Web Security Considerations

Transcription

1 CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University Web Security Considerations Web is client/server application over Internet Internet is 2-way, unlike traditional publishing Many businesses depend on web Underlying software is very complex browsers, web servers easy to use, configure however, software hide many security flaws Attack on web servers can harm other computers within organization Many users don t know enough to handle risks

2 Web Security Threats Web Security Approaches IPSec Transparent to applications General purpose Filtering capability SSL/TLS Part of protocol, thus, transparent to applications or embedded into packages (e.g. browsers) Kerberos, S/MIME/PGP Embedded into packages Can be tailored to specific application needs

3 Secure Socket Layer (SSL) Originated by Netscape (SSLv3) Transport Layer Security developed by IETF TLS = SSLv3.1, backward compatible v3 Discussion is mainly for SSLv3 SSL Architecture Designed to work with TCP Provide end-to-end reliable service Two layers of protocols SSL record protocol provide services to upper protocols SSL Handshake, Change Cipher Spec, Alert used in management of SSL exchanges HTTP can operate on top of SSL

4 SSL Architecture SSL Connections and Sessions Connection peer-to-peer relationship, transport layer transient associated with one session Session association between client, server created by Handshake Protocol define set of cryptographic security parameters parameters shared by multiple connections avoid negotiating new parameters/connection

5 Session State Parameters Session identifier Peer certificate X.509v3 certificate of the peer Compression method Cipher spec encryption algorithm (e.g. AES), hash (MD5) Master secret key shared between client, server Is resumable Connection State Parameters Server and client random Server MAC secret Client MAC secret Server write key Client write key Initialization vector IV used with CBC mode Sequence numbers secret keys used in MAC operations secret encryption keys

6 SSL Record Protocol Provides two services to SSL connections confidentiality: encryption of SSL payloads message integrity: using MAC Steps fragmentation: to blocks of 2 14 bytes compression: optional MAC: of compressed data, secret key used encryption: symmetric block or stream cipher prepending header SSL Record Protocol

7 SSL Record Format header SSL Record Protocol Payload

8 Change Cipher Spec Protocol Consists of single message change_cipher_spec single byte, value = 1 Cause pending state to be copied to current updates cipher suite to be used on connection Alert Protocol Convey SSL related alerts to peer entity Alert messages compressed, encrypted Consists of 2 bytes First byte take values warning (1), fatal (2) Fatal SSL terminates connection other connections in same session continue no new connections allowed Second byte contains code of specific alert

9 Handshake Protocol Most complex part of SSL Allows server and client to authenticate each other negotiate algorithms, keys used (crypt, MAC) Used before any application data transmitted Consists of 4 phases

10 Phase 1: Establish Security Capabilities Initiate logical connection Establish associated security capabilities client_hello message version: highest supported SSL version CipherSuite: list of supported crypt algorithms in decreasing order of preference server_hello message version: highest supported by both client, server CipherSuite: selected suite from proposed list Phase 2: Server Authentication and Key Exchange certificate message server sends its X.509 certificate or chain certificate_key_exchange message parameters for key exchange required by some algorithms (no shared key) certificate_request message list of acceptable certificate authorities server_done message indicate end of server hello messages

11 Phase 3: Client Authentication and Key Exchange Client verify server certificate is valid Check that parameters are acceptable certificate_message sent if server requested certificate client_key_exchange message parameters for key exchange certificate_verify message optional, for some certificate types Phase 4: Finish Completes setting up secure connection change_cipher_spec message sent using Change Cipher Spec protocol finished message sent with established algorithms, keys verifies key exchange, auth were successful

12 TLS Differences From SSL Version number MAC algorithm and scope of calculation Pseudorandom function Alert codes: one unsupported, many added Client certificate types: some unsupported Hash calculation for messages certificate_verify finished Additional References About SSL/TLS, curity/students/ss8a/ssltls.html SSL/TLS Protocol overview, s/inetreference/121.htm Implementing Web Site Client Authentication Using Digital IDs, Secure Sockets Layer (SSL) Protocol, islab.oregonstate.edu/koc/ece575/99project/ying/ index.htm