Web security 2012

//By Mohamed R. Elabnody //

[email protected]

www.elabnody.net

3rd May, 2012

Actors

Script Kiddies

Crackers

Hackers

mailto:[email protected]

http://www.elabnody.net/

2 www.elabnody.netWeb Security

Outline

• Introduction to Web Security

• Why Is Security So Important?

• Web Security Considerations

• Web Security Approaches

• Secure Socket Layer (SSL) and

Transport Layer Security (TLS)

• Secure Electronic Transaction

(SET)

• Recommended Reading

• Problems


Key Points

Secure socket layer (SSL) provides security services between TCP

and applications that use TCP. The Internet standard version is called

transport layer service (TLS).

SSL/TLS provides confidentiality using symmetric encryption and message integrity using a message authentication code.

SSL/TLS includes protocol mechanisms to enable two

TCP users to determine the security mechanisms and

services they will use.

Secure electronic transaction (SET)

is an open encryption and security specification designed to protect credit card transactions on the Internet.


Overview

• Why Be Concerned about Web Security?– The increased use of the networks and the internet

helps users finish many tasks quickly and efficiently and adds convenience to many people's lives. However, there is downside, as well. As more and more personal and business data is stored on computer networks, the risk and consequences of unauthorized computer access, theft, fraud, and other types of computer crime increase; so do the chances of data loss due to crime or employee misconduct.


Overview

• Web security may easily be split into three specific areas:

• there is the client. This is the machine from which the user requests a web page. By typing a URL a connection between the client and server is made. The server returns the document and the user browser displays the document.

Client Access to Web Pages

• the Web Server. This is where the entire web pages and resources are held. Similarly, the web server may host databases or act as a middleware to back-end databases.

Server

• the connection between the server and client needs to be considered. In very few circumstances this connection will be conducted over a trusted or value added network.

Connection


Introduction

• Virtually all businesses, most government agencies, and many

individuals now have Web sites. The number of individuals and

companies with Internet access is expanding rapidly and all of

these have graphical Web browsers. As a result, businesses are

enthusiastic about setting up facilities on the Web for electronic

commerce. But the reality is that the Internet and the Web are

extremely vulnerable to compromises of various sorts. As

businesses wake up to this reality, the demand for secure Web

services grows.

• In this session, we begin with a discussion of the general

requirements for Web security and then focus on two standardized

schemes that are becoming increasingly important as part of Web

commerce: SSL/TLS and SET.


Information Security

at Work Awareness

Information_Security_Awareness.flv


Why Is Security So

Important?

• Stolen intellectual property

• System downtime

• Lost productivity

• Damage to business reputation

• Lost consumer confidence

• Severe financial losses due to lost revenue


War on the Internet

Oh, this is bad, but it is

not our business, Who

needs to get into war

anyway

We will only conduct our

e-business

That is it.


Zone-H statistics

• Why did you deface this website?

http://www.zone-h.org


Who Are Attackers?

InternetExternal

Attacker

Corporate

Headquarters

Internal

Attacker

Unauthorized access: gaining access to

a computer, network, file, or other

resource without permission; can be

committed by Insiders Outsiders


Attacks

Organizational Attacks

Social Engineering

Viruses, Trojan Horses, and Worm

Denial of Service (DoS)

Accidental Breaches in Security

Common

Types of

Attacks


How Do Attacks Occur?

Examples of attacker actionsStages of

attack

Runs a port scan on the firewallFootprint

Exploits an unpatched Web serverScanning

Creates an account with

administrator rights

Gaining Access

Uploads unlicensed software to the

Web server

Maintaining

Access

Erases the audit trail of the exploitCover-up


Common Types of Vulnerabilities

Vulnerability Examples

Weak Passwords Employees use blank or default passwords

Unpatched software Patches are not updated

Security hotfixes are not applied

Miss configured

Software

Services have more privileges than required

Services run as the Local System account

Social engineering Help desk administrator resets a password

without verifying the identity of the caller

Weak security on

Internet Connections

Unused services and ports are not secured

Firewalls are used improperly

Unencrypted data

transfer

Authentication packets are sent in clear text

Important data is sent over the Internet in clear

text

Buffer overrun A trusted process runs untrusted code


Web Security

Considerations

• The WEB is easily accessible worldwide.

//more vulnerability//

• Complex software hide many security

flaws.

• Users are not trained in computer security

and are not aware of the risks.

• A Web server can be exploited as a

launching pad into a corporation’s entire

computer complex.


Information Security

Threat Awareness

Information_Security_Threat_Awareness.flv


Web Security Approaches

Encryption and Other Security Tools



• Web Security Threats …

Integrity

Confidentiality

Denial of Service

Authentication



• Web Security Threats– Integrity: modification of a web page, message traffic, or user

data

– Confidentiality: eavesdropping of web traffic

– Denial of Service: bogus web requests, flooding web server memory or queue

– Authentication: impersonation of legitimate users

– Location of the threats

• Web server

• Web client

• Network traffic



• Encryption: method of scrambling e-mail or files to

make them unreadable

• Secure Web servers: use encryption to protect

information transmitted via their Web pages

– Most common is SSL

– Look for a locked padlock on the status bar and https:// in the URL

– Only transmit credit card numbers and other sensitive

data via a secure Web server





Page 531

Figure 1. Relative Location of Security Facilities in the TCP/IP

Protocol Stack

Cryptography and Network Security Principles and Practices, 4th Edition,

Security facilities in the TCP/IP protocol stack

illustrates this difference. One way to provide Web security is to use IP Security (Figure 1).

The advantage of using IPSec is that it is transparent to end users and applications and

provides a general-purpose solution. Further, IPSec includes a filtering capability so that only

selected traffic need incur the overhead of IPSec processing.

Transparent

to end users Above TCP

Embedded in package

Application

Specific -SET


Secure Socket Layer (SSL)

• Implements three cryptographic assurances:

• Also provides secure key exchange between a

browser (client) and server.

• Provides security parameters negotiation.

• Does not offer non-repudiation.

Authentication Confidentiality Message integrity


How Does SSL/TLS Work?

SS_Certificate_Explained.flv


How Does SSL/TLS Work?

– User browses to a secure Web server by

using HTTPS

– The browser generates a unique session

key and encrypts it by using the Web

server’s public key from its root certificate

– The session key is received by the Web

server and is decrypted by using the

server's private key

– After the connection has been established,

all communication between the browser

and Web server is secure


Secure Socket Layer (SSL)

SSL Architecture:

• SSL runs on the top of TCP to provide reliable and secure end-to-end service.

• Consists of two layers


SSL Architecture

• Depends on TCP for end-to-end reliability

• Two layers of protocols:

– SSL Record Protocol - basic security services

to higher layers

– Three higher layer protocols - used in the

management of SSL exchanges


SSL Architecture

Figure 2. SSL Protocol Stack

Page 532Cryptography and Network Security Principles and Practices, 4th Edition,

The SSL

Record

Protocol

provides basic

security

services to

various higher-

layer

protocols.

Manages SSL Exchanges

IP

TCP

SSL record protocol

SSLHandshakeprotocol

SSL changecipher specprotocol

SSL alertprotocol

HTTP

Basic

Security

Services


SSL Architecture

• Two important SSL concepts:– Connection: peer-to-peer relationships in the transport

layer. Every connection is associated with one session.

– Session: An association between a client and a

server created by the Handshake Protocol.

• Define a set of cryptographic security parameters,

which can be shared among multiple connections.

• Avoid the expensive negotiation of new security

parameters for each connection.


SSL Record Protocol

• Provides two services for SSL Connections:1. Confidentiality: A shared secret key used for

conventional encryption of SSL payload.

2. Message Integrity: A shared secret key is used to construct a message authentication code.


SSL Record Protocol

Operation

Figure 3. SSL Record Protocol Operation


Message

Optional

Message Blocks

indicates the overall operation of the SSL Record Protocol. The

Record Protocol takes an application message to be transmitted,

fragments the data into manageable blocks, optionally

compresses the data, applies a MAC, encrypts, adds a header,

and transmits the resulting unit in a TCP segment. Received data

are decrypted, verified, decompressed, and reassembled and

then delivered to higher-level users.

MAC: Message Authentication Code


SSL Record Protocol

• Record protocol takes an application message and performs the following operations:– Fragmentation: block 0f 16k bytes or less)

– Compression: optional, must not increase content length beyond 1024 bytes

– Add a MAC (a shared secret key is used)

– Encryption (symmetric encryption)

– Appends an SSL record header.


SSL Record Format


• The final step of SSL Record Protocol processing is to pretend a header, consisting of the following fields:

– Content Type (8 bits): Used by higher layers to process the enclosed fragment.

– Major Version (8 bits): Indicates the major version of SSL used.

– Minor Version (8 bits): Indicates the minor version of SSL used.

– Compressed length (16 bits): The length of fragment in bytes.


Handshake Protocol

Message Types


Handshake Protocol

• The most complex part of

SSL.

• Allows the server and client

to

– authenticate each other.

– negotiate encryption, MAC

algorithm and cryptographic

keys.

• Used before any application

data are transmitted.

Phase 1

Phase 2

Phase 3

Phase 4


Handshake Protocol


Handshake Protocol

• Authenticate each other and negotiate

cryptographic parameters (encryption and

MAC algorithms, cryptographic keys, …)

– Phase 1: establish security capabilities

– Phase 2: server authentication and key

exchange

– Phase 3: client authentication and key

exchange

– Phase 4: finish


An SSL Session

1. Negotiation of cryptographic parameters//Two computers probably don’t know each other’s

capabilities.//

2. Key Agreement. //C & S generate shared secret key.//

3. Authentication (client authenticates server).

4. Confidentiality and integrity.//private messages exchanged between C & S.//


https://ssl.trustwave.com/support/support-how-ssl-works.php


Hello and Negotiate

Parameters

• Client sends server a plaintext message to suggest some

parameters for conversation:1

Version:

SSL 3.1 if you can, else SSL 3.0

Key Exchange:

RSA if you can, else Diffie-Hellman

Secret Key Cipher Method:

TripleDES if you can, else DES

Message Digest:

MD5 if you can, else SHA-1

Random #: 777,666,555


Hello and Negotiate

Parameters

• Server responds by its choice of parameters in a plaintext

message:1

Version:

SSL 3.1

Key Exchange:

RSA

Secret Key Cipher Method:

TripleDES

Message Digest:

SHA-1

Random #: 444,333,222


Hello and Negotiate

Parameters

• After responding to the hello message, the server sends the client its digital certificate.

//A trusted CA signed this certificate.//1

• The client uses the trusted CA’s public key to decrypt the certificate and obtains server’s public key and verifies the server.


Key Agreement and Exchange

• The client generates a 48-byte random value (called pre-master secret), encrypts it with server’s public RSA key, and sends it to server.

• The server decrypts this message and generates six keys.

ServerClient

DES secret KeyDES secret Key

Secret key for

message

integrity

Secret key for

message

integrity

Secret key to

initialize the

cipher.

Secret key to

initialize the

cipher.2


Key Agreement and

Exchange

• Generation of six shared secret keys:

<> Random values exchanged.

<> Pre-master secret.

<> Pseudo-random function generator.

Example:

PRF(pre-master secret, random1+ random2)

Computed repeatedly.

2


Authentication

The client authenticates the server:• The clients sends the server a message that

is encrypted with the generated secret keys.//called the “finished handshake” message//

• The server responds with its own encrypted finished handshake message.

<> The clients is now convinced that it is communicating with right server.//pre-master secret could only be decrypted with the

server’s private key.//

3


Authentication

Does server need to authenticate the client?– In general yes, but in this situation it may

not be necessary:

• Reasons:1. It is not necessary because it will be

done when the client gives his/her CC number.

2. A client may not have information to authenticate itself to the server.

3. It is time-consuming for server.

3


Confidentiality and Integrity

• Client and server use the generated secret keys for confidential data transfer.<> The client uses its secret key to generate

a HMAC for the message.

<> The client encrypts message data + HMAC with its secret key and sends it to server.

<> The server decrypts the received message with its secret key.

<> The server checks the integrity of the message using HMAC.

4


What is HTTPS

What_is_HTTPS.flv

Secure Electronic Transactions


Secure Electronic

Transactions

• An open encryption and security specification.

• Designed to protect credit card transaction on the Internet.

• Companies involved:

– MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign

• Not a payment system.

• Set of security protocols and formats

(enables users to employ existing CC payment infrastructure securely in an open environment).

RSA Rivest-Shamir-Adelman

CC Common Criteria


SET Services

• Provides three services:1. Provides a secure communication channel

among all parties involved in a transaction.

2. Provides trust by the use of X.509v3 digital certificates.

3. Ensures privacy: information is only available to involved parties.


SET Overview

• Key Features of SET:

– Confidentiality of information

– Integrity of data

– Cardholder account authentication

– Merchant authentication


SET Participants


Sequence of events for

transactions

1. The customer opens an account.

2. The customer receives a certificate. (contains customer’s public key)

3. Merchants have their own certificates. (Two certificates: one for signing messages and the other for key exchange.)

4. The customer places an order.

5. The merchant is verified. (merchant sends a copy of its certificate; the customer can verify it.)

6. The order and payment are sent.>The payment information is encrypted in such a way that it can not be read by the merchant.> Customer’s certificate enables the merchant to verify the customer.


Sequence of events for

transactions

7. The merchant requests payment authorization.>Merchant sends the payment information to payment

gateway, requesting authorization.

8. The merchant confirms the order.>Merchant sends confirmation to customer.

9. The merchant provides the goods or service.>Merchant ships goods to customer.

10. The merchant requests payments.>Merchant sends payment request to the payment gateway, which handles payment processing.


Dual Signature

• Objective: to link two messages that are

intended for two different recipients.

• Customer wants to send:

1. Order Information (OI) to merchant.

2. Payment information (PI) to bank.

>Customer wants to link these two items and

also wants to keep them separate.


Dual Signature

>Merchant need not know about CC#.

>Bank need not know the details of

customer’s order.

>> However, these two items must be linked to

resolve any dispute.

>>Customer can prove that this payment was

intended for this order.

//protects customer and merchant.//


Generation of Dual Sign.

• Customer takes the hash (SHA-1) of PI.

• Customer takes the hash of OI.

• Concatenates these two and takes hash of the result.

• Customer signs the final hash with his private key.

DS = EKRc[H(H(PI)||H(OI))]

SHA Secure Hash Algorithm


Dual Signature

H(OI))]||)(([ PIHHEDScKR


Dual Signature

• Merchant has DS, OI, and PIMD.

>Merchant computers H(PIMD||H(OI)).

>Merchant decrypts DS using customer’s public

key.

>If both these items are equal, the merchant has

verified the DS.

//Merchant is never sent the PI//


Dual Signature

• The bank has DS, PI, and OIMD.

>The bank computers H(H(PI)||OIMD).

>The bank decrypts DS using customer’s public

key.

>If both these items are equal, the merchant has

verified the DS.

//The bank is never sent the OI.//


Payment Processing


Payment Processing

• Look at three steps:

1.

Purchase request

2.

Payment authorization

3.

Payment capture


Payment Processing

– Before purchase request, customer makes an order

– Initiate request: request certificate to the merchant

– Initiate response: merchant returns signed response and

his certificate and the payment gateway’s certificate

– Purchase request: cardholder sends a purchase request

which includes purchase-related info(PI, DS, OIMD) ,

order-related info (OI, DS, PIMD), and cardholder

certificate

– Purchase response: signed response from the merchant

for the purchase request

[1]

Purchase Request:


Payment Processing

Cardholder

sends

Purchase

Request


Payment Processing

• Payment authorization ensures that the merchant will

receive payment.

• Authorization request message includes

– Purchase-related info: PI, DS, OIMD, and digital envelope

– Authorization-related info: authorization block (transaction ID

signed with merchant’s private key) and digital envelope

– Certificates: cardholder’s signature key certificate, merchant’s

signature key certificate, merchant’s key-exchange key

certificate

• The payment gateway authorizes the PI from the issuer

[2]

Payment

authorization:


Payment Processing

• Authorization response message includes

– Authorization-related info: authorization block

and digital envelope

– Capture token info: signed and encrypted

token for payment, the digital envelope

• Payment capture using the capture token

– Capture request

– Capture response

[3]

Payment

capture :



Creating a Security

Staying Current

– Use the Microsoft Baseline Security Analyzer

to check for nonsecure configuration and

detect missing patches

– Check the Microsoft Security Web page for tips

and news

http://www.microsoft.com/security

– Check for patches to any third-party software

http://www.microsoft.com/security


Creating a Security

Test Data: Authentication, Authorization, and Implementation Data– Authentication data

• Is authentication secure (clear text passwords)?

• Can passwords be guessed?

• Are accounts locked out after multiple failed logon attempts?

– Authorization data

• Can a user get access to inappropriate data?

– Implementation data

• Are Web pages, error messages, or form data revealing any implementation details?


Don't we all wish it

was this easy!!!


Problems

• Consider the following threats to Web security and describe

how each is countered by a particular feature of SSL.

– Brute-Force Cryptanalytic Attack: An exhaustive search of the key

space for a conventional encryption algorithm.

– Known-Plaintext Dictionary Attack: Many messages will contain

predictable plaintext, such as the HTTP GET command. An attacker

constructs a dictionary containing every possible encryption of the

known-plaintext message. When an encrypted message is intercepted,

the attacker takes the portion containing the encrypted known plaintext

and looks up the ciphertext in the dictionary. The ciphertext should

match against an entry that was encrypted with the same secret key. If

there are several matches, each of these can be tried against the full

ciphertext to determine the right one. This attack is especially effective

against small key sizes (e.g., 40-bit keys).

– Replay Attack: Earlier SSL handshake messages are replayed.


Problems

• Consider the following threats to Web security and describe

how each is countered by a particular feature of SSL.

– Man-in-the-Middle Attack: An attacker interposes during key exchange,

acting as the client to the server and as the server to the client.

– Password Sniffing: Passwords in HTTP or other application traffic are

eavesdropped.

– IP Spoofing: Uses forged IP addresses to fool a host into accepting

bogus data.

– IP Hijacking: An active, authenticated connection between two hosts is

disrupted and the attacker takes the place of one of the hosts.

– SYN Flooding: An attacker sends TCP SYN messages to request a

connection but does not respond to the final message to establish the

connection fully. The attacked TCP module typically leaves the "half-

open connection" around for a few minutes. Repeated SYN messages

can clog the TCP module.


12 Steps to IT Security

12_Steps_to_IT_Security.flv


References

1) William Stallings (2005) “Cryptography and Network Security

Principles and Practices”, Fourth Edition, Publisher: Prentice Hall

2) Microsoft (2012) “Microsoft E-learning - Security” (online available)

http://www.microsoft.com/security/default.aspx . Retrieved Date

14th April, 2012.

3) Learn Security (2012) Foundations of Security: What Every

Programmer Needs To Know, (online available)

http://www.learnsecurity.com . Retrieved Date 14th April, 2012.

4) Department of Justice (2012) Computer Crime & Intellectual

Property Section, (online available)

http://www.usdoj.gov/criminal/cybercrime/ . Retrieved Date 14th

April, 2012.

http://www.microsoft.com/security/default.aspx

http://www.learnsecurity.com/

http://www.usdoj.gov/criminal/cybercrime/


• 3DES: 3DES Triple Data Encryption Standard

• CC: Common Criteria

• DES: Data Encryption Standard

• DSS: Digital Signature Standard

• IETF: Internet Engineering Task Force

• MAC: Message Authentication Code

• MIME: Multipurpose Internet Mail Extension

• MD5: Message Digest, Version 5

• PGP: Pretty Good Privacy

• RSA: Rivest-Shamir-Adelman

• SET: Secure Electronic Transaction

• SHA: Secure Hash Algorithm

• SHS: Secure Hash Standard

• SSL: Secure Sockets Layer

• TCP: Transmission Control Protocol

• TLS: Transport Layer Security

• UDP: User Datagram Protocol

Mohamed R. Elabnody

www.elabnody.net

[email protected]

3rd May, 2012

http://www.elabnody.net/

mailto:[email protected]

Web security 2012

Education

secure socket layer

servers private key

secure electronic transaction

customers public key

network security principles

generated secret keys

ssl record protocol

shared secret key