UNIT - IV

Transport-level Security: Web security considerations,

Secure Socket Layer and Transport Layer Security,
HTTPS, Secure Shell (SSH).
Wireless Network Security: Wireless Security, Mobile
Device Security, IEEE 802.11 Wireless LAN, IEEE
802.11i Wireless LAN Security.
Web Security Considerations
• The World Wide Web is fundamentally a client/server
application running over the Internet and TCP/IP intranets
• The following characteristics of Web usage suggest the
need for tailored security tools:
• Web servers are relatively easy to configure and manage
• Web content is increasingly easy to develop
• The underlying software is extraordinarily complex
• May hide many potential security flaws
• A Web server can be exploited as a launching pad into the
corporation’s or agency’s entire computer complex
• Casual and untrained (in security matters) users are
common clients for Web-based services
• Such users are not necessarily aware of the security risks
that exist and do not have the tools or knowledge to take
effective countermeasures
Table 17.1 A Comparison of Threats on the Web
 Transport Layer Security
(TLS)
Most browsers come
equipped with TLS, and
Can be embedded in
One of the most widely most Web servers have
specific packages implemented the
used security services
protocol

Could be provided as
part of the underlying
protocol suite and
Defined in RFC 5246 therefore be
transparent to
applications

Is an Internet standard
Is a general purpose
that evolved from a
service implemented as
commercial protocol
a set of protocols that
known as Secure
rely on TCP
Sockets Layer (SSL)
 TLS Architecture
• Two important TLS concepts are:

• A transport that provides a suitable type of service

TLS • For TLS such connections are peer-to-peer relationships

• Connections are transient
• Every connection is associated with one session

connection
• An association between a client and a server
• Created by the Handshake Protocol

TLS session • Define a set of cryptographic security parameters

which can be shared among multiple connections
• Are used to avoid the expensive negotiation of new
security parameters for each connection
A session state is defined by the following parameters:

Session Peer Compression Cipher Master Is

identifier certificate method spec secret resumable

Specifies the
bulk data
An arbitrary encryption
byte algorithm and A flag
An X509.v3
sequence The algorithm a hash 48-byte indicating
certificate of
chosen by the used to algorithm secret shared whether the
the peer; this
server to element of compress used for MAC between the session can
identify an the state may data prior to calculation; client and the be used to
active or be null encryption also defines server initiate new
resumable cryptographic connections
session state attributes
such as the
hash_size
A connection state is defined by the following parameters:

Server and • Byte sequences that are chosen

client by the server and client for each
connection •When a block cipher in CBC mode is
random used, an initialization vector (IV) is
maintained for each key
Initialization •This field is first initialized by the
• The secret key used in MAC TLS Handshake Protocol
Server write operations on data sent by the vectors •The final ciphertext block from each
MAC secret server record is preserved for use as the IV
with the following record

• The secret key used in MAC

Client write operations on data sent by the
MAC secret client

•Each party maintains separate

• The secret encryption key for sequence numbers for transmitted
Server write and received messages for each
data encrypted by the server connection
key and decrypted by the client Sequence •When a party sends or receives a
change cipher spec message, the
numbers appropriate sequence number is set
• The symmetric encryption key to zero
Client write •Sequence numbers may not exceed
for data encrypted by the client
key and decrypted by the server 264 - 1
TLS Record Protocol
The TLS Record
Protocol provides
two services for TLS
connections

Confidentiality Message integrity

The Handshake Protocol The Handshake Protocol

defines a shared secret key also defines a shared secret
that is used for key that is used to form a
conventional encryption of message authentication
TLS payloads code (MAC)
TLS

TLS Record Protocol Operation

Figure 17.4 TLS Record Format
Figure 17.5 TLS Record Protocol Payload
Table 17.2
Table 17.2 SSL
TLSHandshake
HandshakeProtocol
ProtocolMessage
MessageTypes
Types
Cryptographic Computations
• Two further items are of interest:
• The creation of a shared master secret by means of
the key exchange
• The shared master secret is a one-time 48-byte value
generated for this session by means of secure key
exchange
• The creation is in two stages
• First, a pre_master_secret is exchanged
• Second, the master_secret is calculated by both parties
• The generation of cryptographic parameters from
the master secret
Generation of Cryptographic
Parameters
• CipherSpecs require:
• A client write MAC secret
• A server write MAC secret
• A client write key
• A server write key
• A client write IV
• A server write IV

------Which are generated from the master secret in that order

• These parameters are generated from the master secret by

hashing the master secret into a sequence of secure bytes
of sufficient length for all needed parameters
 SSL/TLS Attacks
• The attacks can be grouped into four general
categories:
• Attacks on the handshake protocol
• Attacks on the record and application data
protocols
• Attacks on the PKI
• Other attacks

• The constant back-and-forth between threats

and countermeasures determines the
evolution of Internet-based protocols
 TLSv1.3
• Primary aim is to improve the security of TLS
• Significant changes from version 1.2 are:
• TLSv1.3 removes support for a number of options and functions
• Deleted items include:
• Compression
• Ciphers that do not offer authenticated encryption
• Static RSA and DH key exchange
• 32-bit timestamp as part of the Random parameter in the client_hello
message
• Renegotiation
• Change Cipher Spec Protocol
• RC4
• Use of MD5 and SHA-224 hashes with signatures
• TLSv1.3 uses Diffie-Hellman or Elleptic Curve Diffie-Hellman for key
exchange and does not permit RSA
• TLSv1.3 allows for a “1 round trip time” handshake by changing
the order of message sent with establishing a secure connection
 HTTPS
(HTTP over SSL)
• Refers to the combination of HTTP and SSL to implement secure
communication between a Web browser and a Web server
• The HTTPS capability is built into all modern Web browsers
• A user of a Web browser will see URL addresses that begin with https:// rather
than http://
• If HTTPS is specified, port 443 is used, which invokes SSL
• Documented in RFC 2818, HTTP Over TLS
• There is no fundamental change in using HTTP over either SSL or TLS and both
implementations are referred to as HTTPS

• When HTTPS is used, the following elements of the communication are

encrypted:
• URL of the requested document
• Contents of the document
• Contents of browser forms
• Cookies sent from browser to server and from server to browser
• Contents of HTTP header
 Connection Initiation
For HTTPS, the agent There are three levels of
acting as the HTTP client awareness of a
also acts as the TLS client connection in HTTPS:
At the HTTP level, an HTTP client requests a
The client initiates a connection to the server connection to an HTTP server by sending a
on the appropriate port and then sends the TLS connection request to the next lowest layer
ClientHello to begin the TLS handshake •Typically the next lowest layer is TCP, but is may also be
TLS/SSL

At the level of TLS, a session is established

between a TLS client and a TLS server
When the TLS handshake has finished, the
•This session can support one or more connections at any
client may then initiate the first HTTP request time

A TLS request to establish a connection begins

All HTTP data is to be sent as TLS application with the establishment of a TCP connection
data between the TCP entity on the client side and
the TCP entity on the server side
 Connection Closure
• An HTTP client or server can indicate the closing of a
connection by including the line Connection: close in
an HTTP record
• The closure of an HTTPS connection requires that TLS close
the connection with the peer TLS entity on the remote side,
which will involve closing the underlying TCP connection
• TLS implementations must initiate an exchange of closure
alerts before closing a connection
• A TLS implementation may, after sending a closure alert, close
the connection without waiting for the peer to send its
closure alert, generating an “incomplete close”

• An unannounced TCP closure could be evidence of some

sort of attack so the HTTPS client should issue some sort of
security warning when this occurs
 Secure Shell (SSH)
A protocol for secure
network communications
designed to be relatively
simple and inexpensive to
SSH client and server implement
applications are widely
available for most
operating systems The initial version, SSH1
•Has become the method was focused on
of choice for remote login providing a secure
and X tunneling remote logon facility to
•Is rapidly becoming one replace TELNET and
of the most pervasive other remote logon
applications for encryption schemes that provided
technology outside of
embedded systems no security

SSH2 fixes a number of SSH also provides a more

security flaws in the original general client/server
scheme and is documented as capability and can be used
a proposed standard in IETF
RFCs 4250 through 4256 for such network functions
as file transfer and e-mail
 Transport Layer Protocol
• Server authentication occurs at the transport layer,
based on the server possessing a public/private key pair
• A server may have multiple host keys using multiple
different asymmetric encryption algorithms
• Multiple hosts may share the same host key
• The server host key is used during key exchange to
authenticate the identity of the host
• RFC 4251 dictates two alternative trust models:
• The client has a local database that associates each host
name with the corresponding public host key
• The host name-to-key association is certified by a trusted
certification authority (CA); the client only knows the CA
root key and can verify the validity of all host keys certified
by accepted CAs
 Table

SSH

Transport

Layer

Cryptographic

Algorithms
* = Required
** = Recommended
 Authentication Methods
• Publickey
• The client sends a message to the server that contains the client’s public
key, with the message signed by the client’s private key
• When the server receives this message, it checks whether the supplied
key is acceptable for authentication and, if so, it checks whether the
signature is correct

• Password
• The client sends a message containing a plaintext password, which is
protected by encryption by the Transport Layer Protocol

• Hostbased
• Authentication is performed on the client’s host rather than the client
itself
• This method works by having the client send a signature created with the
private key of the client host
• Rather than directly verifying the user’s identity, the SSH server verifies
the identity of the client host
 Connection Protocol
• The SSH Connection Protocol runs on top of the SSH Transport
Layer Protocol and assumes that a secure authentication
connection is in use
• The secure authentication connection, referred to as a tunnel, is used
by the Connection Protocol to multiplex a number of logical channels

• Channel mechanism
• All types of communication using SSH are supported using separate
channels
• Either side may open a channel
• For each channel, each side associates a unique channel number
• Channels are flow controlled using a window mechanism
• No data may be sent to a channel until a message is received to
indicate that window space is available
• The life of a channel progresses through three stages: opening a
channel, data transfer, and closing a channel
 Channel Types
Four channel types are recognized in the SSH Connection Protocol specification
Session
•The remote execution of a program
•The program may be a shell, an application such as file transfer or e-mail, a system command, or
some built-in subsystem
•Once a session channel is opened, subsequent requests are used to start the remote program

X11
•Refers to the X Window System, a computer software system and network protocol that provides
a graphical user interface (GUI) for networked computers
•X allows applications to run on a network server but to be displayed on a desktop
machine

Forwarded-tcpip
•Remote port forwarding

Direct-tcpip
•Local port forwarding
 Port Forwarding
• One of the most useful features of SSH

• Provides the ability to convert any insecure TCP

connection into a secure SSH connection (also
referred to as SSH tunneling)

• Incoming TCP traffic is delivered to the

appropriate application on the basis of the port
number (a port is an identifier of a user of TCP)

• An application may employ multiple port numbers

 Summary
• Web security considerations
• Web security threats
• Web traffic security • Secure shell (SSH)
approaches • Transport layer protocol
• User authentication protocol
• Secure sockets layer • Communication protocol
• SSL architecture
• SSL record protocol
• Change cipher spec protocol • HTTPS
• Alert protocol • Connection initiation
• Handshake protocol • Connection closure
• Cryptographic computations
• Heartbeat protocol
• SSL/TLS attacks
• TLSv1.3