Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats o Integrity o Confidentiality o denial of service o authentication need added security mechanisms
Trang 1
Lecturer: Nguyễn Thị Thanh Vân – FIT - HCMUTE
Trang 215/11/2017 3
Trang 315/11/2017 5
Trang 4capability so that only
selected traffic need
incur the overhead of
IPsec processing
could be provided as part of the underlying protocol suite, therefore be transparent to applications
can be embedded in specific packages
Ex, Netscape and IE
Application-specificsecurity servicesembedded within the particular application
the service can be tailored to the specific needs of a given application
Web now widely used by business, government, individuals
but Internet & Web are vulnerable
have a variety of threats
Trang 515/11/2017 9
Two types of web security threats:
o Passive attacks include eavesdropping on network traffic
between browser and server and gaining access to information
on a Web site that is supposed to be restricted
o Active attacks include impersonating another user, altering
messages in transit between client and server, and altering
information on a website
Another way to classify Web security threats is in terms
of the location of the threat:
o Web server,
o Web browser, and
o network traffic between browser and server
Trang 6 HTTPS (HTTP over SSL) refers to the combination of HTTP
and SSL to implement secure communication between a Web
browser and a Web server.
o HTTPS is simply HTTP inside of a TLS session
Secure Socket Layer (SSL) provides security services
between TCP and applications that use TCP The Internet
standard version is called Transport Layer Service (TLS).
SSL/TLS provides confidentiality using symmetric encryption
and message integrity using a message authentication code
(MAC).
SSL/TLS includes protocol mechanisms to enable two TCP
users to determine the security mechanisms and services
they will use.
parties using both asymmetric cryptography as well as
symmetric cryptography to
o provide data privacy, integrity, and authentication
their messages
o Two parties are able to authenticate to ensure they really are
talking to whom they think
Trang 715/11/2017 13
the confidentiality of data transmitted electronically
name that contains information about the domain owner,
his address, etc.
Certificate Authorities (CAs):
o Domain Validated
o Organization Validated
o Extended Validation
Trang 815/11/2017 15
Strong authentication, message privacy, and integrity
o secure transmitted data using encryption
o data integrity through an integrity check value
o help protect against masquerade attacks, man-in-the-middle,
rollback attacks, and replay attacks
Interoperability: works with
o most Web browsers and on most OS and Web Server
o most of its operations are completely invisible to the client
o The client to have little or no knowledge of the security of
communications and still be protected from attackers
Trang 9 Increased processor load
o Cryptography, specifically public key operations, is
CPU-intensive
o TLS uses the greatest resources while it is setting up
connections
o A TLS/SSL environment is complex and requires maintenance;
the system administrator must configure the system and manage
certificates
SSL-secured transactions with an e-commerce Web site
o certificate of the Web site is valid,
o sends the client’s credit card information as cipher text
o must be enabled for the Web page: an order form
Authenticated client access to an SSL-secured Web site
o Both the client and server need certificates from a mutually -trusted
certification authority (CA)
o provide authentication and data protection when users remotely log
in to Windows-based systems or networks
o client or server can be configured to require encryption of the data
that is transferred between them
o protect data in a server-to-server exchange allows companies to
use the Internet to securely transfer e-mail among divisions within
the same company
Trang 10 Connection:
o A connection is a transportthat provides a suitable type of service
o Connections are peer-to-peer relationships
o The connections are transient
o Every connection is associated with one session
Session:
o An association between a client and a server
o Sessions are created by the Handshake Protocol
o Sessions define a set of cryptographic security parameters which
can be shared among multiple connections
o Sessions are used to avoid the expensive negotiation of new
security parameters for each connection
SSL is designed to make use of TCP to provide a reliable
end-to-end secure service
SSL is not a single protocol but rather two layers of protocols
provides basic security services to various higher layer protocols
are used in the management
of SSL exchanges
provides the transfer service for Web client/server interaction
Trang 11 The SSL Record Protocol provides two services for
SSL connections:
o Confidentiality:
The Handshake Protocol defines a shared secret key that is
used for conventional encryption of SSL payloads
o Message Integrity:
The Handshake Protocol also defines a shared secret key that is
used to form a message authentication code (MAC)
2 14 bytes (16384 bytes)
Comp Algo TLS: null
|| pad_1 || seq_num|| SSLCompressed.type
|| SLCompressed.length || SSLCompressed.fragment)) Encryption algorithms: Block Cipher (AES,
DES, 3DES, RC2,…) Stream Cipher (RC4 ) Header fields: Content Type (8 bits); Major Version (8 bits); Minor Version (8 bits);
Compressed Length (16 bits)
Trang 12 Change Cipher Spec Protocol:
o is the simplest
o consists of a single message:
• consists of a single byte with the value 1
• to cause the pending state to be copied into the current state, which
updates the cipher suite to be used on this connection
o is used to convey SSL-related alerts to the peer entity
o alert messages are compressed and encrypted, as specified by
the current state
o Each message in this protocol consists of two bytes
• The first byte takes the value warning (1) or fatal (2) to convey the
severity of the message
• The second byte contains a code that indicates the specific alert
Trang 13 Handshake Protocol
o The most complex part of SSL
o This protocol allows the server and client to authenticate each other
and to negotiate an encryption and MAC algorithm and cryptographic
keysto be used to protect data sent in an SSL record
o It is used before any application data is transmitted
o It consists of a series of messages exchanged by client and server
Each message has three fields:
• Type (1 byte): Indicates one of 10 messages Table 16.2 lists the defined
message types.
• Length (3 bytes): The length of the message in bytes.
• Content ( bytes): The parameters associated w ith this message
certificate chain of X.509v3 certificates
server_key_exchange parameters, signature
certificate_request type, authorities
server_done null
certificate_verify signature
client_key_exchange parameters, signature
finished hash value
Trang 14Establish security capabilities, including protocol version,
session ID, cipher suite, compression method, and initial
random numbers.
Phase 2
Server may send certificate, key exchange, and request
certificate Server signals end of hello message phase.
Phase 3
Client sends certificate if requested Client sends key
exchange Client may send certificate verification.
Phase 4
Change cipher suite and finish handshake protocol
Trang 16Two further items are of interest:
o the creation of a shared master secret by means of the key
exchange and
• a one-time 48-byte value
• generated using secure key exchange (RSA / DiffieHellman) and then
hashing info
• tw o stages
• First, a pre_master_secret is exchanged ( RSA / DiffieHellman)
• Second, the master_secret is calculated by both parties
o the generation of cryptographic parameters from the master secret
• Client and Server w rite:
• MAC secret,
• key,
• Initialization Value
• generated by hashing master secret into a sequence of secure bytes of
sufficient length for all needed parameters
produce an Internet standard version of SSL.
5246
o in record format version number
o uses HMAC for MAC
o a pseudo-random function expands secrets
- based on HMAC using SHA-1 or MD5
o has additional alert codes
o some changes in supported ciphers
o changes in certificate types & negotiations
o changes in crypto computations & padding
Trang 17 need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections:
o w eb servers, SMTP servers, IMAP and POP servers
o is documented in RFC 2818, HTTP Over TLS or SSL
o refers to the combination of HTTP and SSL to implement secure
communication between a Web browser and a Web server
o is built into all modern Web browsers
o Its use depends on the Web server supporting HTTPS
communication
• For example, search engines do not support HTTPS
• If HTTPS is specified, port 443 is used, which invokes SSL
Trang 18 When HTTPS is used, the following elements of the
communication are encrypted:
o URL of the requested document
o Contents of the document
o Contents of browser forms (filled in by browser user)
o Cookies sent from browser to server and from server to browser
o Contents of HTTP header
either SSL or TLS, and both implementations are
referred to as HTTPS.
Trang 19 1 Session establishment (authentication, key exchange)
2 Exchange of data over SSL, often a 1KB file over HTTP
3 Session closure
Connection Initiation:
o The client initiates a connection to the server on the appropriate port
o begin the TLS handshake: client sends the TLS ClientHello
o Then, the client initiate the first HTTP request
o All HTTP data is to be sent as TLS application data
o requires that TLS close the connection with the peer TLS entity on
the remote side (closing the underlying TCP connection)
o TLS level exchange close_notify alerts
o must handle TCP close before alert exchange sent or completed
Trang 20 SSH:
o is a protocol for secure netw ork communications designed to be relatively
and inexpensive to implement
SSHv1:
o w as focused on providing a secure remote logon facility,
o can be used for such netw ork functions as file transfer and e-mail
o fixes a number of security flaw s in the original scheme.
o is documented as a proposed standard in IETF RFCs 4250 through 4256
SSH client and server applications are widely available for most
operating systems
It has become the method of choice for remote login and X tunneling
and is rapidly becoming one of the most pervasive applications for
encryption technology outside of embedded systems
Trang 2115/11/2017 41
- These strings are used in the
DiffieHellman key exchange
The cryptographic algorithm
include: key exchange, encryption,
MAC algorithm, and compression
algorithm
Diffie-Hellman key exchange are
specified
At this point, both sides may start
using the keys generated from K
- Request: User Authentication or the
Connection Protocol
- Then, all data is exchanged as the payload
of an SSH Transport Layer packet, protected
by encryption and MAC
Trang 22 Defines which the client is authenticated to the server
three message types:
o SSH_MSG_USERAUTH_REQUEST
o SSH_MSG_USERAUTH_FAILURE
SSH_MSG_USERAUTH_SUCCESS
Authentication methods:
Client sends: (Pub,M(Sign_Pri))
Serrver: checks key is acceptable for authentication; checks
signature is correct or not
• Client send a signature created w ith the private key of the client host
• The SSH server verifies the identity of the client host—and
• then believes the host w hen it says the user has already authenticated
on the client side
The SSH Connection Protocol used a tunnel to multiplex a number
of logical channels
Channel Mechanism:
o Support all types of communication using SSH
o Each side associates a unique channel
o Channels are flow controlled using a w indow mechanism
o No data may be sent to a channel until a message is received to indicate
that w indow space is available.
Channel Types
o Session: may be a shell, an application such as file transfer or e-mail, a
system command, or some built-in subsystem
o x11: allow s applications to run on a netw ork server but to be displayed
on a desktop machine.
o forw arded-tcpip: This is remote port forw arding
o direct-tcpip: This is local port forw arding
Trang 23 The life of a channel progresses
through three stages:
o SSH Transport Layer Protocol establishes a TCP
connection between SSH client & server
o client traffic redirected to local SSH, travels via tunnel,
then remote SSH delivers to server
supports two types of port forwarding
o local forwarding – hijacks selected traffic
o remote forwarding – client acts for server
Trang 2415/11/2017 47
Trang 2515/11/2017 49
Trang 26 Experience
o HTTPS:
• Check if a web broswer can establish a secure connection
(TLS/SSL) with the site
and Practice, William Stallings, Prentice Hall,
Sixth Edition, 2013
o Chapter 16
o Others