Security on the World Wide Web - PowerPoint PPT Presentation

1 / 95
About This Presentation
Title:

Security on the World Wide Web

Description:

Organized as a layered model # of layers, content of layers depending from network to network ... Each user chooses a secret key and caries it by hand to BB's office ... – PowerPoint PPT presentation

Number of Views:114
Avg rating:3.0/5.0
Slides: 96
Provided by: sven93
Category:
Tags: caries | security | web | wide | world

less

Transcript and Presenter's Notes

Title: Security on the World Wide Web


1
Security on the World Wide Web
2
Content
  • WWW History architecture
  • Security issues WWW
  • Cryptography principals
  • Securing the WWW

3
World Wide Web general architecture
4
Network
  • Organized as a layered model
  • of layers, content of layers depending from
    network to network
  • 2 important reference models
  • OSI (7 layers)
  • TCP/IP (4 layers, used for the Internet)

5
TCP/IP Reference Model
6
TCP/IP Reference Model
  • Layered model
  • Each layer offers functionality to layer
    above
  • Separation of concerns

7
TCP/IP Reference Model
  • inject packets into the network
  • Major issue packet routing
  • Defines an official packet format and
    protocol, named IP

8
TCP/IP Reference Model
  • To let peer entities on source and
    destination communicate
  • Major issue packet sequencing, flow control
  • 2 protocols TCP / UDP

9
TCP/IP Reference Model
  • Applications building on layer below
  • Examples telnet, smtp, ftp, DNS, http,

10
TCP/IP Reference Model
  • Largely unspecified
  • Host should connect to the network using some
    protocol so it can send IP packets

11
TCP/IP Reference Model protocols
12
TCP/IP Reference Model IP protocol
13
TCP/IP Reference Model IP protocol
  • Keeps track of which version of the protocol the
    datagram belongs to
  • Tells how long the header is

14
TCP/IP Reference Model IP protocol
  • Allows the host to tell the subnet what kind of
    service it wants (different possibilities of
    reliability and speed)
  • Both header and data (max. is 65535 bytes)

15
TCP/IP Reference Model IP protocol
  • All fragments of one datagram have the same
    identification value
  • Tells where in the current datagram this fragment
    belongs

16
TCP/IP Reference Model IP protocol
  • Unused bit
  • DF Dont fragment datagram (e.g. Destination
    cannot reconstruct)
  • MF More fragments

17
TCP/IP Reference Model IP protocol
  • Counter used to limit packet lifetimes
  • When internet layer assembled a complete
    datagram, it needs to give it a transport process
    (TCP, UDP)

18
TCP/IP Reference Model IP protocol
  • Is usefull for detecting errors generated inside
    a router
  • Verifies the header only

19
TCP/IP Reference Model IP protocol
  • Address of sender
  • Address of receiver

20
TCP/IP Reference Model TCP protocol
21
TCP/IP Reference Model TCP protocol
  • Both sender and receiver create endpoints
    (sockets)
  • Socket number IP adress of host 16-bit local
    to that host (port)

22
TCP/IP Reference Model TCP protocol
  • Position of data in the original data stream
  • Acknowledges the acceptance of data from the
    other device

23
TCP/IP Reference Model TCP protocol
  • The number of 32-bit words in the TCP header.
    This indicates where the data begins
  • 6-bit field not used (set to 0)

24
TCP/IP Reference Model TCP protocol
  • Six 1-bit flags
  • URG to indicate if the urgent pointer is in use
  • ACK to indicate that the acknowledgement number
    is valid
  • PSH request the receiver to deliver the data to
    the application upon arrival instead of buffering
  • RST used to reset the connection
  • SYN to establish connections
  • FIN to release the connection

25
TCP/IP Reference Model TCP protocol
  • Defines the size of the sliding window.
  • Error checking and correction

26
TCP/IP Reference Model TCP protocol
  • Some events may cause TCP to stop accumulate data
    and transmit everything it has for that
    connection immediately ( urgent data)
  • Defines the end of the urgent data so that the
    receiving application knows when it is over

27
TCP/IP Reference Model TCP protocol
  • Most important option is the one that allows each
    host to specify the maximum TCP payload it is
    willing to accept

28
TCP/IP Reference Model UDP protocol
29
TCP versus UDP
  • TCP guarantees a fault-free transportation
    channel to an application
  • Packets that didnt reach the destination are
    send again
  • Packets arrived in the wrong order are reordered
  • ...
  • UDP gives no guarantees

30
TCP versus UDP (cont.)
  • TCP is a connection oriented protocol
  • First establish a connection
  • Use the connection for data transmission
  • Release the connection
  • UDP is a connectionless protocol (UDP packets can
    be send immediately)

31
TCP versus UDP (cont.)
  • TCP contains flow control
  • Both sides of the connection can tell the other
    party how many data can be send
  • So when the sender sends to much data he will be
    slowed down by the receiver

32
TCP/IP Reference Model HTTP protocol
  • HTTP client opens connection to server
  • HTTP client sends request message
  • HTTP server responds
  • HTTP server closes connection

33
TCP/IP Reference Model HTTP protocol
From Figure 13.3 in Stevens
34
TCP/IP Reference Model sending http packets
  • Application layer

Transport layer
Internet layer
35
World Wide Web security
  • WWW was not designed with security in mind
  • Problems
  • eavesdropping
  • spoofing
  • altering information in transit
  • executing malicious code

36
World Wide Web motivations for hacking
  • Students for fun
  • Sales representative make false claims
  • Businessman steal competitors info
  • Ex-employee revenge
  • Spy steal military secrets
  • Stockbroker deny promise
  • Client deny acquisition

37
Security Issues
  • Confidentiality
  • secrecy of what is send
  • Authentication
  • identification of who is sending
  • Integrity
  • message send message received
  • Nonrepudiation
  • sender cannot deny sending a message

38
Security TCP/IP Reference Model
  • Physically secure clients and servers
  • Secure wires

39
Security TCP/IP Reference Model
  • Filter (IP-) packages

40
Security TCP/IP Reference Model
  • Encrypt entire connection (transparent)

41
Security TCP/IP Reference Model
  • Explicit cryptography
  • Must handle user authentication and
    non-repudiation

42
Cryptography introduction
  • What? a collection of techniques to keep
    information secure
  • Purpose twofold
  • Encrypt the original, understandable message into
    a non-understandable message (using an encryption
    key)
  • Ability to decrypt the unreadable message back
    into its original form (using a decryption key)

43
Cryptography basics (1/2)
44
Cryptography Basics (2/2)
  • Good encryption/decryption algorithm
  • Key length crucial
  • How longer the key is, how longer the work for
    the cryptanalyst
  • Prevent kid from reading email 64-bit key
  • Governmental information at least 256 bits needed

45
Cryptography basic techniquesSubstitution
Cipher
  • Substitute one letter by another
  • Caesar cipher shift letters 3 positionsA -gt C,
    B -gt D, C -gt E,
  • Generalization shift letters k positions
  • Improvement monoalphabetic substituionplain
    text a b c d e f g h i j k l m n
    ciphertext q w e r t y u i o p a s
    d f
  • Disadvantages statistical attacks, probable word
    attack

46
Cryptography basic techniquesTransposition
Cipher
  • Re-order letters, not disguise
  • Key is word not containing any repeated letters
    (e.g. MEGABUCK)
  • Purpose of the key is to number the columns
  • Plain text is written in rows, ciphertext read
    out by means of columns
  • Safer than substitution, but still vulnerable

47
Cryptography basic techniquesOne-Time Pad
  • 1. Choose a random bit string2. Convert
    plaintext into bitstring (e.g. ASCII)3. Compute
    exclusive OR of these bitstrings
  • Potentially unbreakable because each plaintext is
    a candidate
  • Disadvantage key cannot be memorized, amount of
    data limited, tedious synchronization

48
Cryptography algorithmsfundamental principles
  • Redundancy
  • To avoid garbage to be miss-interpreted as a
    valid message
  • Freshness
  • To avoid resending old messages

49
Cryptography algorithmscategories
  • Symmetric key algorithm
  • use same key to encrypt and decrypt
  • Public key algorithm
  • one key to encrypt, another to decrypt
  • Hybrid cryptosystems
  • public key algorithm for exchange of (symmetric)
    session key

50
Symmetric Key Algorithms
  • Very fast
  • Fairly easy to implement
  • Used for bulk encryption
  • Two techniques
  • Stream algorithms (encrypt bits of message one at
    a time)
  • Block algorithms (encrypt a number of bits as one
    unit)
  • often implemented as a network of black boxes
    each imposing a reversible transformation on the
    plaintext

51
Symmetric Key Algorithms how?
  • Mutually decide on cryptography algorithm C D
    to use
  • Mutually decide which key K to use
  • Person A uses key to produce cyphertext from the
    plaintext (CK(T))
  • Person B uses key to decrypt cyphertext back into
    plaintext (DK(CK(T))

52
Symmetric Key Algorithms disadvantages
  • key must be exchanged secretly (the problem of
    key management)
  • Particular hacks are possible

53
Symmetric Key Algorithms Data Encryption
Standard
  • Official U.S. government standard, 1977, ANSI
    standard in 1981
  • Encrypts block of 64 bits
  • Uses 56 bit key
  • 19 distinct stages
  • No longer safe

54
Symmetric Key Algorithms other examples
  • DESX
  • two additional steps
  • Triple-DES
  • DES three times with different keys
  • IDEA
  • 128 bit key
  • believed to be strong
  • used by PGP
  • RC2, RC4, RC5

55
Public Key Algorithms
  • Use of 2 keys (public key and private key)
  • Proposed by Diffie and Hellman (Stanford, 1976)
  • Slow
  • Difficult to produce encryption algorithm
  • Few existing algorithms

56
Public Key Algorithms
57
Public Key AlgorithmsRSA
  • Named after inventors Rivest, Shamir, Adleman
  • Based on prime factorization
  • Widely used
  • Used primarily for distributing one-time session
    keys for use with e.g. DES

58
Public Key Algorithmsother examples
  • Diffie-Hellman key exchange
  • ElGamal (based on discrete algorithms)
  • Digital Signature Standard (DSS)

59
Hybrid Cryptosystems
  • Use slow, public key algorithm to exchange key K
  • Use K as key for a symmetric key algorithm
  • Combines advantages of both public and private
    key algorithms

60
WWW Security
  • Authentication

61
Authentication protocols
  • Technique to verify that the communication
    partner is who it is supposed to be
  • E.g. Bobs process asks the file server to delete
    the file salaries.txt
  • Is it actually Bobs process? ? authentication
  • Is Bob authorized to do that? ? authorization

62
Authentication protocolsbased on a shared
secret key
  • Suppose Bob and Alice already have a secret key
    KAB
  • Based on sending a random number RB (challenge)
    to the one asking a service
  • Response going to challenger KAB(RB)
  • Known as challenge-response protocols

63
Authentication protocolsChallenge - Response
  • Shortened protocol

64
Authentication protocolsChallenge - Response
  • Shortened protocol

This is wrong reflection attack!!!
65
Authentication protocolsReflection attack with
multiple sessions
66
Authentication protocolsChallenge Response
Bob doesnt send anything before Alice is
authenticated!!
67
Authentication protocolsChallenge
ResponseRequirements
  • Have initiator prove identity first
  • Have initiator and responder use different keys
  • Use different challenges
  • Avoid unrestricted parallel sessions

68
AuthenticationDigital signatures
  • To solve the absence of an authorized handwritten
    signature for legal, financial and other
    documents
  • Basically 3 things are needed
  • The receiver can verify the claimed identity of
    the sender
  • The sender cannot later repudiate the contents of
    the message
  • The receiver cannot possibly construct the
    message himself

69
Authentication digital signaturesSecret key
signatures
  • One central authority that knows everything and
    whom everyone trusts ? Big Brother
  • Each user chooses a secret key and caries it by
    hand to BBs office

70
Authentication digital signaturesSecret key
signatures
71
Authentication digital signaturesPublic key
signatures
  • No central authority needed
  • BB has no access to the messages

72
Message Digests
  • Signature methods often couple authentication and
    secrecy
  • Crypthography is slow, so it is desirable to be
    able to send signed plaintexts
  • De Jonge and Chaum, 1987 authentication scheme
    that does not require encrypting the entire
    message

73
Message Digests
  • One-way hash function computes a fixed-length bit
    string from an arbitrarily long piece of
    plaintext
  • Hash function is called a message digest
  • Given MD(P), it is impossible to find P
  • No 2 messages can be generated that have the same
    message digest

74
Authentication Message Digest Digital
SignatureHow?
  • If intruder changes P underway, Bob will see this
    when he computes MD(P) himself
  • Bob cannot change P since there is no P so that
    MD(P) MD(P)

75
Authentication Message Digest Digital Signature
  • Can also be used in the BB signature protocol
  • Several message digest functions have been
    proposed (MD5, SHA, ...)

76
WWW Security
  • Communication

77
Communicationtransport level security
  • Secure Socket Layer (SSL) standard
  • SSL creates a secure connection between a client
    and a server
  • By convention, URLs that require an SSL
    connection start with https//
  • Provides data encryption, server authentication,
    message integrity, and optional client
    authentication for a TCP/IP connection

78
SSL (v. 3.0) how?
  • Comes with 2 strengths 40-bit and 128-bit
    session key
  • Runs above the transport layer (TCP) and below
    the application layer (http, ...)
  • 2 phases
  • Handshake
  • Data transfer

79
SSL (v.3.0) how?
  • Handshake phase
  • agree on set of cryptographic algorithms
  • establish set of cryptography keys
  • Web Server authenticates browser using
    certificates
  • Data transfer
  • Client and server communicate using SSL Record
    Protocol
  • SSL Record Protocol defines a message format used
    to transmit encrypted data

80
Communicationapplication level security
  • SSL does not provide non-repudiation
  • In addition to SSL, messages should be digitally
    signed

81
WWW Security
  • Anonymity and Privacy

82
Anonymity and Privacywhy?
  • Not to reveal surfing habits
  • Avoid being subject of targeted spam
  • Camouflage illegal actions

83
Anonymity at application level
  • Browser discloses personal information
  • Referring header
  • User-Agent header
  • Cookies
  • enables web server to store information on local
    machine
  • ideal for user profiling
  • Same username/password for different sites

84
Anonymity at network level
  • IP address always revealed
  • Web proxy solution, but only for local observers

85
WWW Security
  • Current technologies

86
Pretty Good Privacy (1/3)
  • PGP is a tool, not a protocol!
  • Set of standards for encrypting messages,
    providing keys and digital signatures
  • DES, 3DES, CAST, IDEA, ... for symmetric
    encryption
  • RSA, DSS or Diffie-Hellman for asymmetric
    encryption
  • MD5 or SHA-1 for calculation of digests
  • Confidentiality, integrity, authentication,
    nonrepudiation

87
Pretty Good Privacy (2/3)
  • PGP is a hybrid cryptosystem
  • PGP first compresses the plaintext
  • Then PGP creates a session key (one-time only
    secret key)
  • This session key is used in a fast symmetric key
    algorithm to encrypt the plaintext
  • Session key is encrypted to the receivers public
    key

88
Pretty Good Privacy (3/3)
  • Each user maintains 2 data structures
  • Private key ring contains one or more personal
    private-public key pairs, so the user can change
    periodically
  • Public key ring contains public keys of the
    users correspondents

89
Secure Multi Purpose Internet Mail Extensions
(S/MIME)
  • Standard for sending files with binary attachment
    over the internet
  • Toolkit for email clients
  • Based on the RSA encryption method
  • Competitor for PGP
  • Confidentiality, integrity, authentication,
    nonrepudiation

90
Secure Electronic Transaction (1/2)
  • Cryptographic protocol for ensuring the security
    of financial transactions on the Internet
  • Three parts
  • User has an electronic wallet (digital
    certificate)
  • Merchant also has certificates
  • SET payment server (bank)

91
Secure Electronic Transaction (2/2)
  • How?
  • Encrypted credit card number is sent to merchant
  • Merchant digitally signs the payment and forward
    it to bank
  • Bank decrypts and executes
  • Advantage merchants do not see credit card number

92
WWW Security
  • (Client side) Mobile Code

93
(Client side) Mobile Code introduction
  • Examples Java applets, ActiveX, Javascript,
    VBScripts,
  • Dangerous can potentially do everything the user
    is allowed to do

94
Mobile CodeJava applets
  • JDK 1.1
  • applet runs in sandbox
  • sandbox model is extremely restrictive
  • trades functionality for safety
  • limited environment
  • No acces to file system on client machine
  • No opening of other network connection other than
    from which the applet came
  • No execution of programs on client machine
  • Cannot even find name of users home directory
    (where JVM is located)

95
Mobile CodeJava applets
  • JDK 1.2 Security Issues
  • uses digital signature
  • All code can be subject to a security policy
  • Security policy defines a set of permissions
  • Runtime system organizes code into individual
    domains
  • Each domain encloses a set of classes with the
    same set of permissions
  • privileges assigned to pieces of code
Write a Comment
User Comments (0)
About PowerShow.com