Information Systems Security Dr Ayman AbdelHamid College of
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Chapter 17 Web Security ISS Dr. Ayman Abdel-Hamid
Outline • Web Security and SSL ISS Dr. Ayman Abdel-Hamid 2
Web Security • Web now widely used by business, government, individuals • but Internet & Web are vulnerable • have a variety of threats Øintegrity Øconfidentiality Ødenial of service Øauthentication • need added security mechanisms ISS Dr. Ayman Abdel-Hamid 3
Threats on the Web ISS Dr. Ayman Abdel-Hamid 4
Web Traffic Security Approaches • Network level: transparent to end-users and applications • SSL, TLS: Netscape and Microsoft Explorer browsers equipped with SSL, most web servers implemented the protocol • Application level: service can be tailored to specific needs of a given application ISS Dr. Ayman Abdel-Hamid 5
SSL (Secure Socket Layer) • • transport layer security service originally developed by Netscape version 3 designed with public input subsequently became Internet standard known as TLS (Transport Layer Security) (viewed as SSLv 3. 1) • uses TCP to provide a reliable end-to-end service • SSL has two layers of protocols ISS Dr. Ayman Abdel-Hamid 6
SSL Architecture ISS Dr. Ayman Abdel-Hamid 7
SSL (Secure Socket Layer) • SSL Record Protocol: basic security services to higher-layer protocols (HTTP) • Handshake, Change Cipher Spec, Alert: management of SSL exchanges • SSL session and connection ISS Dr. Ayman Abdel-Hamid 8
SSL Architecture • SSL session Øan association between client & server Øcreated by the Handshake Protocol Ødefine a set of cryptographic parameters Ømay be shared by multiple SSL connections • SSL connection Øa transient, peer-to-peer, communications link Øassociated with 1 SSL session ISS Dr. Ayman Abdel-Hamid 9
SSL Session state • Session Identifier: byte sequence chosen by server • Peer certificate X 509. v 3 certificate • Compression method: compress prior to encryption • Cipher Spec: data encryption algorithm and hash algorithm • Master Secret: 48 byte secret • Is Resumable: can session be used to initiate new connections ISS Dr. Ayman Abdel-Hamid 10
SSL Connection state • Server and Client Random: byte sequences chosen by server and client • Server write MAC secret: secret key used in MAC • Client Write MAC secret • Sever Write Key • Client Write Key • Initialization Vectors: when block cipher used in CBC mode • Sequence numbers: separate sequence numbers for transmitted and received messages ISS Dr. Ayman Abdel-Hamid 11
SSL Record Protocol • confidentiality Øusing symmetric encryption with a shared secret key defined by Handshake Protocol ØIDEA, RC 2 -40, DES, 3 DES, Fortezza, RC 4 -40, RC 4 -128 Ømessage is compressed before encryption • message integrity Øusing a MAC with shared secret key Øsimilar to HMAC but with different padding ISS Dr. Ayman Abdel-Hamid 12
SSL Record Protocol • Fragmentation: blocks of 16384 bytes • Compression: optionally applied and is lossless (current standard default is null) • Padding might be performed after adding the MAC before encryption for block encryption ISS Dr. Ayman Abdel-Hamid 13
MAC Computation • MAC needs a shared secret key • Computation • Hash(MAC_write_secret|| pad_2 || hash(MAC_write_secret ||pad_1||seq_num ||SSLCompressed. type ||SSLCompressed. length ||SSLCompressed. fragment)) ISS Dr. Ayman Abdel-Hamid 14
SSL Record Format ISS Dr. Ayman Abdel-Hamid 15
SSL Change Cipher Spec Protocol • one of 3 SSL specific protocols which use the SSL Record protocol • a single message • causes pending state to become current • hence updating the cipher suite in use ISS Dr. Ayman Abdel-Hamid 16
SSL Alert Protocol • conveys SSL-related alerts to peer entity • severity Ø warning or fatal • specific alert Ø unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter Ø close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown • Alert messages are compressed & encrypted like all SSL data ISS Dr. Ayman Abdel-Hamid 17
SSL Handshake Protocol • allows server & client to: Øauthenticate each other Øto negotiate encryption & MAC algorithms Øto negotiate cryptographic keys to be used • comprises a series of messages in phases ØEstablish Security Capabilities ØServer Authentication and Key Exchange ØClient Authentication and Key Exchange ØFinish ISS Dr. Ayman Abdel-Hamid 18
SSL Handshake Protocol ISS Dr. Ayman Abdel-Hamid 19
Client Hello Message • Version • Random Ø 32 -bit timestamp and 28 bytes by a secure random number generator • Session ID Ø Zero indicates a new connection on a new session • Cipher. Suite Ø A key exchange algorithm and a Cipher. Spec Ø The list is ordered in decreasing order of preference • Compression Method ISS Dr. Ayman Abdel-Hamid 20
Server Hello Message • Version Ø Lower of version suggested by client and highest supported by server • Random Ø 32 -bit timestamp and 28 bytes by a secure random number generator • Session ID Ø Nonzero by client: same used by server Ø Zero: value for a new session • Cipher. Suite Ø Single cipher suite selected by server from sent by client • Compression Method Ø Compression method selected by server ISS Dr. Ayman Abdel-Hamid 21
Key Exchange Methods • RSA Ø Secret key encrypted with receiver’s RSA public key • Fixed Diffie-Hellman Ø Public key certificate contains Diffie-Hellman public key parameters signed by certificate authority (CA) Ø Fixed secret key between two peers • Ephemeral Diffie-Hellman Ø Diffie-Hellman public keys are exchanged, signed using sender’s private RSA or DSS key Ø Certificates used to authenticate public keys Ø Temporary authenticated secret key • Anonymous Diffie-Hellman • Fortezza ISS Dr. Ayman Abdel-Hamid 22
Cipher. Spec • Cipher Algorithm • MAC Algorithm (MD 5 or SHA 1) • Cipher Type (Stream or Block) • Is. Exportable • Hash Size (0, 16 (MD 5), 20 (SHA-1) bytes) • Key Material (used in generating write keys) • IV Size (for CBC mode) ISS Dr. Ayman Abdel-Hamid 23
TLS (Transport Layer Security) • IETF standard RFC 2246 similar to SSLv 3 • with minor differences – in record format version number – uses HMAC for MAC – a pseudo-random function expands secrets – has additional alert codes – some changes in supported ciphers – changes in certificate negotiations – changes in use of padding ISS Dr. Ayman Abdel-Hamid 24
- Slides: 24