Web Security and Email Security Computer Security and Cyber Law ITC 229.

Web Security and Email Security

Computer Security and Cyber LawITC 229

Web Security

Web now widely used by business, government, individuals

but Internet & Web are vulnerablehave a variety of threats

integrityconfidentialitydenial of serviceauthentication

need added security mechanisms

Web Security Threats Passive Attack

Passive attack include eavasdropping on the network traffic between browser and server and gaining access to information on a web site that is suppose to be restricted.

Active Attack Active attack include impersonating another user ,

altering message in transit between client and server, and altering information on a web site.

Location of the Threats Web server, web browser and network traffic between

browser and server Issue of server and browser

Web Security Threats

Threats Consequences Countermeasures

Integrity Modification of user dataTrojan horse browserModification of memoryModification of message traffic in transit

Loss of informationCompromise of machineVulnerability to all other threats

Cryptographic checksums

Confidentiality Eavesdropping on the NetTheft of information from serverTheft of data from clientInformation about network configurationInformation about which client talks to server

Loss of informationLoss of privacy

Encryption, web proxies

Web Security Threats

Threats Consequences Countermeasures

Denial of Service

Killing of user threadsFlooding machine with bogus requestsFilling up disk or memoryIsolating machine by DNS attacks

DisruptiveAnnoyingPrevent user from getting work done

Difficult to prevent

Authentication Impersonation of legitimate users

Misrepresentation of user Belief that false information is valid

Cryptographic techniques

SSL (Secure Socket Layer)

transport layer security serviceoriginally developed by Netscapeversion 3 designed with public inputsubsequently became Internet standard known

as TLS (Transport Layer Security)uses TCP to provide a reliable end-to-end

serviceSSL has two layers of protocols

SSLSecure Sockets Layer (SSL), is cryptographic protocols that provide communication security over the Internet. SSL encrypt the segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).

Where does SSL fits?

HTTP SMTP POP3

80 25 110

HTTPS SSMTP SPOP3

443 465 995

Secure Sockets Layer

Transport

Network

Link

SSL Services

peer entity authentication data confidentiality data authentication and integrity compression/decompression generation/distribution of session keys

integrated into protocol security parameter negotiation

SSL Architecture

SSL ArchitectureSSL session

an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections

SSL connection A connection is a transport that provides a

suitable type of service For SSL such type of connection are peer to

peer a transient, peer-to-peer, communications link Every SSL connection is associated with 1 SSL

session

SSL Record Protocol

Provide two services for SSL connections: confidentiality

using symmetric encryption with a shared secret key defined by Handshake Protocol

IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128

message is compressed before encryption message integrity

using a MAC (Message Authentication Code) created using a shared secret key and a short message

Can be utilized by some upper-layer protocols of SSL.(hand shake protocol )

SSL Change Cipher Spec Protocol

one of 3 SSL specific protocols which use the SSL Record protocol

a single message add from book....... causes pending state to become current hence updating the cipher suite in use

Alert Protocol

Enables the parties to exchange error or warning information.

it identifies problems with the protocol or potential security problems with the session.

Alert messages communicate the severity of the message and a description of the alert

Fatal messages result in connection termination.

SSL Handshake Protocol Responsible for the negotiations that start a SSL

session. Establishment of the secure channel between

the client and the server Provides the keys and the algorithm information

to SSL Record Protocol, above it Enables clients and servers

authenticate each other

To negotiate encryption & MAC algorithms

to negotiate cryptographic keys to be used

comprises a series of messages in phases

Generate shared secrets using public-key encryption techniques

SSL Handshake Protocol

Handshake Protocol divided into 4 phases: Establish Security Capabilities Server Authentication and key Exchange Client Authentication and key Exchange Change CipherSpec and Finish

SSL Handshake Action

Overview of TLS

IETF standard RFC 2246 similar to SSLv3with minor differences

in record format version number uses HMAC for MAC a pseudo-random function expands secrets has additional alert codes some changes in supported ciphers changes in certificate negotiations changes in use of padding

TLS VS SSL

TLS uses HMAC, SSL uses a precursor TLS MAC covers compression version

field in addition to what SSL MAC covers TLS defines additional alert codes other minor differences TLS has a mode to fall back to SSL

HTTPS

HTTPS = combination of HTTP and SSL to implement secure communication between web browser to web server.

Uses port 443 When HTTPS is used the following elements of

the communication are encrypted URL of the requested document Contents of document Contents of browser forms Cookies sent from browser to server and from

server to browser. Contains HTTP header

Secure Electronic Transactions (SET)

open encryption & security specificationto protect Internet credit card transactionsdeveloped in 1996 by Mastercard, Visa etcnot a payment system, rather a set of security protocols & formatssecure communications amongst partiestrust from use of X.509v3 certificatesprivacy by restricted info to those who need it

SET Components

Dual Signature

customer creates dual messages order information (OI) for merchant payment information (PI) for bank neither party needs details of other but must know they are linked use a dual signature for this signed concatenated hashes of OI & PI.

Payment Processing Payment Processor

In electronic commerce, the firm that processes credit card transactions on behalf of a bank.

Payment Processing it describe the process and service that

automates payment transactions between the shopper and merchant.

It is usually a third-party service that is actually a system of computer processes that process, verify, and accept or decline credit card transactions on behalf of the merchant through secure Internet connections.

Email

SMTP, PEM, PGP, MIME SMIME,and Concept Secure email

Threats

Threats to the security of e-mail itselfLoss of confidentialityE-mails are sent in clear over open networksE-mails stored on potentially insecure clients and mail

serversLoss of integrityNo integrity protection on e-mails; body can be altered in

transit or on mail serverLack of data origin authenticationLack of non-repudiationLack of notification of receipt

Threats Enabled by E-mail

Disclosure of sensitive information Exposure of systems to malicious codeDenial-of-Service (DoS)Unauthorized accesses etc.

Email based Attacks

Active content attackClean up at the server (AV, Defang)

Buffer over-flow attackFix the code

Shell script attackScan before send to the shell

Trojan Horse AttackUse “do not automatically use the macro” option

Web bugs (for tracking)

SMTP

Simple Mail Transfer Protocol is a protocol for sending e-mail messages between servers and uses TCP port 25.

Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an e-mail client using either POP or IMAP.

In addition, SMTP is generally used to send messages from a mail client to a mail server.

SMTP

While electronic mail servers and other mail transfer agents use SMTP to send and receive mail messages, user-level client mail applications typically only use SMTP for sending messages to a mail server for relaying

Goal: To transfer mail reliably and efficiently

SMTPSMTP clients and servers have two main components

User Agents – Prepares the message, encloses it in an envelope. (ex. Thunderbird, Eudora)

Mail Transfer Agent – Transfers the mail across the internet (ex. Sendmail, Exim)

Analogous to the postal system in many ways

SMTP

SMTP also allows the use of Relays allowing other MTAs to relay the mail

Mail Gateways are used to relay mail prepared by a protocol other than SMTP and convert it to SMTP

Format of an email

Mail is a text fileEnvelope –

sender address

receiver address

other information

Message :- Mail Header – defines the sender, the receiver, the subject of the message, and other information

Mail Body :- Contains the actual information in the message

Connection Establishment

TCP Connection Establishment

Connection Termination

TCP Connection Termination

Limitations in SMTP

Only uses 7 bit ASCII formatNo authentication mechanismsMessages are sent un-encryptedSusceptible to misuse (Spamming, faking

sender address)

Privacy-Enhanced Mail (PEM)

Privacy-Enhanced Mail (PEM) is an Internet standard that provides for secure exchange of electronic mail.

PEM employs a range of cryptographic techniques to allow for confidentiality, sender authentication, and message integrity.

The message integrity aspects allow the user to ensure that a message hasn't been modified during transport from the sender.

The sender authentication allows a user to verify that the PEM message that they have received is truly from the person who claims to have sent it.

The confidentiality feature allows a message to be kept secret from people to whom the message was not addressed.

PGPEmail Security Enhancements

authenticationof sender of message or reciever of message in some casesCertification mechanisms

confidentialityprotection from disclosure (against replay attacks)

message integrityprotection from modification available in public-key encryption

non-repudiation of originprotection from denial by senderavailable in public-key encryption

PGPPGP Services

messagesauthenticationconfidentialitycompressionE-mail compatibilitysegmentation and reassemblynon-repudiation of origin

key managementgeneration, distribution, and revocation of public/private keysgeneration and transport of session keys

PGPAuthentication

based on digital signaturesmessage is hashed and 128-bit output is added to message packet supported algorithms: RSA/SHA and DSS/SHA (unrecoverable)distributed certification mechanism where every sender/reciever is a certificate authority

PGPConfidentiality

Solved by symmetric key message encryption with a random, single-use session key128-bit session key is encrypted with the public key of the receiversupported algorithms:symmetric: CAST, IDEA, 3DES, asymmetric: RSA,

PGPCompression

Applied after the signatureenough to store clear message and signature for later verificationit would be possible to dynamically compress messages before

signature verification, then all PGP implementations should use the same compression

algorithmhowever, different PGP versions use slightly different compression

algorithmsapplied before encryption

compression reduces redundancy makes cryptanalysis harderless bandwidth usageUseful against decryption attacks where the frequency of letters are

used supported algorithm: ZIP

PGPEmail compatibility

encrypted messages and signatures may contain arbitrary octetsmost e-mail systems support only ASCII characterstext file processing is different on different OSs, PGP message packet may optionally include OS information PGP converts an arbitrary binary stream into a stream of printable ASCII characters

PGPPacket Structure

Message packet, signature packet and session key packetPGP can produce only message packet + session key packet or signature packet (compression optional)Timestamp is included to overcome attacks by intruders who steals the whole packet and sends again (e.g. Money transfer)

PGPMessage Format

PGPKey ID

a user may have several public key – private key pairswhich private key to use to decrypt the session key?which public key to use to verify a signature?

transmitting the whole public key would be wastefulassociating a random ID to a public key would result in management burdenPGP key ID: least significant 64 bits of the public keyunique within a user with very high probability

PGPRandom number generators

true random numbersused to generate public key – private key pairs (512-

2048 bit)provide the initial seed for the pseudo-random

number generator (PRNG)provide additional input during pseudo-random

number generation

pseudo-random numbersused to generate session keys

PGPTrue random numbers

PGP maintains a 256-byte buffer of random bitseach time PGP expects a keystroke from the user, it recordsthe time when it starts waiting (32 bits)the time when the key was pressed (32 bits)the value of the key stroke (8 bits)

the recorded information is used to generate a keythe generated key is used to encrypt the current value of the random-bit buffer

PGPPrivate key ring

used to store the public key – private key pairs owned by a given usershould be stored on portable storage (floppy,USB disks)essentially a table, where each row contains the following entries:timestampkey ID (indexed)public keyencrypted private key ( MD5(pwd)+IDEA )user ID (indexed)

PGPPublic key ring

used to store public keys of other usersa table, where each row contains the following entries:

timestampkey ID (indexed)public keyuser ID (indexed)owner trustsignature(s)signature trust(s)key legitimacy

PGPTrust models

Direct trusta user trusts that a key is valid because he or she knows where it came from

Hierarchical trustTree structured trust where there are roots and leaves

Web of trust (PGP model of trust)A graph structure where a certificate might be trusted directly, or trusted in some chain going back to a directly trusted root certificate. Everyone is a certificate authority.

PGPTrust management

owner trustassigned by the user possible values:unknown userusually not trusted to signusually trusted to signAlways trusted to signultimately trusted (own key, present in private key ring)

signature trustassigned by the PGP systemif the corresponding public key is already in the public-key

ring, then its owner trust entry is copied into signature trustotherwise, signature trust is set to unknown user

PGPVulnerabilities

Compromised passphrase and private key (publishing them)

Public key tampering (get public key directly from owner)

Not quite deleted files (OS issue)

Viruses and Trojan horses

Swap files or virtual memory (OS issue)

Physical security breach (Server Key Mode, in Universal PGP)

Tempest attacks (electromagnetic signal)

Protecting against bogus timestamps (trusted third party, message timestamp)

Exposure on multi-user systems (network sniffers)

Traffic analysis (no protection)

Cryptanalysis (expensive)

PGPSecuring PGP

Store the private key on portable disk and always backup

Choose the password that is used to encrypt the private key as long as possible and easy to remember but hard to guess

Obey the certificate rules strictly or ask for a confirmation of public key

Let PGP delete the message permanently after creating, if the message is important (OS)