Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi
Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL)
Agenda Waheed opens the presentation introduces S-HTTP Haroula introduces SSL Mohammed Compares S-HTTP to SSL Concludes the presentation
Internet Security Two basic security services Access Security Transaction Security Several mechanism to provide transaction security S-HTTP SSL PCT SET
S-HTTP Developed by the Enterprise Integration Technologies (EIT) Inc in 1994 EIT formed Terisa Systems in conjunction with RSA Data Security Terisa Systems is currently owned by spyrus Inc. Verifone?
Functionality Message oriented protocol Works at the application layer Client Machine WWW Client Crypto Smarts Encrypted and/or signed message Network Layer Secure HTTP Unencrypted Channel Server Machine WWW Server Crypto Smarts Encrypted and/or signed message Network Layer
How does it work Message Preparation: Clear text message not necessarily HTTP Receiver s cryptographic preferences and keying material Sender s cryptographic preferences and keying material
How does it work (Cont ) Message Recovery Receiver gets the S-HTTP message Receiver s stated cryptographic preferences and keying material Receiver s current cryptographic preferences and keying material Sender s previously stated cryptographic options
Security Services Provides following security services Confidentiality Non-repudiation Integrity Authentication
Currently Supported Certificates and Algorithms One-way hash functions MD2,MD5,SHA-1 Encryption Algorithms DES-CBC,3DES-CBC (2 or keys), DESX- CBC, IDEA-CFB, RC2-CBC,RC4,CDMF- CBC Digital Signature Algorithms RSA, DSS,SHS
Flexibility Provides symmetric capabilities to both server and client S-HTTP aware clients can communicate with S- HTTP oblivious server and vice-versa Allows client and server to negotiate the strength and type of cryptographic option supports PKI, Kerberos, and pre-arranged keys Works with non PKI aware clients
Current Implementations NCSA httpd was the initial reference implementation, however it is no longer supported Open Market s Secure WebServer 2.0 and earlier versions. New version 2.1 no longer supports S-HTTP SPRY Inc.'s SafteyWEB was a freely distributed version of S-HTTP server.
Why is S-HTTP disappearing? Application dependent Implementation is time consuming Netscape is used among 70% of the internet community SSL/TLS is becoming a standard
Secure Sockets Layer (SSL): Netscape Protocol Layered on top of Transmittion Control Protocol [TCP] Layered below protocols that run on top of TCP/IP[HTTP, LDAP, IMAC] Later refitted as Internet Engineering Task Force [IETF] standard Transport Layer Security [TLS] Session oriented
Security Services: Confidentiality -All data encrypted Integrity -MAC, sequence number, per session key Authentication -Public Key Cryptography
Protocol Architecture: SSL Record Protocol SSL Handshake Protocol
SSL Handshake Protocol: SSL session begins with the handshake Authentication Key exchange Initialization, synchronization of security parameters
SSL Record Protocol: Data sent via this protocol - Data compression - Data encryption - MAC to check the integrity
Cryptographic Technique Message digest algorithmes -MD5. Message Digest algorithm developed by Rivest. -SHA-1. Secure Hash Algorithm, a hash function used by the U.S. Government. Encryption algorithms -DES. Data Encryption Standard, an encryption algorithm used by the U.S. Government. -RC2 and RC4. Rivest encryption ciphers developed for RSA Data Security. -Triple-DES. DES applied three times. -IDEA.International Data Encryption Algorithm. Digital signature algorithms -DSA. Digital Signature Algorithm, part of the digital authentication standard used by the U.S. Government. -RSA. A public-key algorithm for both encryption and authentication. Developed by Rifest, Shamir, and Adleman. Key exchange algorithm -KEA. Key Exchange Algorithm, an algorithm used for key exchange by the U.S. Government. -RSA key exchange. A key-exchange algorithm for SSL based on the RSA algorithm. -SKIPJACK. A classified symmetric-key algorithm implemented in FORTEZZA-compliant hardware used by the U.S. Government. SSL comes in two strengths: 40-bit 128-bit session key.
Hardware Accelerators: Why we need cryptographic accelerators: -typical server: 12 new SSL connections/sec. -accelerator fitted: 240 new SSL connections/sec. Queuing problem. Examples: 1. Compaq AXL200 PCI Accelerator Card 2. NCipher's nfast 3. Intel Netstructure 7110 e-commerce Accelerator
Implementation: Public Domain: Servers -Open SSL -Apache-SSL -SSLeay -Mod_SSL -SSLref Commercial Domain: SSL Server Certificates: -40-bit: $125-128-bit: $300 -Renew: $100
S-HTTP vs. SSL: Functionality Performance Performance factor S-HTTP SSL Establishment latency Minimal High to medium Overhead Processing Complexity Significant depending on service provided Significant depending on service provided Not significant Not significant Server resources Stateless/Stateful Stateful
S-HTTP vs. SSL: Functionality Compatibility with other protocol Client Machine Server Machine S-HTTP Application-level Security WWW Client Crypto Smarts Encrypted and/or signed message Network Layer HTTP Unencrypted Channel WWW Server Crypto Smarts Encrypted and/or signed message Network Layer Client Machine Server Machine SSL Connection-level Security WWW Client Normal HTTP message Network Layer Crypto Smarts HTTP Encrypted Channel WWW Server Normal HTTP message Network Layer Crypto Smarts
S-HTTP vs. SSL: Functionality Compatibility with other protocol Protocol/Applications S-HTTP SSL Proxy software Limited Support Practically NO support Main Web applications/ protocols HTTP only HTTP, FTP, Telnet, NNTP Other Protocols CRL Servers, Kerberos LDAP, Kerberos*
S-HTTP vs. SSL: Functionality Negotiation Flexibility Security Services S-HTTP SSL Combination Any Combination is Allowed Certain Services are Mandatory Order Any Order is Allowed Order of Service is Enforced
S-HTTP vs. SSL: Functionality Key Exchange Mechanisms Key Exchange Mechanism S-HTTP SSL Kerberos Yes Yes* RSA Yes Yes FORTEZZA No Yes Diffie-Hellman Yes Yes KEA No Yes Inband** Yes No Out of band (prearranged) Yes * Apache SSL ** Inband: Refers to the direct assignment of an uncovered key to a symbolic name. This name could be used for later reference. No
S-HTTP vs. SSL: Security Security Services Security Service S-HTTP SSL Confidentiality Yes Yes Message Integrity Yes Yes Authentication Yes Yes Non-repudiation Yes No
S-HTTP vs. SSL: Security Vulnerability S-HTTP Traffic analysis attacks. Key-exchange algorithm rollback attack Use of in-band key exchange Use of in-band key exchange is potentially problematic Local clocks-based time stamps Denial of service attack SSL Traffic analysis attacks. Key-exchange algorithm rollback attack Weakness of some implementation of (PKCS#1) Denial of service attack
S-HTTP vs. SSL: Security Future Trend All indications show that S-HTTP seems to be loosing the battle to SSL
Conclusion No single web security solution Evaluate the security technologies based on the application needs use a combination of secure technologies Focus on more than a flawless protocol and non-technical factors. Security policy enforcement