Web Security


Published on

Unit 5 Of ACN

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Web Security

  1. 1. WEB Security
  2. 2. Outline <ul><li>Web Security Considerations </li></ul><ul><li>Secure Socket Layer (SSL) and Transport Layer Security (TLS) </li></ul><ul><li>Secure Electronic Transaction (SET) </li></ul><ul><li>Recommended Reading and WEB Sites </li></ul>
  3. 3. Web Security Considerations <ul><li>WWW is Client server application over Internet and TCP/IP intranets </li></ul><ul><li>Web is vulnerable to attacks on web servers over the Internet </li></ul><ul><li>The WEB is visible outlet for corporates </li></ul><ul><li>Web servers are easy to configure and manage. </li></ul><ul><li>Complex software hide many security flaws. </li></ul><ul><li>Subverted servers will provide access to intranet systems </li></ul><ul><li>Users are not aware of the risks. </li></ul>
  4. 4. Security facilities in the TCP/IP protocol stack
  5. 5. SSL and TLS <ul><li>SSL was originated by Netscape </li></ul><ul><li>TLS working group was formed within IETF </li></ul><ul><li>First version of TLS can be viewed as an SSLv3.1 </li></ul>
  6. 6. SSL <ul><li>Make use of TCP </li></ul><ul><li>Provide reliable end to end secure communication </li></ul><ul><li>Two layers of protocols </li></ul><ul><ul><li>Higher layer </li></ul></ul><ul><ul><ul><li>Handshake </li></ul></ul></ul><ul><ul><ul><li>change cipher spec </li></ul></ul></ul><ul><ul><ul><li>Alert </li></ul></ul></ul><ul><ul><li>Lower layer </li></ul></ul><ul><ul><ul><li>Record </li></ul></ul></ul>
  7. 7. SSL Architecture
  8. 8. SSL connection <ul><li>A logical client/server link </li></ul><ul><li>A peer-to-peer connection with two network nodes. </li></ul><ul><li>Transient. </li></ul><ul><li>Every connection associated with one session. </li></ul>
  9. 9. SSL session <ul><li>An association between a client and a server </li></ul><ul><li>Defines a set of parameters such as  algorithms used, session number etc. </li></ul><ul><li>An SSL session is created by the Handshake Protocol </li></ul><ul><ul><li>that allows parameters to be shared among the connections made between the server and the client </li></ul></ul><ul><ul><li>Sessions are used to avoid negotiation of new parameters for each connection. </li></ul></ul><ul><li>A single session is shared among multiple SSL connections between the client and the server. </li></ul><ul><li>In theory, it may also be possible that multiple sessions are shared by a single connection, but this feature is not used in practice. </li></ul>
  10. 10. SSL session <ul><li>The concepts of a SSL session and connection involve several parameters that are used for SSL-enabled communication between the client and the server. During the negotiations of the handshake protocol, the encryption methods are established and a series of parameters of the Session State are subsequently used within the session. </li></ul>
  11. 11. SSL session state <ul><li>A session state is defined by the following parameters: </li></ul><ul><ul><li>session identifier: this is an identifier generated by the server to identify a session with a chosen client, </li></ul></ul><ul><ul><li>Peer certificate: X.509 certificate of the peer, </li></ul></ul><ul><ul><li>compression method: a method used to compress data prior to encryption,  </li></ul></ul><ul><ul><li>CipherSpec: specifies the bulk data encryption algorithm (for example DES) and the hash algorithm (for example MD5) used during the session, </li></ul></ul><ul><ul><li>Master secret: 48-byte data being a secret shared between the client and server </li></ul></ul><ul><ul><li>“ is resumable”: this is a flag indicating whether the session can be used to initiate new connections. </li></ul></ul>
  12. 12. SSL connection state <ul><li>The SSL connection state is defined by the following parameters: </li></ul><ul><ul><li>Server and client random: random data generated by both the client and server for each connection, </li></ul></ul><ul><ul><li>Server write MAC secret: the secret key used for data written by the server,  </li></ul></ul><ul><ul><li>Client write MAC secret: the secret used for data written by the client, </li></ul></ul><ul><ul><li>Server write key: the bulk cipher key for data encrypted by the server and decrypted by the client, </li></ul></ul><ul><ul><li>Client write key: the bulk cipher key for data encrypted by the client and decrypted by the server, </li></ul></ul><ul><ul><li>Initialisation vectors: for CBC mode of block cipher </li></ul></ul><ul><ul><li>Sequence number: sequence numbers maintained separately by the server for messages transmitted and received during the data session. </li></ul></ul>
  13. 13. Record protocol <ul><li>Services provided </li></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><ul><ul><li>Encryption of payloads using shared secret key obtained from handshake protocol </li></ul></ul></ul><ul><ul><li>Message Integrity </li></ul></ul><ul><ul><ul><li>MAC using shared secret key obtained from handshake protocol </li></ul></ul></ul>
  14. 14. SSL Record Protocol Operation
  15. 15. SSL Record Format
  16. 16. Change cipher spec protocol <ul><li>Payload of record protocol </li></ul><ul><li>Consist of single message </li></ul><ul><ul><li>Single byte value = 1 </li></ul></ul><ul><li>Purpose of message </li></ul><ul><ul><li>Cause copy of pending state to current state </li></ul></ul><ul><ul><li>Updates cipher suite to be used on the current connection </li></ul></ul>
  17. 17. Alert protocol <ul><li>Conveys SSL alerts to peer </li></ul><ul><li>Payload of record </li></ul><ul><li>Consists of two bytes </li></ul><ul><ul><li>1 st byte : warning or fatal </li></ul></ul><ul><ul><li>2 nd byte: code for specific alerts </li></ul></ul>
  18. 18. SSL Record Protocol Payload
  19. 19. Handshake Protocol <ul><li>The most complex part of SSL. </li></ul><ul><li>Allows the server and client to authenticate each other. </li></ul><ul><li>Negotiate encryption, MAC algorithm and cryptographic keys. </li></ul><ul><li>Used before any application data are transmitted. </li></ul>
  20. 20. handshake protocol phases <ul><li>1 st phase </li></ul><ul><ul><li>Establish security capabilities </li></ul></ul><ul><li>2 nd phase </li></ul><ul><ul><li>Server authentication and key exchange </li></ul></ul><ul><li>3 rd phase </li></ul><ul><ul><li>Client authentication and key exchange </li></ul></ul><ul><li>4 th phase </li></ul><ul><ul><li>finish </li></ul></ul>
  21. 21. Handshake Protocol Action
  22. 22. Full handshake
  23. 23. Re-establish old session
  24. 24. Cryptographic computations <ul><li>Shared master secret : 48 byte </li></ul><ul><li>Creation in 2 stages </li></ul><ul><ul><li>Pre-master secret exchanged </li></ul></ul><ul><ul><ul><li>RSA </li></ul></ul></ul><ul><ul><ul><li>Diffie Hellman </li></ul></ul></ul><ul><ul><li>Master secret calculated at both ends </li></ul></ul><ul><li>Use of master secret at client end </li></ul><ul><ul><li>Client write MAC secret </li></ul></ul><ul><ul><li>Client write key </li></ul></ul><ul><ul><li>Client write IV </li></ul></ul><ul><li>Use of master secret at client end </li></ul><ul><ul><li>Server write MAC secret </li></ul></ul><ul><ul><li>Server write key </li></ul></ul><ul><ul><li>Client write IV </li></ul></ul>
  25. 25. Transport Layer Security <ul><li>The same record format as the SSL record format. </li></ul><ul><li>Defined in RFC 2246. </li></ul><ul><li>Similar to SSLv3. </li></ul><ul><li>Differences in the: </li></ul><ul><ul><li>version number (3.1) </li></ul></ul><ul><ul><li>message authentication code (HMAC, TLScomressed.version) </li></ul></ul><ul><ul><li>pseudorandom function ( different from SSL) </li></ul></ul><ul><ul><li>alert codes ( more in TSL) </li></ul></ul><ul><ul><li>cipher suites ( fortezza dropped) </li></ul></ul><ul><ul><li>client certificate types ( fortezza schemes not included) </li></ul></ul><ul><ul><li>certificate_verify and finished message ( calculation different) </li></ul></ul><ul><ul><li>cryptographic computations ( different from SSL) </li></ul></ul><ul><ul><li>Padding ( any amount for total length = Xblock length upto max 255 bytes ) </li></ul></ul>
  26. 27. Master secret in SSL <ul><li>Master secret = </li></ul><ul><li>MD5(pre_master_secret||SHA(“A”||pre_master_secret||ClientHello.random||serverHello.random))|| </li></ul><ul><li>MD5(pre_master_secret||SHA(“BB”||pre_master_secret||ClientHello.random||serverHello.random))|| </li></ul><ul><li>MD5(pre_master_secret||SHA(“CCC”||pre_master_secret||ClientHello.random||serverHello.random))|| </li></ul>
  27. 28. Key block in SSL <ul><li>Key block = </li></ul><ul><li>MD5(master_secret||SHA(“A”||master_secret||serverHello.random||ClientHello.random))|| </li></ul><ul><li>MD5(master_secret||SHA(“BB”||pre_master_secret|| serverHello.random||ClientHello.random))|| </li></ul><ul><li>MD5(master_secret||SHA(“CCC”||pre_master_secret|| serverHello.random||ClientHello.random))||….. </li></ul>
  28. 29. Master secret and Key block in TLS <ul><li>Master secret = </li></ul><ul><li>PRF(pre_master_secret, “master secret”, ClientHello.random||serverHello.random) </li></ul><ul><li>Key block = </li></ul><ul><li>PRF(master_secret, “key expansion”, Security Parameters.server_random||SecurityParameters.client_random) </li></ul><ul><li>PRF(secret,label,seed) = P_MD5(S1,label||seed)XOR P_SHA-1(S2,label||seed) </li></ul>
  29. 30. Secure Electronic Transactions <ul><li>An open encryption and security specification. </li></ul><ul><li>Protect credit card transaction on the Internet . </li></ul><ul><li>Companies involved: </li></ul><ul><ul><li>MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign </li></ul></ul><ul><li>Not a payment system. </li></ul><ul><li>Set of security protocols and formats. </li></ul>
  30. 31. SET Services <ul><li>Provides a secure communication channel in a transaction. </li></ul><ul><li>Provides tust by the use of X.509v3 digital certificates. </li></ul><ul><li>Ensures privacy. </li></ul>
  31. 32. SET Overview <ul><li>Key Features of SET: </li></ul><ul><ul><li>Confidentiality of information </li></ul></ul><ul><ul><li>Integrity of data </li></ul></ul><ul><ul><li>Cardholder account authentication </li></ul></ul><ul><ul><li>Merchant authentication </li></ul></ul>
  32. 33. SET Participants
  33. 34. SET participants <ul><li>Cardholder: authorised holder of credit card issued by issuer. Interacts with merchants over internet </li></ul><ul><li>Merchant : Seller of goods over internet </li></ul><ul><li>Issuer : Bank which issues credit card to card holder. </li></ul><ul><li>Acquirer : Fin institution which has an account with a merchant, processes card authorisation and payments. </li></ul><ul><li>Payment gateway: Interfaces between SET and Payment network </li></ul><ul><li>CA: Issues X.509 certificates to All players </li></ul>
  34. 35. Sequence of events for transactions <ul><li>The customer opens an account. </li></ul><ul><li>The customer receives a certificate. </li></ul><ul><li>Merchants have their own certificates. </li></ul><ul><li>The customer places an order. </li></ul><ul><li>The merchant is verified. </li></ul><ul><li>The order and payment are sent. </li></ul><ul><li>The merchant request payment authorization. </li></ul><ul><li>The merchant confirm the order. </li></ul><ul><li>The merchant provides the goods or service. </li></ul><ul><li>The merchant requests payments. </li></ul>
  35. 36. Dual Signature
  36. 37. Payment processing <ul><li>Cardholder sends Purchase Request </li></ul>
  37. 38. Payment processing Merchant Verifies Customer Purchase Request
  38. 39. Payment processing <ul><li>Payment Request: </li></ul><ul><ul><li>Initiate request </li></ul></ul><ul><ul><li>Initiate response </li></ul></ul><ul><ul><li>Purchase request </li></ul></ul><ul><ul><li>Purchase response </li></ul></ul><ul><li>Payment Authorization: </li></ul><ul><ul><li>Authorization Request </li></ul></ul><ul><ul><li>Authorization Response </li></ul></ul><ul><li>Payment Capture: </li></ul><ul><ul><li>Capture Request </li></ul></ul><ul><ul><li>Capture Response </li></ul></ul>
  39. 40. Payment Request <ul><li>Initiate request from card holder </li></ul><ul><ul><li>Request certificates to merchant </li></ul></ul><ul><ul><li>Incl: Brand of cc, ID req/resp, nonce </li></ul></ul><ul><li>Initiate response by merchant </li></ul><ul><ul><li>Response signed by Kr of merchant </li></ul></ul><ul><ul><li>Incl: Cust nonce, new nonce, trans ID, merchant’s signature certificate, payment gateways key exchange certificate </li></ul></ul><ul><li>Cardholder </li></ul><ul><ul><li>verifies merchant and gateway’s certificates </li></ul></ul><ul><ul><li>Generates </li></ul></ul><ul><ul><ul><li>OI- ref to order </li></ul></ul></ul><ul><ul><ul><li>PI – card number, value etc </li></ul></ul></ul>
  40. 41. Payment Request <ul><li>Purchase request by card holder </li></ul><ul><ul><li>Forwarded to payment gateway </li></ul></ul><ul><ul><ul><li>Incl: EKs[PI+Dual sig+OIMD], EKUch[Ks] </li></ul></ul></ul><ul><ul><li>To merchant </li></ul></ul><ul><ul><ul><li>OI+dual sig+PIMD, CH certificate </li></ul></ul></ul><ul><li>Purchase response by merchant </li></ul><ul><ul><li>Incl: Trans ID, response block with order ack signed by merchant using Kr, merchant’s signature certificate </li></ul></ul><ul><li>Card holder </li></ul><ul><ul><li>Verifies merchant’s signature on response block </li></ul></ul>
  41. 42. Payment Authorization <ul><li>Authorization Request to payment gateway from merchant </li></ul><ul><ul><li>forwarded </li></ul></ul><ul><ul><ul><li>PI+dual sig+OIMD+EKUch[Ks] </li></ul></ul></ul><ul><ul><li>Generated </li></ul></ul><ul><ul><ul><li>Auth block: EKms[SignKrm[Trans ID]] </li></ul></ul></ul><ul><ul><ul><li>EKUpg[EKms] </li></ul></ul></ul><ul><ul><li>Certificates </li></ul></ul><ul><ul><ul><li>Card holder signature key, merchant signature key and merchant key exchange certificates </li></ul></ul></ul><ul><li>Payment gateway </li></ul><ul><ul><li>Verifies all certificates, obtains EKms, decrypts auth block, verifies merchant’s sign, verifies dual sign, verifies trans ID, requests and receives an auth from issuer </li></ul></ul><ul><li>Authorisation response by payment gateway to merchant </li></ul><ul><ul><li>Auth block: </li></ul></ul><ul><ul><ul><li>EKpgs[SignKrpg[authorisation]] </li></ul></ul></ul><ul><ul><ul><li>EKUm[EKpgs] </li></ul></ul></ul><ul><ul><li>Capture token info: </li></ul></ul><ul><ul><ul><li>EKpgs[SignKrpg[capture token]] </li></ul></ul></ul><ul><ul><li>Certificate </li></ul></ul><ul><ul><ul><li>Gateway’s signature key certifixcate </li></ul></ul></ul>
  42. 43. Payment capture <ul><li>Capture Request by merchant to payment gateway </li></ul><ul><ul><li>Capture req block </li></ul></ul><ul><ul><ul><li>Amount+Trand ID+token signed and encrypted by merchant </li></ul></ul></ul><ul><li>This is verified by payment gateway. Req issuer to release payment </li></ul><ul><li>Capture Response by payment gateway to merchant confirmation of payment </li></ul>
  43. 44. Recommended Reading and WEB sites <ul><li>Drew, G. Using SET for Secure Electronic Commerce . Prentice Hall, 1999 </li></ul><ul><li>Garfinkel, S., and Spafford, G. Web Security & Commerce. O’Reilly and Associates, 1997 </li></ul><ul><li>MasterCard SET site </li></ul><ul><li>Visa Electronic Commerce Site </li></ul><ul><li>SETCo (documents and glossary of terms) </li></ul>