Top Banner

Click here to load reader

Security, Privacy and Trust - Lecture 11 - Web Information Systems (4011474FNR)

Nov 07, 2014

ReportDownload

Education

This lecture is part of a Web Information Systems course given at the Vrije Universiteit Brussel.

  • 1. Web Information Systems Security, Privacy and Trust Prof. Beat Signer Department of Computer Science Vrije Universiteit Brussel http://www.beatsigner.com 2 December 2005
  • 2. Security Aspects Authenticity knowing the sender or receiver of data - who is trying to access data on a web server - who is offering a service - who sent an email - Privacy keeping information private - protect credit card information that is sent to a server - protect information sent in emails - Integrity ensuring that information is not changed when transferred December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 2
  • 3. HTTP Authentication Native authentication functionality offered by HTTP instead of directly sending a response for a given request, the server can always respond with an authentication challenge (401 status code) HTTP is extensible to support different authentication protocols and offers the following two standard protocols basic access authentication - simple Base64 encoding of the string : digest access authentication Protected resources can be grouped in security realms with different sets of authorised users or groups of users December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 3
  • 4. Basic Access Authentication try to access a protected resource GET /wise/exam.pdf HTTP/1.0 Client ask password Client Internet HTTP/1.0 401 Authorization Required WWW-Authenticate: Basic realm="WISE" Server Server GET /wise/exam.pdf HTTP/1.0 Authorization: Basic YmVhdDpydWxleg== Client Client December 12, 2013 Server HTTP/1.0 200 OK Content-type: application/pdf Server Beat Signer - Department of Computer Science - [email protected] 4
  • 5. Base64 Encoding Base64 encoding can be used to represent binary data in a portable format (alphabet) used by MIME for content transfer encoding used to embed binary data in XML files (e.g. in XML-RPC) note that Base64 encoded data needs more space Takes a sequence of bytes (8-bit) and breaks it into 6-bit chunks padding with 0s to make it a multiple of 24 (LCM of 6 and 8) complete 6-bit padding chunks are represented by the special character '=' Each 6-bit chunk is then represented by a character from a 64-character alphabet December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 5
  • 6. Base64 Encoding Example Let us encode the string Text N o Index Base64 19 38 60 T m 8 = char val char A 16 Q 32 g 48 w B 17 R 33 h 49 x 2 C 18 S 34 i 50 y 3 D 19 T 35 j 51 z 4 E 20 U 36 k 52 0 5 F 21 V 37 l 53 1 6 G 22 W 38 m 54 2 7 H 23 X 39 n 55 3 8 I 24 Y 40 o 56 4 9 J 25 Z 41 p 57 5 K 26 a 42 q 58 6 11 L 27 b 43 r 59 7 12 M 28 c 44 s 60 8 N 29 d 45 t 61 9 14 Bit Pattern 01001110 01101111 00000000 val 13 padding char 1 padding to 24 bit lookup of 6-bit chunks in index table use '=' for completely padded 6-bit chunks val 10 char 0 'Ja' to Base64 val O 30 e 46 u 62 + 15 P 31 f 47 v 63 / Base64 index table December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 6
  • 7. Proxy Authentication We can use the same authentication approach for controlling access to proxy servers The proxy will return slightly different HTTP headers HTTP/1.0 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="WISE" December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 7
  • 8. Web Server Configuration Example configuration for an Apache HTTP Server Create a new password file (using the c parameter) #htpasswd -c /usr/local/apache/admin/passwords nelson New password: nelson123 Re-type new password: nelson123 Adding password for user nelson Put an .htaccess file with the configuration into the directory that has to be protected alternatively add information to httpd.conf AuthType Basic AuthName "WISE" AuthUserFile /usr/local/apache/admin/passwords Require user nelson December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 8
  • 9. Basic Access Authentication ... Basic access authentication is not secure username and password are sent almost in "cleartext" - Base64 value can be very easily decoded easy to do replay attacks - simply reuse the username and the password Potential solutions combine the basic access authentication with an encrypted data transfer (e.g. via TLS/SSL) - does not prevent replay attacks use of alternative digest access authentication December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 9
  • 10. Digest Access Authentication Password is no longer sent in cleartext only a one-way digest that is computed out of the password (one-way hash function) is sent to the server Message Digest #5 (MD5) is a popular digest function What about digest replay attacks? server sends a special token (nonce) that changes frequently client adds the nonce to the password before computing the MD5 - any changes of the nonce result in changes of the digest which helps to prevent replay attacks h1 = MD5(username:realm:password) h2 = MD5(httpMethod:requestedURI) response = MD5(h1:nonce:h2) Computed response based on MD5 December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 10
  • 11. Digest Access Authentication ... try to access a protected resource GET /wise/exam.pdf HTTP/1.0 Client ask password Client Client Client December 12, 2013 Internet HTTP/1.0 401 Unauthorized WWW-Authenticate: Digest realm="WISE", qop="auth,auth-int" nonce="6G543RED" GET /wise/exam.pdf HTTP/1.0 Authorization: Digest username="nelson", realm="WISE", nonce="6G543RED", qop="auth", response="HF779RW47R7HF", ... HTTP/1.0 200 OK Authorization-Info: nextnonce="7HZT7F6" ... Server Server Server Server Beat Signer - Department of Computer Science - [email protected] 11
  • 12. Digest Access Authentication ... The Authorization-Info: nextnonce="..." is used to send the next nonce in advance client can send the computed hash value already with the original request (preemptive authorization) The quality of protection (qop) field is used to negotiate different protection mechanisms auth - authentification auth-int - authentification and message integrity protection - add an MD5 of the body December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 12
  • 13. Transport Layer Security (TLS) Cryptographic protocol to ensure secure network communication successor of the Secure Socket Layer (SSL) protocol situated at the TCP/IP Application Layer or OSI Presentation Layer Types of authentification unilateral authentification - only server authentification mutual authentification - client and server authentification 7 Application TLS Presentation SSL Session Transport Network Data Link Physical 6 5 4 3 2 1 OSI Reference Model December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 13
  • 14. Transport Layer Security (TLS) Features server authentication client authentication confidentiality through data encryption data integrity Protection against man-in-the-middle attacks replay attacks December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 14
  • 15. Cryptography In cryptography a cipher (coding scheme) is used in combination with a key to create a ciphertext out of a plaintext Cryptanalysis tries to get information out of the ciphertext without having access to the secret information (key) PHHW PH DW QLLQ key MEET ME AT NOON plaintext December 12, 2013 cipher (encoder) ciphertext key cipher (decoder) MEET ME AT NOON plaintext Beat Signer - Department of Computer Science - [email protected] 15
  • 16. Symmetric Key Cryptography A symmetric key cipher uses the same key for the encoding and decoding of a plaintext message Many existing symmetric key ciphers DES, Triple DES, Blowfish, Rijndael/AES, ... The algorithms are often common knowledge and the key is the only secret thing key has to be kept secret Brute force attack (enumeration attack) tries all keys The key length defines the number of potential keys e.g. 128 bit key considered safe today - can change with more powerful machines December 12, 2013 Beat Signer - Department of Computer Science - [email protected] 16
  • 17.