Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

Transcription

1 Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

2 Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL)

3 Agenda Waheed opens the presentation introduces S-HTTP Haroula introduces SSL Mohammed Compares S-HTTP to SSL Concludes the presentation

4 Internet Security Two basic security services Access Security Transaction Security Several mechanism to provide transaction security S-HTTP SSL PCT SET

5 S-HTTP Developed by the Enterprise Integration Technologies (EIT) Inc in 1994 EIT formed Terisa Systems in conjunction with RSA Data Security Terisa Systems is currently owned by spyrus Inc. Verifone?

6 Functionality Message oriented protocol Works at the application layer Client Machine WWW Client Crypto Smarts Encrypted and/or signed message Network Layer Secure HTTP Unencrypted Channel Server Machine WWW Server Crypto Smarts Encrypted and/or signed message Network Layer

7 How does it work Message Preparation: Clear text message not necessarily HTTP Receiver s cryptographic preferences and keying material Sender s cryptographic preferences and keying material

8 How does it work (Cont ) Message Recovery Receiver gets the S-HTTP message Receiver s stated cryptographic preferences and keying material Receiver s current cryptographic preferences and keying material Sender s previously stated cryptographic options

9 Security Services Provides following security services Confidentiality Non-repudiation Integrity Authentication

10 Currently Supported Certificates and Algorithms One-way hash functions MD2,MD5,SHA-1 Encryption Algorithms DES-CBC,3DES-CBC (2 or keys), DESX- CBC, IDEA-CFB, RC2-CBC,RC4,CDMF- CBC Digital Signature Algorithms RSA, DSS,SHS

11 Flexibility Provides symmetric capabilities to both server and client S-HTTP aware clients can communicate with S- HTTP oblivious server and vice-versa Allows client and server to negotiate the strength and type of cryptographic option supports PKI, Kerberos, and pre-arranged keys Works with non PKI aware clients

12 Current Implementations NCSA httpd was the initial reference implementation, however it is no longer supported Open Market s Secure WebServer 2.0 and earlier versions. New version 2.1 no longer supports S-HTTP SPRY Inc.'s SafteyWEB was a freely distributed version of S-HTTP server.

13 Why is S-HTTP disappearing? Application dependent Implementation is time consuming Netscape is used among 70% of the internet community SSL/TLS is becoming a standard

14 Secure Sockets Layer (SSL): Netscape Protocol Layered on top of Transmittion Control Protocol [TCP] Layered below protocols that run on top of TCP/IP[HTTP, LDAP, IMAC] Later refitted as Internet Engineering Task Force [IETF] standard Transport Layer Security [TLS] Session oriented

15 Security Services: Confidentiality -All data encrypted Integrity -MAC, sequence number, per session key Authentication -Public Key Cryptography

16 Protocol Architecture: SSL Record Protocol SSL Handshake Protocol

17 SSL Handshake Protocol: SSL session begins with the handshake Authentication Key exchange Initialization, synchronization of security parameters

18 SSL Record Protocol: Data sent via this protocol - Data compression - Data encryption - MAC to check the integrity

19 Cryptographic Technique Message digest algorithmes -MD5. Message Digest algorithm developed by Rivest. -SHA-1. Secure Hash Algorithm, a hash function used by the U.S. Government. Encryption algorithms -DES. Data Encryption Standard, an encryption algorithm used by the U.S. Government. -RC2 and RC4. Rivest encryption ciphers developed for RSA Data Security. -Triple-DES. DES applied three times. -IDEA.International Data Encryption Algorithm. Digital signature algorithms -DSA. Digital Signature Algorithm, part of the digital authentication standard used by the U.S. Government. -RSA. A public-key algorithm for both encryption and authentication. Developed by Rifest, Shamir, and Adleman. Key exchange algorithm -KEA. Key Exchange Algorithm, an algorithm used for key exchange by the U.S. Government. -RSA key exchange. A key-exchange algorithm for SSL based on the RSA algorithm. -SKIPJACK. A classified symmetric-key algorithm implemented in FORTEZZA-compliant hardware used by the U.S. Government. SSL comes in two strengths: 40-bit 128-bit session key.

20 Hardware Accelerators: Why we need cryptographic accelerators: -typical server: 12 new SSL connections/sec. -accelerator fitted: 240 new SSL connections/sec. Queuing problem. Examples: 1. Compaq AXL200 PCI Accelerator Card 2. NCipher's nfast 3. Intel Netstructure 7110 e-commerce Accelerator

21 Implementation: Public Domain: Servers -Open SSL -Apache-SSL -SSLeay -Mod_SSL -SSLref Commercial Domain: SSL Server Certificates: -40-bit: $ bit: $300 -Renew: $100

22 S-HTTP vs. SSL: Functionality Performance Performance factor S-HTTP SSL Establishment latency Minimal High to medium Overhead Processing Complexity Significant depending on service provided Significant depending on service provided Not significant Not significant Server resources Stateless/Stateful Stateful

23 S-HTTP vs. SSL: Functionality Compatibility with other protocol Client Machine Server Machine S-HTTP Application-level Security WWW Client Crypto Smarts Encrypted and/or signed message Network Layer HTTP Unencrypted Channel WWW Server Crypto Smarts Encrypted and/or signed message Network Layer Client Machine Server Machine SSL Connection-level Security WWW Client Normal HTTP message Network Layer Crypto Smarts HTTP Encrypted Channel WWW Server Normal HTTP message Network Layer Crypto Smarts

24 S-HTTP vs. SSL: Functionality Compatibility with other protocol Protocol/Applications S-HTTP SSL Proxy software Limited Support Practically NO support Main Web applications/ protocols HTTP only HTTP, FTP, Telnet, NNTP Other Protocols CRL Servers, Kerberos LDAP, Kerberos*

25 S-HTTP vs. SSL: Functionality Negotiation Flexibility Security Services S-HTTP SSL Combination Any Combination is Allowed Certain Services are Mandatory Order Any Order is Allowed Order of Service is Enforced

26 S-HTTP vs. SSL: Functionality Key Exchange Mechanisms Key Exchange Mechanism S-HTTP SSL Kerberos Yes Yes* RSA Yes Yes FORTEZZA No Yes Diffie-Hellman Yes Yes KEA No Yes Inband** Yes No Out of band (prearranged) Yes * Apache SSL ** Inband: Refers to the direct assignment of an uncovered key to a symbolic name. This name could be used for later reference. No

27 S-HTTP vs. SSL: Security Security Services Security Service S-HTTP SSL Confidentiality Yes Yes Message Integrity Yes Yes Authentication Yes Yes Non-repudiation Yes No

28 S-HTTP vs. SSL: Security Vulnerability S-HTTP Traffic analysis attacks. Key-exchange algorithm rollback attack Use of in-band key exchange Use of in-band key exchange is potentially problematic Local clocks-based time stamps Denial of service attack SSL Traffic analysis attacks. Key-exchange algorithm rollback attack Weakness of some implementation of (PKCS#1) Denial of service attack

29 S-HTTP vs. SSL: Security Future Trend All indications show that S-HTTP seems to be loosing the battle to SSL

30 Conclusion No single web security solution Evaluate the security technologies based on the application needs use a combination of secure technologies Focus on more than a flawless protocol and non-technical factors. Security policy enforcement