Security on the World Wide Web - PowerPoint PPT Presentation

1 / 95

About This Presentation

Title:

Security on the World Wide Web

Description:

Organized as a layered model # of layers, content of layers depending from network to network ... Each user chooses a secret key and caries it by hand to BB's office ... – PowerPoint PPT presentation

Number of Views:113

Avg rating:3.0/5.0

Slides: 96

Provided by: sven93

Category:

more less

Transcript and Presenter's Notes

Title: Security on the World Wide Web

1
Security on the World Wide Web
2
Content

WWW History architecture
Security issues WWW
Cryptography principals
Securing the WWW

3
World Wide Web general architecture
4
Network

Organized as a layered model
of layers, content of layers depending from
network to network
2 important reference models
OSI (7 layers)
TCP/IP (4 layers, used for the Internet)

5
TCP/IP Reference Model
6
TCP/IP Reference Model

Layered model
Each layer offers functionality to layer
above
Separation of concerns

7
TCP/IP Reference Model

inject packets into the network
Major issue packet routing
Defines an official packet format and
protocol, named IP

8
TCP/IP Reference Model

To let peer entities on source and
destination communicate
Major issue packet sequencing, flow control
2 protocols TCP / UDP

9
TCP/IP Reference Model

Applications building on layer below
Examples telnet, smtp, ftp, DNS, http,

10
TCP/IP Reference Model

Largely unspecified
Host should connect to the network using some
protocol so it can send IP packets

11
TCP/IP Reference Model protocols
12
TCP/IP Reference Model IP protocol
13
TCP/IP Reference Model IP protocol

Keeps track of which version of the protocol the
datagram belongs to
Tells how long the header is

14
TCP/IP Reference Model IP protocol

Allows the host to tell the subnet what kind of
service it wants (different possibilities of
reliability and speed)
Both header and data (max. is 65535 bytes)

15
TCP/IP Reference Model IP protocol

All fragments of one datagram have the same
identification value
Tells where in the current datagram this fragment
belongs

16
TCP/IP Reference Model IP protocol

Unused bit
DF Dont fragment datagram (e.g. Destination
cannot reconstruct)
MF More fragments

17
TCP/IP Reference Model IP protocol

Counter used to limit packet lifetimes
When internet layer assembled a complete
datagram, it needs to give it a transport process
(TCP, UDP)

18
TCP/IP Reference Model IP protocol

Is usefull for detecting errors generated inside
a router
Verifies the header only

19
TCP/IP Reference Model IP protocol

Address of sender
Address of receiver

20
TCP/IP Reference Model TCP protocol
21
TCP/IP Reference Model TCP protocol

Both sender and receiver create endpoints
(sockets)
Socket number IP adress of host 16-bit local
to that host (port)

22
TCP/IP Reference Model TCP protocol

Position of data in the original data stream
Acknowledges the acceptance of data from the
other device

23
TCP/IP Reference Model TCP protocol

The number of 32-bit words in the TCP header.
This indicates where the data begins
6-bit field not used (set to 0)

24
TCP/IP Reference Model TCP protocol

Six 1-bit flags
URG to indicate if the urgent pointer is in use
ACK to indicate that the acknowledgement number
is valid
PSH request the receiver to deliver the data to
the application upon arrival instead of buffering
RST used to reset the connection
SYN to establish connections
FIN to release the connection

25
TCP/IP Reference Model TCP protocol

Defines the size of the sliding window.
Error checking and correction

26
TCP/IP Reference Model TCP protocol

Some events may cause TCP to stop accumulate data
and transmit everything it has for that
connection immediately ( urgent data)
Defines the end of the urgent data so that the
receiving application knows when it is over

27
TCP/IP Reference Model TCP protocol

Most important option is the one that allows each
host to specify the maximum TCP payload it is
willing to accept

28
TCP/IP Reference Model UDP protocol
29
TCP versus UDP

TCP guarantees a fault-free transportation
channel to an application
Packets that didnt reach the destination are
send again
Packets arrived in the wrong order are reordered
...
UDP gives no guarantees

30
TCP versus UDP (cont.)

TCP is a connection oriented protocol
First establish a connection
Use the connection for data transmission
Release the connection
UDP is a connectionless protocol (UDP packets can
be send immediately)

31
TCP versus UDP (cont.)

TCP contains flow control
Both sides of the connection can tell the other
party how many data can be send
So when the sender sends to much data he will be
slowed down by the receiver

32
TCP/IP Reference Model HTTP protocol

HTTP client opens connection to server
HTTP client sends request message
HTTP server responds
HTTP server closes connection

33
TCP/IP Reference Model HTTP protocol
From Figure 13.3 in Stevens
34
TCP/IP Reference Model sending http packets

Application layer

Transport layer
Internet layer
35
World Wide Web security

WWW was not designed with security in mind
Problems
eavesdropping
spoofing
altering information in transit
executing malicious code

36
World Wide Web motivations for hacking

Students for fun
Sales representative make false claims
Businessman steal competitors info
Ex-employee revenge
Spy steal military secrets
Stockbroker deny promise
Client deny acquisition

37
Security Issues

Confidentiality
secrecy of what is send
Authentication
identification of who is sending
Integrity
message send message received
Nonrepudiation
sender cannot deny sending a message

38
Security TCP/IP Reference Model

Physically secure clients and servers
Secure wires

39
Security TCP/IP Reference Model

Filter (IP-) packages

40
Security TCP/IP Reference Model

Encrypt entire connection (transparent)

41
Security TCP/IP Reference Model

Explicit cryptography
Must handle user authentication and
non-repudiation

42
Cryptography introduction

What? a collection of techniques to keep
information secure
Purpose twofold
Encrypt the original, understandable message into
a non-understandable message (using an encryption
key)
Ability to decrypt the unreadable message back
into its original form (using a decryption key)

43
Cryptography basics (1/2)
44
Cryptography Basics (2/2)

Good encryption/decryption algorithm
Key length crucial
How longer the key is, how longer the work for
the cryptanalyst
Prevent kid from reading email 64-bit key
Governmental information at least 256 bits needed

45
Cryptography basic techniquesSubstitution
Cipher

Substitute one letter by another
Caesar cipher shift letters 3 positionsA -gt C,
B -gt D, C -gt E,
Generalization shift letters k positions
Improvement monoalphabetic substituionplain
text a b c d e f g h i j k l m n
ciphertext q w e r t y u i o p a s
d f
Disadvantages statistical attacks, probable word
attack

46
Cryptography basic techniquesTransposition
Cipher

Re-order letters, not disguise
Key is word not containing any repeated letters
(e.g. MEGABUCK)
Purpose of the key is to number the columns
Plain text is written in rows, ciphertext read
out by means of columns
Safer than substitution, but still vulnerable

47
Cryptography basic techniquesOne-Time Pad

1. Choose a random bit string2. Convert
plaintext into bitstring (e.g. ASCII)3. Compute
exclusive OR of these bitstrings
Potentially unbreakable because each plaintext is
a candidate
Disadvantage key cannot be memorized, amount of
data limited, tedious synchronization

48
Cryptography algorithmsfundamental principles

Redundancy
To avoid garbage to be miss-interpreted as a
valid message
Freshness
To avoid resending old messages

49
Cryptography algorithmscategories

Symmetric key algorithm
use same key to encrypt and decrypt
Public key algorithm
one key to encrypt, another to decrypt
Hybrid cryptosystems
public key algorithm for exchange of (symmetric)
session key

50
Symmetric Key Algorithms

Very fast
Fairly easy to implement
Used for bulk encryption
Two techniques
Stream algorithms (encrypt bits of message one at
a time)
Block algorithms (encrypt a number of bits as one
unit)
often implemented as a network of black boxes
each imposing a reversible transformation on the
plaintext

51
Symmetric Key Algorithms how?

Mutually decide on cryptography algorithm C D
to use
Mutually decide which key K to use
Person A uses key to produce cyphertext from the
plaintext (CK(T))
Person B uses key to decrypt cyphertext back into
plaintext (DK(CK(T))

52
Symmetric Key Algorithms disadvantages

key must be exchanged secretly (the problem of
key management)
Particular hacks are possible

53
Symmetric Key Algorithms Data Encryption
Standard

Official U.S. government standard, 1977, ANSI
standard in 1981
Encrypts block of 64 bits
Uses 56 bit key
19 distinct stages
No longer safe

54
Symmetric Key Algorithms other examples

DESX
two additional steps
Triple-DES
DES three times with different keys
IDEA
128 bit key
believed to be strong
used by PGP
RC2, RC4, RC5

55
Public Key Algorithms

Use of 2 keys (public key and private key)
Proposed by Diffie and Hellman (Stanford, 1976)
Slow
Difficult to produce encryption algorithm
Few existing algorithms

56
Public Key Algorithms
57
Public Key AlgorithmsRSA

Named after inventors Rivest, Shamir, Adleman
Based on prime factorization
Widely used
Used primarily for distributing one-time session
keys for use with e.g. DES

58
Public Key Algorithmsother examples

Diffie-Hellman key exchange
ElGamal (based on discrete algorithms)
Digital Signature Standard (DSS)

59
Hybrid Cryptosystems

Use slow, public key algorithm to exchange key K
Use K as key for a symmetric key algorithm
Combines advantages of both public and private
key algorithms

60
WWW Security

Authentication

61
Authentication protocols

Technique to verify that the communication
partner is who it is supposed to be
E.g. Bobs process asks the file server to delete
the file salaries.txt
Is it actually Bobs process? ? authentication
Is Bob authorized to do that? ? authorization

62
Authentication protocolsbased on a shared
secret key

Suppose Bob and Alice already have a secret key
KAB
Based on sending a random number RB (challenge)
to the one asking a service
Response going to challenger KAB(RB)
Known as challenge-response protocols

63
Authentication protocolsChallenge - Response

Shortened protocol

64
Authentication protocolsChallenge - Response

Shortened protocol

This is wrong reflection attack!!!
65
Authentication protocolsReflection attack with
multiple sessions
66
Authentication protocolsChallenge Response
Bob doesnt send anything before Alice is
authenticated!!
67
Authentication protocolsChallenge
ResponseRequirements

Have initiator prove identity first
Have initiator and responder use different keys
Use different challenges
Avoid unrestricted parallel sessions

68
AuthenticationDigital signatures

To solve the absence of an authorized handwritten
signature for legal, financial and other
documents
Basically 3 things are needed
The receiver can verify the claimed identity of
the sender
The sender cannot later repudiate the contents of
the message
The receiver cannot possibly construct the
message himself

69
Authentication digital signaturesSecret key
signatures

One central authority that knows everything and
whom everyone trusts ? Big Brother
Each user chooses a secret key and caries it by
hand to BBs office

70
Authentication digital signaturesSecret key
signatures
71
Authentication digital signaturesPublic key
signatures

No central authority needed
BB has no access to the messages

72
Message Digests

Signature methods often couple authentication and
secrecy
Crypthography is slow, so it is desirable to be
able to send signed plaintexts
De Jonge and Chaum, 1987 authentication scheme
that does not require encrypting the entire
message

73
Message Digests

One-way hash function computes a fixed-length bit
string from an arbitrarily long piece of
plaintext
Hash function is called a message digest
Given MD(P), it is impossible to find P
No 2 messages can be generated that have the same
message digest

74
Authentication Message Digest Digital
SignatureHow?

If intruder changes P underway, Bob will see this
when he computes MD(P) himself
Bob cannot change P since there is no P so that
MD(P) MD(P)

75
Authentication Message Digest Digital Signature

Can also be used in the BB signature protocol
Several message digest functions have been
proposed (MD5, SHA, ...)

76
WWW Security

Communication

77
Communicationtransport level security

Secure Socket Layer (SSL) standard
SSL creates a secure connection between a client
and a server
By convention, URLs that require an SSL
connection start with https//
Provides data encryption, server authentication,
message integrity, and optional client
authentication for a TCP/IP connection

78
SSL (v. 3.0) how?

Comes with 2 strengths 40-bit and 128-bit
session key
Runs above the transport layer (TCP) and below
the application layer (http, ...)
2 phases
Handshake
Data transfer

79
SSL (v.3.0) how?

Handshake phase
agree on set of cryptographic algorithms
establish set of cryptography keys
Web Server authenticates browser using
certificates
Data transfer
Client and server communicate using SSL Record
Protocol
SSL Record Protocol defines a message format used
to transmit encrypted data

80
Communicationapplication level security

SSL does not provide non-repudiation
In addition to SSL, messages should be digitally
signed

81
WWW Security

Anonymity and Privacy

82
Anonymity and Privacywhy?

Not to reveal surfing habits
Avoid being subject of targeted spam
Camouflage illegal actions

83
Anonymity at application level

Browser discloses personal information
Referring header
User-Agent header
Cookies
enables web server to store information on local
machine
ideal for user profiling
Same username/password for different sites

84
Anonymity at network level

IP address always revealed
Web proxy solution, but only for local observers

85
WWW Security

Current technologies

86
Pretty Good Privacy (1/3)

PGP is a tool, not a protocol!
Set of standards for encrypting messages,
providing keys and digital signatures
DES, 3DES, CAST, IDEA, ... for symmetric
encryption
RSA, DSS or Diffie-Hellman for asymmetric
encryption
MD5 or SHA-1 for calculation of digests
Confidentiality, integrity, authentication,
nonrepudiation

87
Pretty Good Privacy (2/3)

PGP is a hybrid cryptosystem
PGP first compresses the plaintext
Then PGP creates a session key (one-time only
secret key)
This session key is used in a fast symmetric key
algorithm to encrypt the plaintext
Session key is encrypted to the receivers public
key

88
Pretty Good Privacy (3/3)

Each user maintains 2 data structures
Private key ring contains one or more personal
private-public key pairs, so the user can change
periodically
Public key ring contains public keys of the
users correspondents

89
Secure Multi Purpose Internet Mail Extensions
(S/MIME)

Standard for sending files with binary attachment
over the internet
Toolkit for email clients
Based on the RSA encryption method
Competitor for PGP
Confidentiality, integrity, authentication,
nonrepudiation

90
Secure Electronic Transaction (1/2)

Cryptographic protocol for ensuring the security
of financial transactions on the Internet
Three parts
User has an electronic wallet (digital
certificate)
Merchant also has certificates
SET payment server (bank)

91
Secure Electronic Transaction (2/2)