Security for Web Applications

1
Security for Web Applications

• Done by
• Ola Mustafa
• Sahar Yousef

2
Introduction

• WAs are publicly available over the Internet,
  intended to reach a large number of potential
  users.
• More comprehensive security techniques compared
  with other kinds of applications.
• WA security is the second main concern after
  functionality for web developers.

3
Security Aspects

• Securing the end users computer and personal
  data stored on it.
• Securing information in transit.
• Securing the server and data stored on it.

4
Security Aspects
5
Example
6
Security Terms

• Confidentiality
• Integrity
• Non-repudiation
• Authentication
• Authorization
• Availability
• Privacy

7
Confidentiality

• Data exchanged between a customer and a provider
  cannot be read by a third party.
• Encryption is the foundation of confidential
  message exchange over insecure channels.

8
Integrity

• Strict notion Nobody is able to modify the
  exchanged information.
• In Reality Forgery cannot be excluded in
  general, but it is at least possible to detect
  data modifications.

9
Non-repudiation

• Important aspect of electronically placed
  contracts.
• Customers ordering books at an online store,
  should not be able to deny orders they placed.

10
Authentication

• Verifying the identity of a person or general
  subject.
• Authentication often takes place through a
  login/password mechanism.

11
Authorization

• Used to infer which privileges authenticated
  users are granted.

12
Availability

• Guaranteeing the availability of Web applications
  is of economic relevance, as service downtime
  typically implies financial losses.

13
Privacy

• Reliable handling of data, like personal
  information, e.g., contact data or credit card
  numbers,
• Such data must not be accessible to unauthorized
  third parties which might misuse it for identity
  theft.

14
Encryption, Digital Signatures and Certificates

• Encryption (or ciphering) means that by use of
  mathematical functions plain text is transformed
  into cipher text.
• Decryption (or deciphering) describes the reverse
  process.

15
Encryption algorithms.

• Symmetric algorithm.
• Asymmetric algorithm.

16
Symmetric algorithm.

• Using symmetric encryption, the receiver of a
  message uses the same key (shared secret) to
  compute the plain text from the cipher text as
  the sender used to encrypt it.
• Prominent representatives of symmetric encryption
  algorithms are DES and AES

17
DESThis figure illustrates the encryption
process for a 64 bit data block.
18
DES

• As 56 bits determine a DES key, up to 256 keys
  have to be examined for a brute force attack.
  Nowadays, DES is no longer regarded to provide
  sufficient security because of the restricted key
  length and the performance of todays computers.
• Triple-DES Using three keys, the effective key
  length becomes 168 bits.

19
A problem!

• When using symmetric encryption, the employed
  keys, i.e., the shared secrets, have to be
  exchanged between the communicating parties
  during an initial stage. One possibility is to
  use separate communication channels, like
  telephone calls. Obviously, this is not very
  applicable to e-commerce and especially to Web
  services which do not rely on human interaction.
  Asymmetric encryption is helpful to solve the key
  exchange problem.

20
Asymmetric Cryptography

• Sender and receiver employ different keys for
  ciphering and deciphering.
• Each participant has a pair of keys consisting of
  one private key D and one public key E.

21
Asymmetric Cryptography

• Alice wants to send a message m to the bookstore,
  she uses E for encryption.
• E(m) can only be decrypted using private key D,
  i.e., D(E(m)) m.

22
Asymmetric Cryptography

• A widespread asymmetric encryption algorithms is
  RSA.
• Two large prime numbers, p and q, are generated
  randomly and kept secret.
• The RSA modulus n is determined as n (p q)
  (typically a 1024 bit number).
• e (a part of the public key) and d (a part of the
  private key) are chosen such that
• 1 (e d) modulo ((p - 1)(q - 1)) holds.
• To obtain cipher text (c) c E(m) me modulo
  n.
• To restore original text (m) m D(c) cd
  modulo n.

23
Asymmetric Cryptography
24
Asymmetric Cryptography

• Why to use symmetric cryptography at all?
• The reason is that symmetric algorithms are much
  faster than asymmetric ones (about 100 to 1000
  times).

25
Digital Signatures

• Digital signatures can be used to guarantee data
  integrity, to provide non-repudiation, and to
  authenticate identities.
• Digital signatures rely on hash algorithms and
  asymmetric cryptography.

26
Digital Signatures

• Hash algorithms compute a small piece of data out
  of a possibly much larger data block.
• The result is comparable to a fingerprint or a
  checksum of the data block. Any modification to
  the input data leads to a completely different
  hash key.
• Hashing can be used to track tampering with very
  little extra effort.
• However, hashing alone cannot guarantee message
  integrity. A malicious man in the middle still
  can modify the message and at the same time
  replace the hash key with a new, appropriate one.
  This is where encryption comes into play.

27
Digital Signatures

• Alice wants to ensure the integrity of her
  message m.
• She first computes the respective hash value,
  h(m). Subsequently she digitally signs the hash
  value using her private key DA by computing
  SigA(m) DA(h(m)). SigA(m) is then attached to
  m.
• The bookstore can examine if the message was
  tampered with by first decrypting SigA(m) using
  Alices public key, thus obtaining h(m). Since
  only Alice knows her private key, it must have
  been her who signed the message.
• For the received contact message m,
  book.store.com calculates the respective hash key
  h(m). When h(m) h(m), book.store.com can be
  sure that m m.
• Moreover, Alice cannot claim to not have sent the
  message, as she is the only one who could have
  signed it. Thus, digital signatures are also
  useful for non-repudiation and authentication.

28
Certificates and Public Key Infrastructure

• How can you be sure of using the correct public
  key for encryption?
• How can Alice be sure to actually use the public
  key of book.store.com and not of any malicious
  third party?
• Digital certificates are a widespread technology
  for providing reliable public key distribution
  for Web application scenarios.

29
Certificates and Public Key Infrastructure

• Certificates are issued by certification
  authorities (CA).
• Cas assure the integrity of certificates by
  digitally signing them.
• Trust can be delegated by CAs vouching for the
  integrity of other CAs, so that hierarchies of
  trusted CAs can be established.
• a certificate has a validity period. After this
  period has expired a new certificate has to be
  issued.
• If a certificate is no longer trustworthy, e.g.,
  if the respective private key has been disclosed,
  the certificate is revoked and listed in
  so-called certificate revocation lists (CRL).

30
Secure Client/Server-Interaction

• Point-to-Point Security
• End-to-End Security
• User Authentication and Authorization
• Electronic Payment Systems

31
Point-to-Point Security

• SSL (Secure Sockets Layer) and TLS (Transport
  Level Security) are the most widely used
  protocols for secure messaging over the Internet.

32
The SSL Handshake Protocol

• The client sends a request to the server in order
  to establish a secure connection containing
  information about its cryptographic settings.
• The server replies with its cipher settings and
  its certificate.
• The client checks the servers certificate
  validity .
• The client generates a pre-master secret based on
  the data exchanged so far, encrypts it using the
  servers public key, and sends it to the server.
• Client and server generate the master secret
  based on the pre-master secret.
• Using the master secret, both client and server
  generate the symmetric session key.
• The client informs the server that future
  messages will be encrypted. An additional,
  already encrypted message is sent to the server
  stating that the clients part of the SSL
  handshake is completed.
• The server informs the client that future
  messages will be encrypted. Analogously to the
  client, it sends an additional encrypted message
  stating that the server part of the SSL handshake
  is completed.

33
Server Certificate Validation

• The client checks whether the issuing CA is
  trusted. Each client maintains a list of trusted
  CAs. The issuing CA is trusted if it is part of
  the list, or if a certificate chain can be
  determined that ends up in a CA which is
  contained in the clients list.
• The digital signature of the certificate is
  evaluated using the issuing CAs public key.
• The validity period is examined to see whether
  the current date is within the certificates
  validity period.
• The domain name listed in the certificate is
  compared with the servers domain name for
  equality.
• The certificate revocation list is checked to see
  if the certificate has been revoked.

34
End-to-End Security

• Online transactions can involve more than two
  communicating entities.
• In our example, the bookstore plays an
  intermediary role when it forwards Alices credit
  card data to ChiefCard, and does not require
  seeing Alices credit card data in plain text.
• What is required is end-to-end security between
  Alice and ChiefCard. This is also known as
  message level security.
• The security information is contained within the
  message. This allows parts of a message to be
  transported without intermediary parties seeing
  or modifying it.
• This is achieved by XML Encryption at the message
  layer.

35
Electronic Payment Systems

• SET
• SET stands for Secure Electronic Transaction and
  is powered by MasterCard, Visa and software
  companies like Microsoft and others.
• When paying online, the customers credit card
  number is encrypted and sent to the vendor where
  the payment information is digitally signed and
  forwarded to the processing bank.
• The message is decrypted and the credit charge is
  processed. Thus, the credit card information
  remains private and is not available to the
  vendor in plain text.

36
PayPal

• PayPal belongs to the eBay company and is an
  electronic payment system easing payment
  transactions between arbitrary users. Thus, it is
  not only applicable to the standard
  vendorcustomer scenario but particularly
  applicable to online auctions.
• The only prerequisites for sending money to a
  contracting partner are the possession of a valid
  e-mail address and a PayPal account.

37
Authentication

• Authentication is concerned with the verification
  of a users identity.
• A widespread authentication method is the
  well-known login/password-mechanism.
• Another way to authenticate a users identity is
  to employ digital certificates. This way is
  recommended and more usual for B2B
  (business-to-business) applications

38
Authorization

• What authenticated users are allowed to do.
• Discretionary access control (DAC) according to
  which privileges or prohibitions are assigned to
  subjects (users).
• If the number of users is very large, it is
  recommended to use role based access control
  (RBAC) where privileges and prohibitions are
  assigned to roles.

39
Authorization

• book.store.com might introduce a role Standard
  that grants the right to buy books by credit
  card.
• Every registered user is granted this role by
  default.
• If customers have proven to be reliable, e.g., by
  having bought several articles and by having good
  credit ratings, they are granted the Gold-role
  that implies the Standard-role and additionally
  allows buying books on invoice.

40
Authorization

• Access rights a user is granted depend on
• The users identity and context (like age).
• His/her attributes that determine the level of
  trustworthiness (can change dynamically).

41
Client Security Issues Preserving Privacy

• How private information is handled by the
  providers after the transmission.
• The Platform for Privacy Preferences (P3P)
  provides a standard for protection policies in a
  machine-readable XML-format.
• Service providers publish privacy policies,
  specifying which kind of information they collect
  and for what purpose. Additionally, optional
  human-readable versions of the policies can be
  provided.

42
Preserving Privacy

• Customers declare their privacy preferences
  through capable browsers or plug-ins.
• When a Web site is loaded, the data protection
  declarations are compared with the users
  preferences.
• If no privacy conflict is detected, the site is
  displayed.
• Otherwise, the user is warned about possible
  conflicts and obtains details of the privacy
  policy in a human-readable format.

43
Preserving Privacy - Example

• Alice agrees to transfer her personal information
  to online to be used for corresponding
  transactions.
• book.store.com were cooperating with an
  advertising agency for analyzing consumer
  behaviour. Alices personal information would
  also be sent to this partner.
• A policy conflict arises and Alice would be
  informed prior to deciding whether to continue
  her book order process or to abort.

44
Mobile Code Security

• Complex tasks are sometimes hard to present via
  static HTML pages. Dynamic Web presentations
  using mobile code like JavaScript, Java applets,
  or ActiveX controls can improve usability.
• Mobile code is executed on a host (e.g., Alices
  home computer) other than the one it originates
  from (e.g., book.store.coms Web server).

45
Mobile Code Security

• Severe security risks exist if potentially
  malicious programs (of unknown origin) are
  executed without safeguards. Possible threats are
  for example eavesdropping, unauthorized access to
  the local file system, impact on the systems
  stability or misuse of the local system for
  performing further attacks.
• Damage through harmful mobile code can be averted
  through
• Sandboxing.
• fine grained access control.
• code signing.

46
Sandboxing

• Sandboxing leads to a restriction of the
  functionality that mobile code is allowed to
  perform on the clients host (accessing sensitive
  resources like the file system).
• - restricts the functionality of applets.
• A high level of security can be achieved by
  significantly restricting the functionality of
  programs, which reduces the usefulness and
  flexibility in return.

47
Fine grained access control

• Using fine grained access control Both objectives
  can be balanced through a fine-grained access
  control model, as for example supported by Java
  Version 2.
• Applications are executed in a restricted sandbox
  environment by default.
• The reliable execution of useful programs is made
  possible.

48
Code signing

• Code signing was primarily introduced by
  Microsoft to provide security for the ActiveX
  framework.
• When an ActiveX program is downloaded, the
  browser verifies that its signature is valid and
  the code has not been modified.
• signed code is granted full access to the
  resources of the client host while the execution
  of unsigned and untrusted code is rejected.

49
Phishing and Web Spoofing

• Phishing attacks are performed with the intention
  to acquire personal information like social
  security numbers and credit card numbers that can
  be used for identity theft or credit card fraud.
• Web spoofing denotes techniques for mocking the
  Web presences of trusted corporations with the
  intention to trick customers.

50
Phishing and Web Spoofing

• credit card company ChiefCard offers its online
  banking service at (http//www.chief.card.com/bank
  ing). In order to use this service, our client,
  Alice, has to enter her credit card number and a
  personal identification number (PIN).
• In the course of a phishing attack, Alice
  receives an e-mail pretending to stem from an
  official representative of ChiefCard.

51
Phishing and Web Spoofing

• Web spoofing, which is employed for phishing
  attacks, typically relies on the following
  factors
• Convincing Web site and e-mail design.
• Use Convincing URLs. To give an example, the
  lower-case i is hard to distinguish from the
  lower-case l and attackers might trick clients
  using the URL (http//www.chlef.card.com/banking)
  instead of the official site.

52
Phishing and Web Spoofing

• Technical protection against phishing and Web
  spoofing seems hard to achieve.
• For service providers it is best practice to
  offer customers feasible alternatives, like home
  banking relying on smartcards instead of PIN/TAN
  mechanisms

53
Desktop Security

• End users security can be endangered through
  threats like viruses and worms.
• It is up to the clients counteract these security
  threats by using Internet services thoughtfully,
  updating operating systems and browser software
  regularly, and by using additional security
  software like firewalls and virus scanners.

54
Most common security threats - Adware and Spyware

• Adware are programs used to deliver advertising
  contents. They are visible to the user and often
  experienced to be annoying.
• Spyware intends to remain unrecognized. These are
  programs that are used to gather personal
  information like a users passwords, bank data,
  and log-in details.
• They monitor the users activities and scan the
  system. The gathered information is then relayed
  to remote computers.
• Adware and spyware are typically bundled with
  other programs that are available as freeware or
  shareware. Furthermore, they are sent as e-mail
  attachments.

55
Dialers

• Dialers are programs that build up Internet
  connections over a computers modem using a
  premium rate number (e.g. 0900).
• Typically, the costs for the connections are
  disproportionately expensive.
• Dialers might be installed without the explicit
  knowledge of users.
• Dialers are distributed in similar ways to
  spyware in e-mails and as bundles with other
  programs.
• With the growing number of broadband connections
  using DSL, dialers are on the decline.

56
Remote Access/Backdoors

• Programs that enable remote access, i.e., provide
  the ability for remote computers to connect to
  the clients host.
• Such programs are distributed like dialers. They
  can be misused to obtain personal information,
  damage files or remote control the client host.
• Typically, programs providing remote access
  attempt to hide themselves from the user and the
  remote connections are established behind the
  scenes.

57
Viruses, Worms and Trojan Horses

• Viruses are programs or code that are attached to
  executable files or documents that support
  macros.
• A virus is executed when the host program is
  executed or the document is loaded respectively.
• Viruses are spread, usually unknowingly, through
  people sharing infected files or sending e-mails
  with viruses contained in the attachment.
• While some viruses are only replicating, some can
  cause further damage to the file system or system
  stability.

58
Viruses, Worms and Trojan Horses

• Worms are programs that in contrast to viruses
  can replicate or copy themselves.
• A worm might send a copy of itself to all the
  addresses listed in the local e-mail address
  book. This procedure continues at the recipients
  hosts and so on, thus causing high traffic and
  consuming most of the available computational
  power.
• Apart from the threat that systems became
  unavailable due to unrestricted replication, some
  worms also bring about further security threats
  like the well-known Blaster worm that installs a
  backdoor on infected systems.

59
Viruses, Worms and Trojan Horses

• Trojan horses are programs that do not replicate
  themselves but typically cause damage or
  compromise the security of infected computers.
• They are hidden inside other programs or are
  directly sent to users, e.g., as e-mail
  attachments.
• Trojan horses appear to be useful software and
  often offer the pretended useful functionality.
  But when executed, they additionally perform
  other kinds of functionality typically
  detrimental to the one they purport to the user.
• The damage caused varies and can include data
  theft and destruction or illegitimate access on
  computational resources by providing remote
  access to the client host.

60
Service Provider Security Issues

• Cross-Site Scripting
• SQL Injection
• Security of CGI Programs
• Service Availability
• Host Security

61
Cross-Site Scripting

• A well-known attack focusing on shortcomings of
  dynamically generated Web pages.
• XSS attacks exploit the fact that parameters are
  sometimes not checked when they are passed to
  dynamically generated Web sites, which allows the
  insertion of script code instead of the expected
  parameter values.
• Attackers can succeed in acquiring personal
  information of clients.

62
Prevention

• Input filtering Ingoing requests are checked to
  see whether they contain potential XSS attacks.
  For example HTML tags can be prohibited.
• Output filtering is quite similar to input
  filtering, but the user data are checked before
  the HTTP-response is sent to the client.
• Application firewalls stop HTTP traffic and can
  detect and prohibit XSS attacks before being sent
  to the Web server.

63
SQL Injection

• SQL query statements are generated and sent to
  database systems in to retrieve or modify data.
• SQL injection means that attackers are able to
  execute malicious SQL code by exploiting flaws in
  the implementation of the Web application.

64
SQL Injection - Example

• Users are redirected to their personalized
  mybookstore pages after having entered their
  username and password in a Web form.
• Before being redirected, the submitted account
  information is validated using the subsequent SQL
  query
• SELECT FROM users WHERE name 'name' AND
  password 'password'

65
SQL Injection - Example

• Assume that a malicious user enters OR
  into the password field.
• SELECT FROM users WHERE name 'Alice' AND
  password " OR "
• The WHERE clause will always evaluate to true.
• SELECT FROM books WHERE title like
  'searchcriterion
• if the query is executed with the following
  search item
• ' drop table books --
• First the table books is scanned with no specific
  title being stated. Afterwards, the second
  command leads to the deletion of the books table.

66
SQL Injection -Prevention

• Parameter verification Verify the syntax of the
  input parameters The application programmer has
  to be aware of all possible SQL injection attack
  types.
• Prepared statements Prepared statements are
  parameterizable, which means that statements and
  parameters are sent to the database separately.
• Exception handling Database errors that are
  displayed to the client instead of being caught,
  not only bear the impression of low
  implementation quality, but also provide
  attackers with helpful information.
• Principle of least privilege If the least
  privilege principle is followed the above attack
  of dropping the table wouldnt succeed this
  means that a database account is used that is
  only granted the required privileges, i.e.,
  select on the table books.

67
Security of CGI Programs

• The Common Gateway Interface (CGI) is a standard
  for the communication between programs or scripts
  and a Web server.
• CGI programs offer a very flexible way of
  creating dynamic Web applications, but their
  flexibility comes along with some security holes
  that have to be considered.

68
CGI security holes

• CGI programs can leak information about the host
  system they are executed on. This can enable
  malicious users to break into the system. Thus,
  information hiding is a necessity to prevent
  attacks.
• CGI programs can be victims to code injection.

69
Aspects for the reliable implementation of CGI

• Storage Location of CGI Programs
• It is recommended to use a dedicated central
  directory.
• In order to prevent unintended information flow,
  the CGI directory should not contain superfluous
  files like prior program versions, which
  attackers can analyze to detect flaws in the
  implementation that might enable certain attacks.
• In the ideal case only system administrators and
  service developers should have write access to
  the CGI directory.
• ?Preventing Unauthorized Command Calls

70
Service Availability

• Denial of service attacks (DoS) attacks aim at
  compromising the system or the Web application,
  so that normal user requests can no longer be
  served.
• Performed by starving the system of critical
  resources like CPU, memory or disk space.
• A possible attack scenario can be the overloading
  of an application or an underlying resource like
  a database system by use of costly requests that
  consume most of the systems computational power.

71
Service Availability

• Buffer overflow attacks
• If user input is larger than the program
  pre-allocated memory, the program crashes in
  the best case.
• In the worst case, the input overwrites code in
  main memory with new code, which is used by
  advanced hackers to gain control of the system.

72
Host Security

• providing a high level of security for a Web
  application is a continuous process that demands
  the system be up-to-date.
• Firewalls provide a solution for preventing
  unauthorized access to private information
• By the use of firewalls, incoming and outgoing
  traffic via HTTP (port 80) andHTTPS (port 443)
  can be supervised and unrequired protocols or
  suspicious connections can be prohibited
• A SOAP firewalls policy specifies which services
  are accessible over the Internet. Furthermore,
  parameter checks can be performed to prevent code
  injection attacks.

73
Questions

• What is the difference between authentication and
  authorization?
• How can the client be sure to actually use the
  public key of server and not of any malicious
  third party?
• How does digital signature enhance
  non-repudiation security concept?
• What is the main advantage of PayPal payment
  system?
• What is the main difference between computer
  viruses and worms?
• What are the main preventions used to avoid SQL
  injection?