WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)



Similar documents
How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Web Security Considerations

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Chapter 7 Transport-Level Security

Communication Systems SSL

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Communication Security for Applications

Chapter 17. Transport-Level Security

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Network Security Part II: Standards

Secure Socket Layer. Security Threat Classifications

Transport Layer Security Protocols

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Transport Level Security

Network Security Essentials Chapter 5

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

The Secure Sockets Layer (SSL)

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

SECURE SOCKETS LAYER (SSL)

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

SSL Secure Socket Layer

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL

CSC Network Security

CSC 474 Information Systems Security

Lecture 7: Transport Level Security SSL/TLS. Course Admin

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Secure Sockets Layer

TLS and SRTP for Skype Connect. Technical Datasheet

Chapter 10. Network Security

As enterprises conduct more and more

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Cornerstones of Security

Virtual Private Networks

Overview. SSL Cryptography Overview CHAPTER 1

mod_ssl Cryptographic Techniques

Web Security. Mahalingam Ramkumar

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132)

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

SSL Secure Socket Layer

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

T Cryptography and Data Security

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

Lecture 10: Communications Security

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Security Protocols/Standards

Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

CS549: Cryptography and Network Security

Cryptography and Network Security IPSEC

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Authenticity of Public Keys

Three attacks in SSL protocol and their solutions

SSL VPN vs. IPSec VPN

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

Lecture 4: Transport Layer Security (secure Socket Layer)

Network Security. Lecture 3

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

, ) I Transport Layer Security

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Chapter 32 Internet Security

Virtual Private Networks: IPSec vs. SSL

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

Application Note: Onsight Device VPN Configuration V1.1

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

SSL: Secure Socket Layer

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Netzwerksicherheit: Anwendungen

Security. Learning Objectives. This module will help you...

SSL A discussion of the Secure Socket Layer

Security vulnerabilities in the Internet and possible solutions

T Cryptography and Data Security

Secure Use of the New NHS Network (N3): Good Practice Guidelines

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

SSL Handshake Analysis

Transcription:

Outline WEB Security & SET (Chapter 19 & Stalling Chapter 7) Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Web Security Considerations Internet is two way WWW is essentially client/server application running over the Internet t the Web is vulnerale to attacks on the Web server over the Internet Web is highly visible If the Web servers are subverted... Web servers are easy to configure and manage. Users are not aware of the risks. Security facilities in the TCP/IP protocol stack IPSec: Transparent to end users & applications. IPsec includes a filtering capability->only the selected traffic incur its overhead SSL/TLS General solution or embedded in specific application package Application-specific security services embedded within the particular application (e.g, PGP, SET). 1

SSL & TLS SSL was originated by Netscape TLS working group was formed within IETF First version of TLS can be viewed as a SSLv3.1 SSLv1 (Netscape)->SSLv3, SSLv2 (MS)->PCT SSL intend to provide a practical, widely applicable connection-oriented mechanism for Internet client-server communications security Characteristics of SSL Generic enough to be incorporated into many applications Provides security between the transport (TCP protocol) and upper application layer protocol Supports encryption, authentication, and key exchange Encrypts data so that anyone who intercepts is unable to read it. Assures clients that they are dealing with the server they intend to connect to (server authentication). Prevents any unauthorized clients from connecting to the server. Prevents anyone from meddling with data going to or coming from the server (message integrity). Characteristics of SSL Provides a secure channel Works for any TCP-based protocol: HTTP (https://, port 443); SIMAP (port 993); SPOP (port 995); NNTP; telnet Can t protect UDP-based protocol: SNMP; NFS; DNS; voice-over-ip for ITU R323 Widely used in Web browsers and servers Server nearly always authenticated, client more rarely usually by RSA signature, but other signature schemes supported, e.g. DSS (Digital Signature Standard) Key agreement usually by client sending RSAencrypted secret to server Diffie-Hellman also supported 2

Functional Model of SSL Two layers: SSL Architecture 3 higher-layer protocols: management of SSL exchange Handshake, change cipher spec, alert SSL record protocol provides basic security services to various higher-layer protocol (e.g., http) SSL protocols Handshake Protocol : authentication of the parties in the comm., negotiation of the encryption and hash algorithms, exchange of the PreMasterSecret, which will be used later to generate the auth. and encryption keys through the use of MasterSecret. ChangeCipherSpec (CCS) Protocol: Indicates the record layer any changes in the security parameters Alert Protocol: Indicate errors encountered during message verification and any incompatibility during Handshake Record Protocol: Applies all the negotiated security parameters between the two parties wishing to exchange info., and protects the data coming from the application layer as well as all the messages originated in the other three sub-protocols Exchange of information in SSL Exchange of information in SSL occurs in two phases: Preliminary phase: SSL identifies the parties, negotiates the cryp. attributes, generate and distribute the keys (handshake) Second phase: date exchange occur, security depends on alg. and parameters It is possible to signal an intrusion or an error at any time by Alert Protocol 3

Session & Connection Session Created by handshake, defines same cryptographic security parameters for multiple connections Authentication is done once for each session Session parameters: ID, peer certificate, compression method, cipher spec, master secret, is resumable. Connection A transport with some services, associated with a session Connection parameters: Server and client random no.; parameters of the hashing algorithm at both client/server; block encryption keys for both client/server; IV for both sides; A sequence number for each connection Session A SSL session is uniquely identified w/ six state variables Session Identifier: an arbitrary byte sequence chosen by the server to identify an active or resumable session state Peer Certificate: X509 certificate of the peer Compression Method: The alg. used to compress data prior to encryption Cipher Spec: - Cipher suite bulk data encryption algorithm (e.g., null, DES), a MAC alg. (e.g. MD5 or SHA-1), etc MasterSecret: 48-byte secret shared between the client and server Resumable: A flag indicating whether the session can be used to initiate new connections Recognized suites in SSL Cipher Suite: the set of encryption & hash algorithms In order to establish a session key, client & server must agree on a shared secret key. Cipher Spec. Used for encrypting the traffic sent between client and server. RC4-128-bit or 40-bit keys TripleDES - 168-bit keys, with 112 bits of effective strength IDEA - 128-bit keys Fortezza - 80-bit keys DES - 56-bit keys RC2-40 bit keys Not all SSL/TLS implementation support all algorithms. For sensitive data use secret key ciphers of 128 bits or more. 4

Generation of MasterSecret at the Startup of a session A pre-master-secret is exchanged first: RSA, or Diffie-Hellman. Both sides compute master secret based on pre-master-secret. Cryptographic Computations: Details Client generates a 48-byte pre-mastersecret s p Master secret : s m =MD5(s p SHA( A s p r c r s )) MD5(s p SHA( BB s p r c r s )) MD5(s p SHA( CCC s p r c r s )) Where r c,s : client, server random Connection Parameters to define the state of a connection: Server & Client-random 32-bytes, generated at the establishment of a session and for each new connection Server/client write MAC secret (encryption) Secret used in MAC operations on data written by the server/client Server/client write key Bulk cipher key for data encrypted by the server/client and decrypted d by the client/server IV: for CBC mode (one for client, one for server) initialized by SSL handshake protocol Sequence number (both sides): prevent replay attack Generation of secrets & IV at the startup of a connection Session key: same as previous, but use the master secret in place of s p to generate byte stream to cut out: Client, server MAC secret; Client, server write key; Client, server IV s m =MD5(s p SHA( A s p r c r s )) MD5(s p SHA( BB s p r c r s )) MD5(s p SHA( CCC s p r c r s )) Where r c,s : client, server random 5

Handshake Protocol The most complex part of SSL. Allows the server & client to authenticate each other. Negotiate t encryption, MAC algorithm and cryptographic keys. SSL Handshake protocol: steps exchange Hello messages to agree algorithms ( ciphersuites ) exchange fresh nonces check for session resumption agree secret material for pre_master_secret authenticate by exchanging certificates and proving knowledge of related private key generate master_secret from pre_master_secret and nonces verify integrity of these messages Message exchange of handshake protocol: the establishment of a new session Message of Handshake Protocol 6

Message exchange of handshake protocol: a connection establishment SSL Change Cipher Spec Protocol Consists a single 1-byte message to indicate to the Record protocol that the encryption can start w/ the security parameters that have been negotiated It cause the pending Cipher Spec state to be copied into the current Cipher Spec state, which updates the cipher suite to be used on this connection by the Record Layer SSL Record Protocol RP participates only after the transmission of the ChangeCipherSpec message During the establishment of a session Encapsulate the handshake data During the encryption phase Receive data from upper layers (handshake, alert, ChangeCipherSpec, p application layers), and transmit them after performing the following actions: Fragment data in blocks of maximum size of 2 14 bytes Data compression (optional) SSL Record Protocol Operation 7

2 services: Confidentiality, message integrity Layered protocol: Fragment application data into blocks Compress data Apply message authentication code (MAC) = h(m s) for message m and secret s Encrypt with client (cw) or server (sw) write key Transmit over TCP Specify content type for higher protocols SSL Record Protocol SSL Record Protocol Payload SSL Alert Protocol Signals alarm message when an error occurred Messages of the Alert Protocol Indicates the change of states like the closing of a connection Given the same treatment in the Record layer as those of the Application layer or the handshake protocol. 8

SSL based Virtual Private Networks (VPNs) What is a VPN? A virtual network is one that provides virtual circuits using the facilities of a real network Uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users intranet work access It is secure, encrypted & scalable VPN in detail Conventional IPSec VPNs Users are connected to the corporate resources by a tunnel over the internet IPSec operates at network layer, Once the tunnel is created, it is as if the user's PC is physically on the corporate LAN, and the user can directly access corporate applications. SSL VPNs Uses SSL and proxies to provide authorized use to the company s resources SSL VPN gateways are set up at the edge of the corporate network and serve as a proxy (or go between) to LAN applications Web browser connects to the VPN gateway just as it would to a web server The browser thinks it is communicating directly with the application; application thinks it is communicating directly with the browser or client software. Pros & Cons of SSL VPN Advantages of SSL VPNs Easier to set up and administrate Cost effective Provide access from anywhere Proxy provides increased security Good Interoperability Disadvantages of SSL-based VPNs Grant access only to web applications SSL provides inferior authentication as compared to IPSec 9

IPSec vs. SSL SSL Application: Online Credit Card Payment Two main security yprotocols to protect online payment: SSL & SET General Steps for Credit Card Payment Requirements of Secure Online Credit Card Payment Privacy Transaction information has not been intercepted. Integrity Transactions information has not been altered. Non-repudiation Transaction cannot be denied, and contract is enforceable. Authentication Sender is who she/he purports to be. 10

How does SSL secure WWW? SSL vs. S-HTTP S-HTTP: a secure extension of HTTP By Enterprise Integration Technologies Both provides secure communicate w/ web server Confidentiality, authentication, ti ti and data integrity it SSL encrypts the entire Internet session at a lower-level protocol. S-HTTP works on the same layer with HTTP layer. SSL used special handshakes to establish the secure connection. S-HTTP defines a security negotiation header for packets sent during the web session. 1. Parameter negotiation (handshake) 2. Server authentication 3. Client authentication (only on request) 4. Key Exchange 5. Confidential and authenticated message exchange SSL s secure options are preconfigured in the browser and servers, making SSL easier to use. S-HTTP s secure a vast array of options for enforcing the secure properties -> more difficult to configure SSL is the dominant technology for securing Web session in the marketplace SSL Roundup SSL protocol was developed by Netscape in 1994. First version, 1.0 The most widely deployed security protocol: Secure browsers, e.g., Netscape, MS Explorer Secure servers, e.g., Netscape, Microsoft Competitors: S-HTTP PCT (private communication technology) = SSLv2 by MS Defined in RFC2246, http://www.ietf.org/rfc/rfc2246.txt Open-source implementation at http://www.openssl.org/ Secure Electronic Transactions An open encryption and security spec./standard Protect credit card transaction on the Internet Companies involved: MasterCard,, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign Set of security protocols and formats 11

SET Overview Privacy: Uses 1024 bit public key cryptography which renders the intercepted message unreadable! Integrity: Hashing & signing ensures message sent is unaltered Authentication: Uses digital certificates (X.509v3) to ensure the parties are really who they claim to be. SET Business Requirements Provide confidentiality of payment and ordering information Ensure the integrity of all transmitted data Provide authentication that a cardholder is a legitimate user of a credit card account Provide authentication that a merchant can accept credit card transactions through its relationship with a financial institution (payment gateway) Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction Facilitate and encourage interoperability among software and network providers SET Transactions in Picture Components: Cardholder; Merchant; Acquirer/payment Gateway; customer s bank SET Participants 12

Key Technologies of SET Confidentiality of information: DES Integrity of data: RSA digital signatures with SHA-1 hash codes Cardholder account authentication: X.509v3 digital certificates with RSA signatures Merchant authentication: X.509v3 digital certificates with RSA signatures Privacy: separation of order and payment information using dual signatures Dual Signature Purpose: extra protection of privacy, by separating Customer sends order information (OI) to merchant Customer sends payment information (PI) to bank Link is needed Customer can prove a payment is intended for a specific order Construction of Dual Signature DS E KR c [ H ( H ( PI) H(OI))] Payment processing DS E [ H ( H ( PI) H(OI))] KR c Source: W. Stallings, Cryptography and Network Security Cardholder sends Purchase Request 13

Payment processing DS E KRc [ H ( H ( PI ) H(OI))] Payment processing Cardholder registration Merchant registration Purchase request/verification Payment Authorization: (x.509) Authorization Request (from merchant to payment gateway) Authorization Response Merchant Verifies Customer Purchase Request Payment Capture Capture Request Capture Response How safe is SET? Uses 1024 bit cipher keys, making it one of the strongest encryption applications. Public key crypt. used Secret key crypt. used If we use 100 computers each processing 10 MIPS, it would take 2.8 x 10 11 years to break just ONE encrypted message!!!! Source: http://www.rsa.com/set/html/howstrong.html Recommended Reading and WEB sites Drew, G. Using SET for Secure Electronic Commerce. Prentice Hall, 1999 Garfinkel, S., and Spafford, G. Web Security & Commerce. O Reilly and Associates, 1997 MasterCard SET site Visa Electronic Commerce Site SETCo (documents and glossary of terms) 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information