Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Security CS598MCC Spring 2013 Yiwei Yang. Definition a set of procedures, practices, and technologies for assuring the reliable, predictable operation.

Similar presentations


Presentation on theme: "Web Security CS598MCC Spring 2013 Yiwei Yang. Definition a set of procedures, practices, and technologies for assuring the reliable, predictable operation."— Presentation transcript:

1 Web Security CS598MCC Spring 2013 Yiwei Yang

2 Definition a set of procedures, practices, and technologies for assuring the reliable, predictable operation of web servers, web browsers, other programs that communicate with web servers, and the surrounding Internet infrastructure.

3 Three components Data in transit Web Browser Web Server

4 Privacy issue with web browser Where does information leak out? 1. Provided by users (registration form) 2. Log files - Web logs (IP, time, requested URL, browser type, username if authentication is used …) proxy servers can obscure web log - Mail logs (from, to, …) - DNS logs (name, IP, query…) - RADIUS logs

5 Privacy issue with web browser Where does information leak out? 3. Web bugs outsourced web site monitoring 4. Cookie - user’s actual data - a number of codes that key into a database that resides at the web provider

6 Privacy issue with web browser Attacks related with cookies 1.XSS(Cross-site scripting) - Nonpersistent - Persistent Prevention - Better cookie handling - Disable the script

7 Privacy issue with web browser Attacks related with cookies 2. CSRF( Cross-Site Request Forgery) - belongs to Deputy attack - carried out attack from user himself Prevention - Better cookie handling - Authentication for each operation - Random number

8 RADIUS(Remote Authentication Dial In User Service ) Application layer client/server protocol on top of UDP Authentication, Authorization, Accounting (AAA) RADIUS Server - daemon process running on Unix or Window NT machine RADIUS Client - access server(gateway) that control access to network( RAS, NAS, VPN server)

9 Radius Packet format

10 Authentication and Authorization 1.User initiates authentication to the NAS. 2.NAS prompts for username and password. 3.User replies. 4.RADIUS client sends username and encrypted password to the RADIUS server. 5.RADIUS server responds with Accept, Reject, or Challenge. 6.The RADIUS client acts upon services and services parameters bundled with Accept or Reject.

11 Client sends out access-request packet - request authenticator is a random 16 octet string - password is encrypted p is divided into p 1,p 2,…..p n where p i is a 16-octet block c 1 = p 1 XOR MD5(S || request authenticator ) c 2 = p 2 XOR MD5(S || c 1 ) ……. c n = p n XOR MD5(S || c n-1 ) - sent to port 1812 of server Authentication and Authorization

12 Server received the packet Drop it if no shared secret Otherwise authenticate the user - access-accept( parameters used for this session including access list to apply) - access-reject - access-challenge response authenticator = MD5 (code || ID|| length|| request authenticator|| attributes || s) Send out the packet to client Authentication and Authorization

13 Client drop the packet if it doesn’t have corresponding identifier or calculation on response authenticator doesn’t match Otherwise the user is authenticated if received access-accept What can go wrong? Authentication and Authorization

14 Attacks on RAIDUS Response Authenticator Based Shared Secret Attack User-Password Attribute Based Shared Secret Attack User-Password Based Password Attack Active User-Password Compromise through Repeated Request Authenticators We need to secure the traffic

15 Accounting

16 Secure Network Connection Cryptographic protocol Offline encryption communication protocol -PGP/OpenPGP, S/MIME Online encryption communication protocol -SSL, IPsec, Kerberos, SET, SSH

17 SSL(Secure Sockets Layer)

18 SSL Record Protocol

19 Handshake Protocol: Phase 1 and 2

20 SSL: Handshake Round 1 Client Server { v C || r 1 || s 1 || ciphers || comps } Client Server {v || r 2 || s 1 || cipher || comp } v C Client’s version of SSL vHighest version of SSL that Client, Server both understand r 1, r 2 nonces (timestamp and 28 random bytes) s 1 Current session id (0 if new session) ciphersCiphers that client understands compsCompression algorithms that client understand cipherCipher to be used compCompression algorithm to be used

21 SSL: Handshake Round 2 Client Server {certificate } Note: if Server not to authenticate itself, only last message sent; third step omitted if Server does not need Client certificate k S Server’s private key ctypeCertificate type requested (by cryptosystem) gcaAcceptable certification authorities er2End round 2 message Client Server {mod || exp || Sig S (h(r 1 || r 2 || mod || exp)) } Client Server {ctype || gca } Client Server {er2 }

22 Handshake Protocols: Phases 3 and 4

23 SSL: Handshake Round 3 Client Server { pre }Pub S msgsConcatenation of previous messages sent/received this handshake opad, ipadAs above Client Server { h(master || opad || h(msgs || master | ipad)) } Both Client, Server compute master secret master: master =MD5(pre || SHA(‘A’ || pre || r 1 || r 2 ) || MD5(pre || SHA(‘BB’ || pre || r 1 || r 2 ) || MD5(pre || SHA(‘CCC’ || pre || r 1 || r 2 ) Client Server { client_cert }

24 SSL: Handshake Round 4 Client Server { h(master || opad || h(msgs || 0x434C4E54 || master || ipad )) } msgsConcatenation of messages sent/received this handshake in previous rounds (does notinclude these messages) opad, ipad, masterAs above Client Server { h(master || opad || h(msgs || 0x || master | ipad)) } Server sends “change cipher spec” message using that protocol Client Server Client sends “change cipher spec” message using that protocol Client Server

25 SSL What does SSL provide us? - Data integrity, Confidentiality - Authentication(handshake) Limitation on SSL - doesn’t work with connection less protocol - doesn’t support non-repudiation - doesn’t protect the application itself - general-purpose data security Misuse of SSL

26 TLS(Transport Layer Security) SSL 3.0 served as the basis for TLS 1.0(SSL 3.1) Slightly different from SSL - Message Authentication (HMAC) - key derivation - Finished -Alert protocol message type

27 Secure Web Server Based on CIA, what do we need to secure? Three steps to secure server 1. Host security 2. Secure web service 3. Examine interaction between OS and web service

28 References RADIUS cc.shtml SSL https://wiki.engr.illinois.edu/download/attachments/ /ssl-ipsec.pdf?version=1&modificationDate=

29 Thank you!


Download ppt "Web Security CS598MCC Spring 2013 Yiwei Yang. Definition a set of procedures, practices, and technologies for assuring the reliable, predictable operation."

Similar presentations


Ads by Google