CS598MCC Spring 2013 Yiwei Yang Definition a set of procedures practices and technologies for assuring the reliable predictable operation of web servers web browsers other programs that communicate with web servers and the surrounding Internet infrastructure ID: 566626
Download Presentation The PPT/PDF document "Web Security" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Web Security
CS598MCC Spring 2013
Yiwei
YangSlide2
Definition
a set of procedures, practices, and technologies for assuring the reliable, predictable operation of web servers, web browsers, other programs that communicate with web servers, and the surrounding Internet infrastructure.Slide3
Three components
Data in transit
Web Browser
Web
ServerSlide4
Privacy issue with web browser
Where does information leak out?
1. Provided by users (registration form)
2. Log files
- Web logs (IP, time, requested URL, browser type,
username if authentication is used …) proxy servers can obscure web log - Mail logs (from, to, …)
- DNS logs (name, IP, query…) - RADIUS logs Slide5
Privacy issue with web browser
Where does information leak out?
3. Web bugs
<
img src=“ … “width=1 height=1 border=0 />
outsourced web site monitoring 4. Cookie - user’s actual data
- a number of codes that key into a database that resides at the web provider Slide6
Privacy issue with web browser
Attacks related with cookies
1.XSS(Cross-site scripting)
-
Nonpersistent - Persistent Prevention
- Better cookie handling - Disable the script Slide7
Privacy issue with web browser
Attacks related with cookies
2. CSRF(
Cross-Site Request Forgery)
- belongs to Deputy attack - carried out attack from user
himself Prevention
- Better cookie handling - Authentication for each operation - Random numberSlide8
RADIUS(
Remote Authentication Dial In User Service
)
Application layer client/server protocol on top of UDP Authentication, Authorization, Accounting (AAA)
RADIUS Server - daemon process running on Unix or Window NT machineRADIUS Client - access server(gateway) that control access to network( RAS, NAS, VPN server)Slide9
Radius Packet formatSlide10
Authentication and Authorization
1.User initiates authentication to the NAS.
2.NAS prompts for username and password.
3.User replies.
4.RADIUS client sends username and encrypted password to the
RADIUS server.5.RADIUS server responds with Accept, Reject, or Challenge.6.The RADIUS client acts upon services and services parameters bundled with Accept or Reject. Slide11
Client sends out access-request packet
-
request authenticator is a random 16 octet string
- password is encrypted p is divided into p1
,p2,…..pn where pi
is a 16-octet block c1 = p1 XOR MD5(S || request authenticator )
c2 = p2 XOR MD5(S || c1 ) …….
cn = p
n
XOR MD5(S || c
n-1
)
- sent to port 1812 of server
Authentication and AuthorizationSlide12
Server received the packet
Drop it if no shared secret
Otherwise authenticate the user
- access-accept( parameters used for this session including access list to apply)
- access-reject - access-challenge response authenticator = MD5 (code || ID|| length|| request authenticator|| attributes || s)
Send out the packet to client
Authentication and AuthorizationSlide13
Client drop the packet if it doesn’t have corresponding identifier or calculation on response authenticator doesn’t match
Otherwise the user is authenticated if received access-accept
What can go wrong?
Authentication and AuthorizationSlide14
Attacks on RAIDUS
Response Authenticator Based Shared Secret Attack
User-Password Attribute Based Shared Secret Attack
User-Password Based Password Attack
Active User-Password Compromise through Repeated Request AuthenticatorsWe need to secure the trafficSlide15
AccountingSlide16
Secure Network Connection
Cryptographic protocol
Offline encryption communication protocol
-PGP/
OpenPGP, S/MIMEOnline encryption communication protocol -SSL, IPsec, Kerberos, SET, SSH Slide17
SSL(Secure Sockets Layer)Slide18
SSL Record Protocol Slide19
Handshake Protocol: Phase 1 and 2 Slide20
SSL: Handshake Round 1
Client
Server
{
v
C
||
r
1
||
s
1
||
ciphers
||
comps
}
Client
Server
{
v
||
r
2
||
s
1
||
cipher
||
comp
}
v
C
Client’s version of SSL
v
Highest version of SSL that Client, Server both understand
r
1
,
r
2
nonces (timestamp and 28 random bytes)
s
1
Current session id (0 if new session)
ciphers
Ciphers that client understands
comps
Compression algorithms that client understand
cipher
Cipher to be used
comp
Compression algorithm to be usedSlide21
SSL: Handshake Round 2
Client
Server
{
certificate
}
Note: if Server not to authenticate itself, only last message sent; third
step omitted if Server does not need Client certificate
k
S
Server’s private key
ctype
Certificate type requested (by cryptosystem)
gca
Acceptable certification authorities
er2
End round 2 message
Client
Server
{
mod
||
exp
|| Sig
S
(
h
(
r
1
||
r
2
||
mod
||
exp
)) }
Client
Server
{
ctype
||
gca
}
Client
Server
{
er2
}Slide22
Handshake Protocols: Phases 3 and 4 Slide23
SSL: Handshake Round 3
Client
Server
{
pre
}Pub
S
msgs
Concatenation of previous messages sent/received this handshake
opad
,
ipad
As above
Client
Server
{
h
(
master || opad || h
(
msgs || master | ipad
)) }
Both Client, Server compute master secret
master
:
master
= MD5(
pre
|| SHA(‘A’ ||
pre
||
r
1
||
r
2
) ||
MD5(
pre
|| SHA(‘BB’ ||
pre
||
r
1
||
r
2
) ||
MD5(
pre
|| SHA(‘CCC’ ||
pre
||
r
1
||
r
2
)
Client
Server
{
client_cert
}Slide24
SSL: Handshake Round 4
Client
Server
{
h
(
master || opad || h
(
msgs ||
0x434C4E54
|| master || ipad
)) }
msgs
Concatenation of messages sent/received this handshake in
previous
rounds (does notinclude these messages)
opad
,
ipad
,
master
As above
Client
Server
{
h
(
master || opad || h
(
msgs || 0x53525652 || master | ipad
)) }
Server sends “change cipher spec” message using that protocol
Client
Server
Client sends “change cipher spec” message using that protocol
Client
ServerSlide25
SSL
What does SSL provide us?
- Data integrity, Confidentiality
- Authentication(handshake)Limitation on SSL - doesn’t work with connection less protocol - doesn’t support non-repudiation
- doesn’t protect the application itself - general-purpose data securityMisuse of SSL Slide26
TLS(Transport Layer Security)
SSL 3.0 served as the basis for TLS 1.0(SSL 3.1)
Slightly different from SSL
- Message Authentication (HMAC)
- key derivation - Finished -Alert protocol message typeSlide27
Secure Web Server
Based on CIA, what do we need to secure?
Three steps to secure server
1. Host security 2. Secure web service
3. Examine interaction between OS and web service Slide28
References
RADIUS
http://en.wikipedia.org/wiki/RADIUS
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800945cc.shtml
SSLhttps://wiki.engr.illinois.edu/download/attachments/202934655/ssl-ipsec.pdf?version=1&modificationDate=1348193253000Slide29
Thank you!