//By Mohamed R. Elabnody // [email protected] www.elabnody.net 3 rd May, 2012 Actors Script Kiddies Crackers Hackers
Nov 12, 2014
//By Mohamed R. Elabnody //
www.elabnody.net
3rd May, 2012
Actors
Script Kiddies
Crackers
Hackers
2 www.elabnody.netWeb Security
Outline
• Introduction to Web Security
• Why Is Security So Important?
• Web Security Considerations
• Web Security Approaches
• Secure Socket Layer (SSL) and
Transport Layer Security (TLS)
• Secure Electronic Transaction
(SET)
• Recommended Reading
• Problems
3 www.elabnody.netWeb Security
Key Points
Secure socket layer (SSL) provides security services between TCP
and applications that use TCP. The Internet standard version is called
transport layer service (TLS).
SSL/TLS provides confidentiality using symmetric encryption and message integrity using a message authentication code.
SSL/TLS includes protocol mechanisms to enable two
TCP users to determine the security mechanisms and
services they will use.
Secure electronic transaction (SET)
is an open encryption and security specification designed to protect credit card transactions on the Internet.
4 www.elabnody.netWeb Security
Overview
• Why Be Concerned about Web Security?– The increased use of the networks and the internet
helps users finish many tasks quickly and efficiently and adds convenience to many people's lives. However, there is downside, as well. As more and more personal and business data is stored on computer networks, the risk and consequences of unauthorized computer access, theft, fraud, and other types of computer crime increase; so do the chances of data loss due to crime or employee misconduct.
5 www.elabnody.netWeb Security
Overview
• Web security may easily be split into three specific areas:
• there is the client. This is the machine from which the user requests a web page. By typing a URL a connection between the client and server is made. The server returns the document and the user browser displays the document.
Client Access to Web Pages
• the Web Server. This is where the entire web pages and resources are held. Similarly, the web server may host databases or act as a middleware to back-end databases.
Server
• the connection between the server and client needs to be considered. In very few circumstances this connection will be conducted over a trusted or value added network.
Connection
6 www.elabnody.netWeb Security
Introduction
• Virtually all businesses, most government agencies, and many
individuals now have Web sites. The number of individuals and
companies with Internet access is expanding rapidly and all of
these have graphical Web browsers. As a result, businesses are
enthusiastic about setting up facilities on the Web for electronic
commerce. But the reality is that the Internet and the Web are
extremely vulnerable to compromises of various sorts. As
businesses wake up to this reality, the demand for secure Web
services grows.
• In this session, we begin with a discussion of the general
requirements for Web security and then focus on two standardized
schemes that are becoming increasingly important as part of Web
commerce: SSL/TLS and SET.
7 www.elabnody.netWeb Security
Information Security
at Work Awareness
8 www.elabnody.netWeb Security
Why Is Security So
Important?
• Stolen intellectual property
• System downtime
• Lost productivity
• Damage to business reputation
• Lost consumer confidence
• Severe financial losses due to lost revenue
9 www.elabnody.netWeb Security
War on the Internet
Oh, this is bad, but it is
not our business, Who
needs to get into war
anyway
We will only conduct our
e-business
That is it.
10 www.elabnody.netWeb Security
Zone-H statistics
• Why did you deface this website?
http://www.zone-h.org
11 www.elabnody.netWeb Security
Who Are Attackers?
InternetExternal
Attacker
Corporate
Headquarters
Internal
Attacker
Unauthorized access: gaining access to
a computer, network, file, or other
resource without permission; can be
committed by Insiders Outsiders
12 www.elabnody.netWeb Security
Attacks
Organizational Attacks
Social Engineering
Viruses, Trojan Horses, and Worm
Denial of Service (DoS)
Accidental Breaches in Security
Common
Types of
Attacks
13 www.elabnody.netWeb Security
How Do Attacks Occur?
Examples of attacker actionsStages of
attack
Runs a port scan on the firewallFootprint
Exploits an unpatched Web serverScanning
Creates an account with
administrator rights
Gaining Access
Uploads unlicensed software to the
Web server
Maintaining
Access
Erases the audit trail of the exploitCover-up
14 www.elabnody.netWeb Security
Common Types of Vulnerabilities
Vulnerability Examples
Weak Passwords Employees use blank or default passwords
Unpatched software Patches are not updated
Security hotfixes are not applied
Miss configured
Software
Services have more privileges than required
Services run as the Local System account
Social engineering Help desk administrator resets a password
without verifying the identity of the caller
Weak security on
Internet Connections
Unused services and ports are not secured
Firewalls are used improperly
Unencrypted data
transfer
Authentication packets are sent in clear text
Important data is sent over the Internet in clear
text
Buffer overrun A trusted process runs untrusted code
15 www.elabnody.netWeb Security
Web Security
Considerations
• The WEB is easily accessible worldwide.
//more vulnerability//
• Complex software hide many security
flaws.
• Users are not trained in computer security
and are not aware of the risks.
• A Web server can be exploited as a
launching pad into a corporation’s entire
computer complex.
16 www.elabnody.netWeb Security
Information Security
Threat Awareness
17 www.elabnody.netWeb Security
Web Security Approaches
Encryption and Other Security Tools
19 www.elabnody.netWeb Security
Web Security Approaches
• Web Security Threats …
Integrity
Confidentiality
Denial of Service
Authentication
20 www.elabnody.netWeb Security
Web Security Approaches
• Web Security Threats– Integrity: modification of a web page, message traffic, or user
data
– Confidentiality: eavesdropping of web traffic
– Denial of Service: bogus web requests, flooding web server memory or queue
– Authentication: impersonation of legitimate users
– Location of the threats
• Web server
• Web client
• Network traffic
21 www.elabnody.netWeb Security
Web Security Approaches
• Encryption: method of scrambling e-mail or files to
make them unreadable
• Secure Web servers: use encryption to protect
information transmitted via their Web pages
– Most common is SSL
– Look for a locked padlock on the status bar and https:// in the URL
– Only transmit credit card numbers and other sensitive
data via a secure Web server
22 www.elabnody.netWeb Security
Web Security Approaches
23 www.elabnody.netWeb Security
Web Security Approaches
Page 531
Figure 1. Relative Location of Security Facilities in the TCP/IP
Protocol Stack
Cryptography and Network Security Principles and Practices, 4th Edition,
Security facilities in the TCP/IP protocol stack
illustrates this difference. One way to provide Web security is to use IP Security (Figure 1).
The advantage of using IPSec is that it is transparent to end users and applications and
provides a general-purpose solution. Further, IPSec includes a filtering capability so that only
selected traffic need incur the overhead of IPSec processing.
Transparent
to end users Above TCP
Embedded in package
Application
Specific -SET
25 www.elabnody.netWeb Security
Secure Socket Layer (SSL)
• Implements three cryptographic assurances:
• Also provides secure key exchange between a
browser (client) and server.
• Provides security parameters negotiation.
• Does not offer non-repudiation.
Authentication Confidentiality Message integrity
27 www.elabnody.netWeb Security
How Does SSL/TLS Work?
– User browses to a secure Web server by
using HTTPS
– The browser generates a unique session
key and encrypts it by using the Web
server’s public key from its root certificate
– The session key is received by the Web
server and is decrypted by using the
server's private key
– After the connection has been established,
all communication between the browser
and Web server is secure
28 www.elabnody.netWeb Security
Secure Socket Layer (SSL)
SSL Architecture:
• SSL runs on the top of TCP to provide reliable and secure end-to-end service.
• Consists of two layers
29 www.elabnody.netWeb Security
SSL Architecture
• Depends on TCP for end-to-end reliability
• Two layers of protocols:
– SSL Record Protocol - basic security services
to higher layers
– Three higher layer protocols - used in the
management of SSL exchanges
30 www.elabnody.netWeb Security
SSL Architecture
Figure 2. SSL Protocol Stack
Page 532Cryptography and Network Security Principles and Practices, 4th Edition,
The SSL
Record
Protocol
provides basic
security
services to
various higher-
layer
protocols.
Manages SSL Exchanges
IP
TCP
SSL record protocol
SSLHandshakeprotocol
SSL changecipher specprotocol
SSL alertprotocol
HTTP
Basic
Security
Services
31 www.elabnody.netWeb Security
SSL Architecture
• Two important SSL concepts:– Connection: peer-to-peer relationships in the transport
layer. Every connection is associated with one session.
– Session: An association between a client and a
server created by the Handshake Protocol.
• Define a set of cryptographic security parameters,
which can be shared among multiple connections.
• Avoid the expensive negotiation of new security
parameters for each connection.
32 www.elabnody.netWeb Security
SSL Record Protocol
• Provides two services for SSL Connections:1. Confidentiality: A shared secret key used for
conventional encryption of SSL payload.
2. Message Integrity: A shared secret key is used to construct a message authentication code.
33 www.elabnody.netWeb Security
SSL Record Protocol
Operation
Figure 3. SSL Record Protocol Operation
Page 534Cryptography and Network Security Principles and Practices, 4th Edition,
Message
Optional
Message Blocks
indicates the overall operation of the SSL Record Protocol. The
Record Protocol takes an application message to be transmitted,
fragments the data into manageable blocks, optionally
compresses the data, applies a MAC, encrypts, adds a header,
and transmits the resulting unit in a TCP segment. Received data
are decrypted, verified, decompressed, and reassembled and
then delivered to higher-level users.
MAC: Message Authentication Code
34 www.elabnody.netWeb Security
SSL Record Protocol
• Record protocol takes an application message and performs the following operations:– Fragmentation: block 0f 16k bytes or less)
– Compression: optional, must not increase content length beyond 1024 bytes
– Add a MAC (a shared secret key is used)
– Encryption (symmetric encryption)
– Appends an SSL record header.
35 www.elabnody.netWeb Security
SSL Record Format
Page 535Cryptography and Network Security Principles and Practices, 4th Edition,
• The final step of SSL Record Protocol processing is to pretend a header, consisting of the following fields:
– Content Type (8 bits): Used by higher layers to process the enclosed fragment.
– Major Version (8 bits): Indicates the major version of SSL used.
– Minor Version (8 bits): Indicates the minor version of SSL used.
– Compressed length (16 bits): The length of fragment in bytes.
36 www.elabnody.netWeb Security
Handshake Protocol
Message Types
37 www.elabnody.netWeb Security
Handshake Protocol
• The most complex part of
SSL.
• Allows the server and client
to
– authenticate each other.
– negotiate encryption, MAC
algorithm and cryptographic
keys.
• Used before any application
data are transmitted.
Phase 1
Phase 2
Phase 3
Phase 4
38 www.elabnody.netWeb Security
Handshake Protocol
39 www.elabnody.netWeb Security
Handshake Protocol
• Authenticate each other and negotiate
cryptographic parameters (encryption and
MAC algorithms, cryptographic keys, …)
– Phase 1: establish security capabilities
– Phase 2: server authentication and key
exchange
– Phase 3: client authentication and key
exchange
– Phase 4: finish
40 www.elabnody.netWeb Security
An SSL Session
1. Negotiation of cryptographic parameters//Two computers probably don’t know each other’s
capabilities.//
2. Key Agreement. //C & S generate shared secret key.//
3. Authentication (client authenticates server).
4. Confidentiality and integrity.//private messages exchanged between C & S.//
41 www.elabnody.netWeb Security
https://ssl.trustwave.com/support/support-how-ssl-works.php
42 www.elabnody.netWeb Security
Hello and Negotiate
Parameters
• Client sends server a plaintext message to suggest some
parameters for conversation:1
Version:
SSL 3.1 if you can, else SSL 3.0
Key Exchange:
RSA if you can, else Diffie-Hellman
Secret Key Cipher Method:
TripleDES if you can, else DES
Message Digest:
MD5 if you can, else SHA-1
Random #: 777,666,555
43 www.elabnody.netWeb Security
Hello and Negotiate
Parameters
• Server responds by its choice of parameters in a plaintext
message:1
Version:
SSL 3.1
Key Exchange:
RSA
Secret Key Cipher Method:
TripleDES
Message Digest:
SHA-1
Random #: 444,333,222
44 www.elabnody.netWeb Security
Hello and Negotiate
Parameters
• After responding to the hello message, the server sends the client its digital certificate.
//A trusted CA signed this certificate.//1
• The client uses the trusted CA’s public key to decrypt the certificate and obtains server’s public key and verifies the server.
45 www.elabnody.netWeb Security
Key Agreement and Exchange
• The client generates a 48-byte random value (called pre-master secret), encrypts it with server’s public RSA key, and sends it to server.
• The server decrypts this message and generates six keys.
ServerClient
DES secret KeyDES secret Key
Secret key for
message
integrity
Secret key for
message
integrity
Secret key to
initialize the
cipher.
Secret key to
initialize the
cipher.2
46 www.elabnody.netWeb Security
Key Agreement and
Exchange
• Generation of six shared secret keys:
<> Random values exchanged.
<> Pre-master secret.
<> Pseudo-random function generator.
Example:
PRF(pre-master secret, random1+ random2)
Computed repeatedly.
2
47 www.elabnody.netWeb Security
Authentication
The client authenticates the server:• The clients sends the server a message that
is encrypted with the generated secret keys.//called the “finished handshake” message//
• The server responds with its own encrypted finished handshake message.
<> The clients is now convinced that it is communicating with right server.//pre-master secret could only be decrypted with the
server’s private key.//
3
48 www.elabnody.netWeb Security
Authentication
Does server need to authenticate the client?– In general yes, but in this situation it may
not be necessary:
• Reasons:1. It is not necessary because it will be
done when the client gives his/her CC number.
2. A client may not have information to authenticate itself to the server.
3. It is time-consuming for server.
3
49 www.elabnody.netWeb Security
Confidentiality and Integrity
• Client and server use the generated secret keys for confidential data transfer.<> The client uses its secret key to generate
a HMAC for the message.
<> The client encrypts message data + HMAC with its secret key and sends it to server.
<> The server decrypts the received message with its secret key.
<> The server checks the integrity of the message using HMAC.
4
Secure Electronic Transactions
52 www.elabnody.netWeb Security
Secure Electronic
Transactions
• An open encryption and security specification.
• Designed to protect credit card transaction on the Internet.
• Companies involved:
– MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign
• Not a payment system.
• Set of security protocols and formats
(enables users to employ existing CC payment infrastructure securely in an open environment).
RSA Rivest-Shamir-Adelman
CC Common Criteria
53 www.elabnody.netWeb Security
SET Services
• Provides three services:1. Provides a secure communication channel
among all parties involved in a transaction.
2. Provides trust by the use of X.509v3 digital certificates.
3. Ensures privacy: information is only available to involved parties.
54 www.elabnody.netWeb Security
SET Overview
• Key Features of SET:
– Confidentiality of information
– Integrity of data
– Cardholder account authentication
– Merchant authentication
55 www.elabnody.netWeb Security
SET Participants
56 www.elabnody.netWeb Security
Sequence of events for
transactions
1. The customer opens an account.
2. The customer receives a certificate. (contains customer’s public key)
3. Merchants have their own certificates. (Two certificates: one for signing messages and the other for key exchange.)
4. The customer places an order.
5. The merchant is verified. (merchant sends a copy of its certificate; the customer can verify it.)
6. The order and payment are sent.>The payment information is encrypted in such a way that it can not be read by the merchant.> Customer’s certificate enables the merchant to verify the customer.
57 www.elabnody.netWeb Security
Sequence of events for
transactions
7. The merchant requests payment authorization.>Merchant sends the payment information to payment
gateway, requesting authorization.
8. The merchant confirms the order.>Merchant sends confirmation to customer.
9. The merchant provides the goods or service.>Merchant ships goods to customer.
10. The merchant requests payments.>Merchant sends payment request to the payment gateway, which handles payment processing.
58 www.elabnody.netWeb Security
Dual Signature
• Objective: to link two messages that are
intended for two different recipients.
• Customer wants to send:
1. Order Information (OI) to merchant.
2. Payment information (PI) to bank.
>Customer wants to link these two items and
also wants to keep them separate.
59 www.elabnody.netWeb Security
Dual Signature
>Merchant need not know about CC#.
>Bank need not know the details of
customer’s order.
>> However, these two items must be linked to
resolve any dispute.
>>Customer can prove that this payment was
intended for this order.
//protects customer and merchant.//
60 www.elabnody.netWeb Security
Generation of Dual Sign.
• Customer takes the hash (SHA-1) of PI.
• Customer takes the hash of OI.
• Concatenates these two and takes hash of the result.
• Customer signs the final hash with his private key.
DS = EKRc[H(H(PI)||H(OI))]
SHA Secure Hash Algorithm
61 www.elabnody.netWeb Security
Dual Signature
H(OI))]||)(([ PIHHEDScKR
62 www.elabnody.netWeb Security
Dual Signature
• Merchant has DS, OI, and PIMD.
>Merchant computers H(PIMD||H(OI)).
>Merchant decrypts DS using customer’s public
key.
>If both these items are equal, the merchant has
verified the DS.
//Merchant is never sent the PI//
63 www.elabnody.netWeb Security
Dual Signature
• The bank has DS, PI, and OIMD.
>The bank computers H(H(PI)||OIMD).
>The bank decrypts DS using customer’s public
key.
>If both these items are equal, the merchant has
verified the DS.
//The bank is never sent the OI.//
64 www.elabnody.netWeb Security
Payment Processing
65 www.elabnody.netWeb Security
Payment Processing
• Look at three steps:
1.
Purchase request
2.
Payment authorization
3.
Payment capture
66 www.elabnody.netWeb Security
Payment Processing
– Before purchase request, customer makes an order
– Initiate request: request certificate to the merchant
– Initiate response: merchant returns signed response and
his certificate and the payment gateway’s certificate
– Purchase request: cardholder sends a purchase request
which includes purchase-related info(PI, DS, OIMD) ,
order-related info (OI, DS, PIMD), and cardholder
certificate
– Purchase response: signed response from the merchant
for the purchase request
[1]
Purchase Request:
67 www.elabnody.netWeb Security
Payment Processing
Cardholder
sends
Purchase
Request
68 www.elabnody.netWeb Security
Payment Processing
• Payment authorization ensures that the merchant will
receive payment.
• Authorization request message includes
– Purchase-related info: PI, DS, OIMD, and digital envelope
– Authorization-related info: authorization block (transaction ID
signed with merchant’s private key) and digital envelope
– Certificates: cardholder’s signature key certificate, merchant’s
signature key certificate, merchant’s key-exchange key
certificate
• The payment gateway authorizes the PI from the issuer
[2]
Payment
authorization:
69 www.elabnody.netWeb Security
Payment Processing
• Authorization response message includes
– Authorization-related info: authorization block
and digital envelope
– Capture token info: signed and encrypted
token for payment, the digital envelope
• Payment capture using the capture token
– Capture request
– Capture response
[3]
Payment
capture :
70 www.elabnody.netWeb Security
71 www.elabnody.netWeb Security
Creating a Security
Staying Current
– Use the Microsoft Baseline Security Analyzer
to check for nonsecure configuration and
detect missing patches
– Check the Microsoft Security Web page for tips
and news
http://www.microsoft.com/security
– Check for patches to any third-party software
72 www.elabnody.netWeb Security
Creating a Security
Test Data: Authentication, Authorization, and Implementation Data– Authentication data
• Is authentication secure (clear text passwords)?
• Can passwords be guessed?
• Are accounts locked out after multiple failed logon attempts?
– Authorization data
• Can a user get access to inappropriate data?
– Implementation data
• Are Web pages, error messages, or form data revealing any implementation details?
73 www.elabnody.netWeb Security
Don't we all wish it
was this easy!!!
74 www.elabnody.netWeb Security
Problems
• Consider the following threats to Web security and describe
how each is countered by a particular feature of SSL.
– Brute-Force Cryptanalytic Attack: An exhaustive search of the key
space for a conventional encryption algorithm.
– Known-Plaintext Dictionary Attack: Many messages will contain
predictable plaintext, such as the HTTP GET command. An attacker
constructs a dictionary containing every possible encryption of the
known-plaintext message. When an encrypted message is intercepted,
the attacker takes the portion containing the encrypted known plaintext
and looks up the ciphertext in the dictionary. The ciphertext should
match against an entry that was encrypted with the same secret key. If
there are several matches, each of these can be tried against the full
ciphertext to determine the right one. This attack is especially effective
against small key sizes (e.g., 40-bit keys).
– Replay Attack: Earlier SSL handshake messages are replayed.
75 www.elabnody.netWeb Security
Problems
• Consider the following threats to Web security and describe
how each is countered by a particular feature of SSL.
– Man-in-the-Middle Attack: An attacker interposes during key exchange,
acting as the client to the server and as the server to the client.
– Password Sniffing: Passwords in HTTP or other application traffic are
eavesdropped.
– IP Spoofing: Uses forged IP addresses to fool a host into accepting
bogus data.
– IP Hijacking: An active, authenticated connection between two hosts is
disrupted and the attacker takes the place of one of the hosts.
– SYN Flooding: An attacker sends TCP SYN messages to request a
connection but does not respond to the final message to establish the
connection fully. The attacked TCP module typically leaves the "half-
open connection" around for a few minutes. Repeated SYN messages
can clog the TCP module.
77 www.elabnody.netWeb Security
References
1) William Stallings (2005) “Cryptography and Network Security
Principles and Practices”, Fourth Edition, Publisher: Prentice Hall
2) Microsoft (2012) “Microsoft E-learning - Security” (online available)
http://www.microsoft.com/security/default.aspx . Retrieved Date
14th April, 2012.
3) Learn Security (2012) Foundations of Security: What Every
Programmer Needs To Know, (online available)
http://www.learnsecurity.com . Retrieved Date 14th April, 2012.
4) Department of Justice (2012) Computer Crime & Intellectual
Property Section, (online available)
http://www.usdoj.gov/criminal/cybercrime/ . Retrieved Date 14th
April, 2012.
78 www.elabnody.netWeb Security
• 3DES: 3DES Triple Data Encryption Standard
• CC: Common Criteria
• DES: Data Encryption Standard
• DSS: Digital Signature Standard
• IETF: Internet Engineering Task Force
• MAC: Message Authentication Code
• MIME: Multipurpose Internet Mail Extension
• MD5: Message Digest, Version 5
• PGP: Pretty Good Privacy
• RSA: Rivest-Shamir-Adelman
• SET: Secure Electronic Transaction
• SHA: Secure Hash Algorithm
• SHS: Secure Hash Standard
• SSL: Secure Sockets Layer
• TCP: Transmission Control Protocol
• TLS: Transport Layer Security
• UDP: User Datagram Protocol
Mohamed R. Elabnody
www.elabnody.net
3rd May, 2012