1 Secure HTTP Herng-Yow Chen. 2 Outline When digest authentication is not strong enough? How a more complicated technology secures HTTP transactions from.

1

Secure HTTP

Herng-Yow Chen

2

Outline

When digest authentication is not strong enough?

How a more complicated technology secures HTTP transactions from eavesdropping and tampering?

Using digital cryptography.

3

HTTPS

https scheme

security icon

4

HTTPS (cont.)

Network interfacesNetwork interfaces

I PI P

T C PT C P

H T T PH T T P Application layer

Transport layer

Network layer

Data link layer

(a) HTTP

H T T PH T T P Application layer

Security layerSSL or TLSSSL or TLS

T C PT C P Transport layer

I PI P Network layer

Network interfacesNetwork interfacesData link layer

(b) HTTPS

5

Digital cryptography

Ciphers Keys Symmetric-key cryptosystems Asymmetric-key cryptosystems Public-key cryptography Digital signatures Digital certificates

6

Plaintext and Ciphertext

Meet me at the pier at midnight

Plaintext

Encoder

Phhw ph dw wkh slhu dw plgqljkw

Decoder

Ciphertext

Meet me at the pier at midnight

Plaintext

7

Rotate-by-3 cipher example

Cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ

ABCDEFGHI JKLMNOPQRSTUVWXYZABC

Plaintext MEET ME AT THE AT PIRE AT MIDNIGHT

Ciphertext

PHHW PH DW WKH DW SLHU DW PLGQLJKW

8

Keyed Ciphers (rotate-by-n), using different keys

Meet me at the pier at midnight

Plaintext

nffu nf bu uif qjfs bu njeojhiu

Ciphertext

(a)

Key=1

Meet me at the pier at midnight

Plaintext

oggv og cv vjg rkgt cv okfpkijv

Ciphertext

(b)

Key=2

Rotate(n) encoder

Rotate(n) encoder

Meet me at the pier at midnight

Plaintext

phhw ph dw wkh slhu dw plgqlijkw

Ciphertext

(c)

Key=3

Rotate(n) encoder

9

Digital Ciphers

10

Plaintext is encoded with encoding key e

Ciphertext CKey=e

Encoder E

Plaintext PC = E (P, e)

11

Symmetric-Key Cryptography

Plaintext P

Key=d

Decoder D

Ciphertext CP = D (C, d)

If d = e

Popular symmetric-key cryptography algorithm are DES, Triple-DES, RC2, and RC4.

12

Key Length and Enumeration Attacks

Attack cost 40-bit key

56-bit key

64-bit key

80-bit key

128-bit key

$100,000 2 secs 35 hours 1 years 70,000 years

1019 years

$1,000,000 200 msecs

3.5 hours 37 days 7,000 years

1018 years

$10,000,000 20 msecs

21 mins 4 days 700 years 1017 years

$100,000,000 2msecs 2 mins 9 hours 70 years 1016 years

$1,000,000,000

200 usecs

13 secs 1 hours 7 years 1015 years

13

Public-Key Cryptography

Public

key=es

Private key=ds

server

Plaintext

Internet

Encrypted ciphertext

client

Plaintext

Using different keys for encoding and decoding

14

Public-Key cryptography assigns a single, public encoding key to each host

A

B D

C

kBX

kAX

kCX

kDX

(a) Symmetric-key cryptography

A

B D

C

ex

(b) Public-key cryptography

ex

ex

ex

15

Signatures Are Cryptographic Checksums

Plaintextmessage

Signature

A

Messagedigest

Privatekey=dA

D

B

Public key=eA

E Same?

Messagedigest

Messagedigest

16

The Guts of a Certificate

17

X.509 v3 Certificates

18

Verifying that a signature is real

Signing authority’s public key

E Same?

B

Messagedigest

Messagedigest

19

HTTPS Overview

Network interfacesNetwork interfaces

I PI P

T C PT C P

H T T PH T T P Application layer

Transport layer

Network layer

Data link layer

(a) HTTP

H T T PH T T P Application layer

Security layerSSL or TLSSSL or TLS

T C PT C P Transport layer

I PI P Network layer

Network interfacesNetwork interfacesData link layer

(b) HTTPS

20

HTTPS Schemes

client Server

(a) HTTP request 80

HTTP

client Secure Server

(b) HTTPS request 443

HTTPS

clientSecure Server

(C) HTTPS over HTTP tunnel 443

HTTPS

Proxy

8080

HTTP tunnel

21

Secure Transport Setup

22

Secure Transport Setup (cont.)

(a) Unencrypted HTTP transaction (b) Enencrypted HTTPS transaction

23

SSL Handshake (simplified)

24

Server Certificates

client Server

InternetServer Certificate

Certificate serial number 35:DE:F4:CF

Certificate expiration date

Wed, Sep 17, 2003

Site’s organization name Joe’s Hardware Online

Site’s DNS hostname www.joes-hardware.com

Site’s public key

Certificate issuer name RSA Data Security

Certificate issuer signature

Jone doe

HTTPS certificates are X.509 certificates with site information

25

Virtual Hosting and CertificatesCertificate name mismatches bring up certificate error dialog boxes

26

Virtual Hosting and Certificates (cont.)

27

Tunneling Secure Traffic Through Proxies

client

client

Public Internet

Firewallproxy

Securityperimeter

Corporate firewall proxy

28

Tunneling Secure Traffic Through Proxies (cont.)

www.cajun-gifts.comproxy.ncnu.edu.tw

client.ncnu.edu.twbdfwr73ytr6ouydoiw687eqidfjwvd76weti76fig287hdi98r82yr87pfdy72y87193836PDUyqe719eyty3gee98y8787

Proxy cannot proxy an encrypted request

29

Reference

HTTP Security Web Security, Privacy & Commerce Simson Garfinkel, O’reilly & Associates, Inc. This is one of the best,

most readable introductions to web security and the use of SSL/TLS and digital certificates.

http://www.ietf.org/rfc/rfc2818.txt RFC 2818, “HTTP Over TLS,” specifies how to implement secure HT

TP over Transport Layer Security (TLS), the modern successor to SSL.

http://www.ietf.org/rfc/rfc2246.txt RFC 2817, “Upgrading to TLS Within HTTP/1.1,” explains hoe to use

the Upgrade mechanism in HTTP/1.1 to initiate TLS over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same well-known port (in this case, http: at 80 rather than https: at 443). It also enables virtual hosting, so a single HTTP+TLS server can disambiguate traffic intended for several hostnames at a single IP address.

30

Reference (cont.)

SSL and TLS http://ww.ietf.org/rfc/rfc2246.txt RFC 2246, “The TLS Protocol Version 1.0,” specifies Version 1.0 of the

TLS protocol (the successor to SSL). TLS provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.

http://developer.netscape.com/docs/manuals/security/sslin/contents.htm

“Introduction to SSL” introduces the Secure Sockets Layer (SSL) protocol. Originally developed by Netscape, SSL has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers.

http://www.netscape.com/eng/ssl3/draft302.txt “The SSL Protocol Version 3.0” is Netscape’s 1996 specification for SSL.

31

Reference (cont.)

http://developer.netscape.com/tech/security/ssl/howitworks.html

“How SSL Works” is Netscape’s introduction to key cryptography.

http://www.openssl.org The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general-purpose cryptography library.