Module 1

Web Security
 Web Security
• Web security considerations
• Secure Sockets Layer
• Transport Layer Security
• HTTPS
• Secure Shell
Secure socket layer (SSL) provides security services between TCP and
applications that use TCP. The Internet standard version is called transport
layer service (TLS).

SSL/TLS provides confidentiality using symmetric encryption and message

integrity using a message authentication code.

SSL/TLS includes protocol mechanisms to enable two TCP users to

determine the security mechanisms and services they will use.

Monday, November 25, 2019 3

 Threats Consequences Countermeasures
Integrity  Modification of user data  Loss of Cryptographic
information checksums
 Trojan horse browser
 Compromise of
 Modification of memory
machine
 Modification of message
 Vulnerabilty to
traffic in transit
all other threats
Confidentiality  Eavesdropping on the Net  Loss of Encryption, web
information proxies
 Theft of info from server
 Loss of privacy
 Theft of data from client
 Info about network
configuration
 Info about which client talks to
server

Monday, November 25, 2019 4

Denial of Service  Killing of user  Disruptive Difficult to prevent
threads
 Annoying
 Flooding machine
 Prevent user from
with bogus
getting work done
requests
 Filling up disk or
memory
 Isolating machine
by DNS attacks
Authentication  Impersonation of  Misrepresentation Cryptographic
legitimate users of user techniques
 Data forgery  Belief that false
information is
valid

Monday, November 25, 2019 5

Monday, November 25, 2019 6
 Session

Connection

Monday, November 25, 2019 7

Monday, November 25, 2019 8
 A session state is defined by the following parameters

1. Session identifier
2. Peer certificate
3. Compression method
4. Cipher spec
5. Master secret
6. Is resumable

A connection state is defined by the following parameters

1. Server and client random
2. Server write MAC secret
3. Client write MAC secret
4. Server write key
5. Client write key
6. Initialization vectors
7. November
Monday, Sequence
25, 2019 numbers 9
 Secure Socket Layer Record Protocol

214 Bytes 16384 bytes

Monday, November 25, 2019 10

 hash(MAC_write_secret || pad_2 ||
hash(MAC_write_secret || pad_1 || seq_num ||
SSLCompressed.type || SSLCompressed.length ||
SSLCompressed.fragment))
|| concatenation
MAC_write_secret shared secret key
hash cryptographic hash algorithm; either MD5 or SHA-1
pad_1 the byte 0x36 (0011 0110) repeated 48 times (384
bits) for MD5 and 40 times (320 bits) for SHA-1
pad_2 the byte 0x5C (0101 1100) repeated 48 times for
MD5 and 40 times for SHA-1
seq_num the sequence number for this message
SSLCompressed.type the higher-level protocol used to process this
fragment
SSLCompressed.length the length of the compressed fragment
SSLCompressed.fragment the compressed fragment (if compression is not
used, the plaintext fragment)
11 Monday, November 25, 2019
SHA 1 MD 5

12
Monday, November 25, 2019
 Block Cipher Stream Cipher
Algorithm Key Size Algorithm Key Size
AES 128,256 RC4-40 40
IDEA 128 RC4-128 128
RC2-40 40
DES-40 40
DES 56
3DES 168
Fortezza 80

Monday, November 25, 2019 13

Monday, November 25, 2019 14
•Content Type (8 bits): The higher layer protocol used to
process the enclosed fragment.

•Major Version (8 bits): Indicates major version of SSL in use.

For SSLv3, the value is 3.

•Minor Version (8 bits): Indicates minor version in use. For

SSLv3, the value is 0.

•Compressed Length (16 bits): The length in bytes of the

plaintext fragment (or compressed fragment if compression is
used). The maximum value is 214 + 2048.

Monday, November 25, 2019 15

Monday, November 25, 2019 16
 Handshake Protocol
Message Type Parameters
hello_request null
client_hello version, random, session id, cipher
suite, compression method
server_hello version, random, session id, cipher
suite, compression method
certificate chain of X.509v3 certificates
server_key_exchange parameters, signature
certificate_request type, authorities
server_done null
certificate_verify signature
client_key_exchange parameters, signature
finished hash value

Monday, November 25, 2019 17

Each message has three fields:

•Type (1 byte): Indicates one of 10 messages. Table lists the defined message
types.

•Length (3 bytes): The length of the message in bytes.

•Content ( 0 bytes): The parameters associated with this message; these are
listed in Table.

PHASES
Phase 1. Establish Security Capabilities
Phase 2. Server Authentication and Key Exchange
Phase 3. Client Authentication and Key Exchange
Phase 4. Finish

Monday, November 25, 2019 18

 Phase 1. Establish Security Capabilities

Monday, November 25, 2019 19

•Version: The highest SSL version understood by the client.
•Random: A client-generated random structure, consisting of a 32-bit timestamp
and 28 bytes generated by a secure random number generator. These values
serve as nonces and are used during key exchange to prevent replay attacks.
•Session ID: A variable-length session identifier. A nonzero value indicates that
the client wishes to update the parameters of an existing connection or create a
new connection on this session. A zero value indicates that the client wishes to
establish a new connection on a new session.
•CipherSuite: This is a list that contains the combinations of cryptographic
algorithms supported by the client, in decreasing order of preference. Each
element of the list (each cipher suite) defines both a key exchange algorithm and
a CipherSpec; these are discussed subsequently.
•Compression Method: This is a list of the compression methods the client
supports.

Monday, November 25, 2019 20

 CipherSuite
Key exchange method
•RSA
•Fixed Diffie-Hellman
•Ephemeral Diffie-Hellman
•Anonymous Diffie-Hellman
•Fortezza
Cipher Spec
CipherAlgorithm: Any of the algorithms mentioned earlier: RC4, RC2, DES, 3DES,
DES40, IDEA, Fortezza
MACAlgorithm: MD5 or SHA-1
CipherType: Stream or Block
IsExportable: True or False
HashSize: 0, 16 (for MD5), or 20 (for SHA-1) bytes
Key Material: A sequence of bytes that contain data used in generating the write
keys
IV Size: The size of the Initialization Value for Cipher Block Chaining (CBC)
encryption
21
Monday, November 25, 2019
 Phase 2. Server Authentication and Key Exchange

•RSA, signature only

•DSS, signature only
•RSA for fixed Diffie-Hellman; in this case the signature is used only for authentication, by
sending a certificate signed with RSA
•DSS for fixed Diffie-Hellman; again, used only for authentication
•RSA for ephemeral Diffie-Hellman
•DSS for ephemeral Diffie-Hellman
•Fortezza
Monday, November 25, 2019 22
Anonymous Diffie-Hellman: The message content consists of the two global Diffie-
Hellman values (a prime number and a primitive root of that number) plus the
server's public Diffie-Hellman key

Ephemeral Diffie-Hellman: The message content includes the three Diffie-Hellman

parameters provided for anonymous Diffie-Hellman, plus a signature of those
parameters.

RSA key exchange, in which the server is using RSA but has a signature-only RSA
key: Accordingly, the client cannot simply send a secret key encrypted with the
server's public key. Instead, the server must create a temporary RSA public/private
key pair and use the server_key_exchange message to send the public key. The
message content includes the two parameters of the temporary RSA public key
(exponent and modulus) plus a signature of those parameters.

Fortezza

Monday, November 25, 2019 23

 Phase 3. Client Authentication and Key Exchange

RSA: The client generates a 48-byte pre-master secret and encrypts with the public key
from the server's certificate or temporary RSA key from a server_key_exchange message.
Its use to compute a master secret is explained later.
Ephemeral or Anonymous Diffie-Hellman: The client's public Diffie-Hellman parameters
are sent.
Fixed Diffie-Hellman: The client's public Diffie-Hellman parameters were sent in a
certificate message, so the content of this message is null.
Fortezza: The client's Fortezza parameters are sent.

Monday, November 25, 2019 24

 Phase 4. Finish

Monday, November 25, 2019 25

 Change Cipher Spec Protocol
This protocol consists of a single message, which consists of a single byte with
the value 1. The sole purpose of this message is to cause the pending state to
be copied into the current state, which updates the cipher suite to be used on
this connection.

Alert Protocol

unexpected_message bad_record_mac
decompression_failure handshake_failure
illegal_parameter close_notify
no_certificate bad_certificate
unsupported_certificate certificate_revoked
certificate_expired certificate_unknown

Monday, November 25, 2019 26

 Transport Layer Security

Monday, November 25, 2019 27

 Message Authentication Code

HMAC_hash(MAC_write_secret, seq_num ||
TLSCompressed.type || TLSCompressed.version
|| TLSCompressed.length ||
TLSCompressed.fragment)

Pseudorandom Function
P_hash(secret, seed) = HMAC_hash(secret, A(1) || seed)
|| HMAC_hash(secret, A(2) || seed)
|| HMAC_hash(secret, A(3) || seed) || ...
where A() is defined as
A(0) = seed
A(i) = HMAC_hash (secret, A(i - 1))

PRF(secret, label, seed) = P_MD5(S1, label || seed)

P_SHA-1(S2, label || seed)

Monday, November 25, 2019 28

 Alert Codes,
Key Exchange
Encryption
Algorithms
Client
Certification
type,
Certificate
Verify &
 Finished
Messages

Monday, November 25, 2019 29

 HTTPS
• HTTPS (HTTP over SSL)
– combination of HTTP & SSL/TLS to secure
communications between browser & server
• documented in RFC2818
• no fundamental change using either SSL or TLS
• use https:// URL rather than http://
– and port 443 rather than 80
• encrypts
– URL, document contents, form data, cookies,
HTTP headers
 HTTPS Use
• connection initiation
– TLS handshake then HTTP request(s)
• connection closure
– have “Connection: close” in HTTP record
– TLS level exchange close_notify alerts
– can then close TCP connection
– must handle TCP close before alert exchange sent
or completed
 Secure Shell (SSH)
• protocol for secure network communications
– designed to be simple & inexpensive
• SSH1 provided secure remote logon facility
– replace TELNET & other insecure schemes
– also has more general client/server capability
• SSH2 fixes a number of security flaws
• documented in RFCs 4250 through 4254
• SSH clients & servers are widely available
• method of choice for remote login/ X tunnels
SSH Protocol Stack
 SSH Transport Layer Protocol
• server authentication occurs at transport
layer, based on server/host key pair(s)
– server authentication requires clients to know
host keys in advance
• packet exchange
– establish TCP connection
– can then exchange data
• identification string exchange, algorithm negotiation,
key exchange, end of key exchange, service request
– using specified packet format
 SSH User Authentication Protocol

• authenticates client to server

• three message types:
– SSH_MSG_USERAUTH_REQUEST
– SSH_MSG_USERAUTH_FAILURE
– SSH_MSG_USERAUTH_SUCCESS
• authentication methods used
– public-key, password, host-based
 SSH Connection Protocol
• runs on SSH Transport Layer Protocol
• assumes secure authentication connection
• used for multiple logical channels
– SSH communications use separate channels
– either side can open with unique id number
– flow controlled
– have three stages:
• opening a channel, data transfer, closing a channel
– four types:
• session, x11, forwarded-tcpip, direct-tcpip.
 SSH
Connection
Protocol
Exchange
 Port Forwarding
• convert insecure TCP connection into a secure
SSH connection
– SSH Transport Layer Protocol establishes a TCP
connection between SSH client & server
– client traffic redirected to local SSH, travels via
tunnel, then remote SSH delivers to server
• supports two types of port forwarding
– local forwarding – hijacks selected traffic
– remote forwarding – client acts for server