Web Security Sandy Kutin CSPP 532 8/7/01. Web security: an overview zCompany wants to build web site yOnline purchasing yRequests for service or support.

Web Security

Sandy KutinCSPP 5328/7/01

Web security: an overview

Company wants to build web site Online purchasing Requests for service or support Viewing data files online

How do we make this process secure? Confidentiality Authentication

Usual answer: cryptography

TCP/IP in 60 seconds

Computers communicate via packets, not connection

Packets are directed from machine to machine

Smart nodes, stupid network Contrasts with phone network

Internet Protocol controls this movementTransfer Control Protocol: packets at destinationCould insert cryptography at any layer

IP

TCP

Applications

IPsec

IPsec works at IP levelTransparent to applicationsSlows everything down

Some say it’s the future, some say it’s notIf every packet is encrypted: negates

performance-optimization, firewalls

IPsec

TCP

Applications

HaSSLe-free Solution

Secure Sockets Layer (SSL)Works at TCP levelDeveloped by Netscape“Applications” now includes:

Handshake, Alert, Cipher Spec Change

Packets encoded by SSL Record ProtocolImplemented in web server, browserSuccessor: Transport Layer Security (TLS)

IP

TCP

SSL Record

Applications

LoSSLess Communication

SSL Record Protocol: 1. Fragment data into blocks; can compress 2. Append MAC to each block:

MAC = H(K | pad2 | H(K | pad1 | info | data))H could be MD5 or SHA-1; similar to HMACinfo includes sequencing, length information

3. Encrypt each block (symmetric) 4. Append header, send fragment

BusineSSLike Handshake

How do we establish a session key? 1. Client says “hello”: version, random number 2. Server says “hello”: same, includes key

exchange method, optional certificate 3. Client initiates key exchange (may just

generate master, send it using RSA) 4. Both sides compute various keys from master,

random numbers in hello messages 5. Confirmation messages

HelpleSSLy Hoping

So, does SSL secure our site?Confidential, authenticated transactions are

important, but not the only issue Threat model: who might attack, and how

Steal customer data (credit cards) Steal private corporate data Deface web site Denial of Service: prevent us from working

SSL has nothing to do with any of these

Trial Separation

How do we keep corporate data secure?Solution: keep it separateOnly mix information when you have to: use

a floppy, or a laptopPartial solution: restrict web server’s

access privileges (e.g., firewall, DMZ)OK if data flow is mostly to the serverWhat about credit card numbers?

Stallings, page 464 (from the web site)

Alice

Bob

SET, I project

Secure Electronic Transaction (SET)

MasterCard, VisaAlice sends Bob order, encrypted

card infoBob forward card info to

MC/VisaMC/Visa pays BobBob never gets card numberCredit card company never gets order information

Building a Better MouSETrap

OI = order info (include time), OIMD = H(OI)PI = payment info (& time), PIMD = H(PI)Alice signs (OIMD | PIMD) (SHA-1, RSA)Alice sends Bob OI, ECC(PI), PIMD, sig S

Bob compute OIMD, checks signature SBob sends OIMD, ECC(PI), S to MC/Visa

They decrypt, check PI, check signature SThey transfer funds, Bob ships item to Alice

Improving our MindSET

Think outside the box Q: How do we store credit card numbers? A: Store them so we can’t read them

Application-level solutions: harder to implement, but better targeted to problems

Cryptography is only part of the solutionAny system can be brokenBuild a threat model, measure costs

Breaking and Entering

Enemy could break in Could corrupt data (deface web site) Could steal data (including passwords) Could gain control of system

Firewalls help, but there’s always a way inKeep data separate whenever possibleEducate users about viruses, Trojan horsesInstall patches as often as you can

Intruder Alert

Home security: locks stop easy attacksBetter: door, window alarms

(as long as they don’t go through the walls)

Even better: motion detectorsAlarms don’t stop anything directly, but they

alert the authoritiesFear of alarms forces criminals to hurry,

make mistakes

Law and Order

Deterrent to robbery: fear of prosecutionAfter a crime, police gather fingerprints,

DNA, eyewitnessesNot aimed at stopping crime or recovering

goods, but at punishing criminalsHard to do in computer crime; criminals

often minors or foreign nationals

Intrusion Detection

No matter what systems and protocols we use, people will break in if they want

Hard to defend against determined teenagers with nothing else to do

Solution: monitor system, detect intrusions, watch for unusual activity

Honeypots: trap intrudersGather evidence; maybe prosecuteAt the very least, close off the holes

Denial of Service Attacks

One approach: break in, crash the serverAnother: flood the server with bad requestsDistributed Denial of Service (DDoS):

Take over PCs around the country/world Use them to overload a site

Only solution: have hardware routers detect bad packets

Almost impossible; Windows XP may make it worse

Here’s looking at you, KiDDoS

In the real world: to attack, you have to put yourself at risk. Not on the Internet.

In the real world: attackers must learn skills. Not on the Internet.

One person discovers a hole, writes a script; now “script kiddies” can use it

Patches don’t work. Attackers will always be ahead of users.

Beta testing doesn’t uncover security holes

Gibson Research Corporation

Steve Gibson’s GRC.com: securityAttacked, repeatedly, by DDoSs. No defense.

“Nothing more than the whim of a 13-year old hacker is required to knock any user, site, or server right off the Internet.”

Solution: Distributed ResponsibilityOwners responsible for their machinesISPs responsible for their routersSoftware writers responsible for bugs

EXPensive Problem

Attackers usually spoof source IP addresses, to conceal their location

Easy to do in UNIX (as root)Not possible in Windows 9x/ME, but

possible in Windows 2000/XPMicrosoft says: we’re fixing a bugGibson says: there’s no legitimate reason

home users would need this feature

Bruce Schneier: Counterpane

Author of “Applied Cryptography”Feels only monitoring, intrusion detection,

active response can do any goodCounterpane.com: corporate securitySolution: InsuranceInsure against damages from attacksLower rates for following good practices

Recommended Reading

Secret-sharing: Schneier, Sections 3.7, 23.2

SSL, SET: Stallings, Chapter 14General security:

Stallings, Chapters 15-16 www.grc.com/dos/ www.counterpane.com