parties

in a transaction when and where necessary

• Key Features of SET:

• Provide confidentiality of information through encryption (DES)

• Integrity of data through digital signature (RSA using SHA-1)

• Cardholder account authentication through DS and DC (X.509)

• Merchant authentication through DS and DC

Secure Electronic Transactions (SET)...
SET protocol supports all features of credit card system

• Cardholder registration
• Merchant registration
• Purchase requests
• Payment authorizations
• Funds transfer (payment capture)
• Chargebacks (refunds)
• Credits
• Credit reversals • SET can manage
• Debit card transactions
• Real-time & batch transactions
• Installment payments
Secure Electronic Transactions (SET)...
SET Participants

• Cardholder: Authorized holder of Payment Card

• Merchant: a person or org. that has goods to sell to the Cardholder.

• Issuer: Financial institution (such as bank) – connected with the

Cardholder.

• Acquirer: Verifies that a card account is active and the proposed

purchase does not exceed the credit limit – Connected with the
Merchant.

• Payment gateway: Operated by the acquirer or a designated third

party that processes merchant payment messages

• Certification Authority: Trusted entity to issue the X.509V3 public

key certificate for card holders, Merchants and payment gateways.

• The success of SET depends on CA.

Secure Electronic Transactions (SET)...
SET Participants
Secure Electronic Transactions (SET)...
SET (Sequence of events for transactions)
1. The customer opens a credit card account.
2. The customer receives a certificate, which is signed by the Bank.
3. Merchants have their own certificates.
4. The customer places an order.
5. The merchant is verified by sending a copy of its certificate.
6. The order and payment are sent to the merchant along with
[Link]
7. The merchant request payment authorization to payment gateway
8. The merchant confirm the order.
9. The merchant provides the goods or service.
10. The merchant requests payments, the request is sent to the
payment gateway, which handles all of the payment processing
Secure Electronic Transactions (SET)...
SET (Sequence of events for transactions)
Secure Electronic Transactions (SET)...
SET – Dual Signature
• Dual signature is an important innovation by SET
• Used to link two messages that are intended for two different
recipients.
• The customer wants to send Order Information (OI) to the
merchant and Payment Information (PI) to the bank.
• Merchant – Does not need to know customer’s CC number.
• Bank – Does not need to know details of customer’s order.
Privacy!!
• The two items, however, must be linked somehow to prove that
the payment is intended for this order and not for some other
goods or services.
Secure Electronic Transactions (SET)...
SET – Dual Signature (customer side)

DS = E(KRc,
[H(H(PI)||H(OI)])
Secure Electronic Transactions (SET)...
SET – Dual Signature (Merchant side)
• Now suppose that the merchant is in possession of:
• the dual signature (DS),
• the OI, and
• the message digest for the PI (PIMD)
• The merchant also has the public key of the customer, taken
from the customer's certificate.
• Then the merchant can compute the quantities:
H(PIMD||H[OI]) ; D(PUc, DS)
• If these two quantities are equal, then the merchant has verified
the signature.
Secure Electronic Transactions (SET)...
SET – Dual Signature (Bank side)
• Similarly, if the bank is in possession of:
• DS, PI,
• the message digest for OI (OIMD), and
• the customer's public key, then the bank can compute:
• H(H[OI]||OIMD) ; D(PUc, DS)
• Again, if these two quantities are equal, then the bank has verified
the signature.
Summary
[Link] merchant has received OI and verified the signature.
[Link] bank has received PI and verified the signature.
[Link] customer has linked the OI and PI and can prove the linkage.
Secure Electronic Transactions (SET)...
SET payment processing
Cardholder Sends Purchase Request
Secure Electronic Transactions (SET)...
SET payment processing
Merchant Verifies Customer Purchase Request

det of
ails
for 7.3
n
llin ctio
Sta d Se
gs
a
Re
Thank You!