Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Security Network Systems Security

Published byEmmeline Gardner Modified over 8 years ago

Similar presentations

Presentation on theme: "Web Security Network Systems Security"— Presentation transcript:

1 Web Security Network Systems Security
Mort Anvari

2 Web Security Web is now widely used by business, government, and individuals But Internet and Web are vulnerable Have a variety of threats integrity confidentiality denial of service authentication Need to add security mechanisms 10/19/2004

3 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer
Each layer interacts with neighboring layers above and below Each layer can be defined independently Complexity of the networking is hidden from the application Transport Layer Network Layer Data Link Layer 10/19/2004

4 Security -- At What Level?
Secure traffic at various levels in the network Where to implement security? -- Depends on the security requirements of the application and the user Basic services need to be implemented: Key management Confidentiality Nonrepudation Integrity/authentication Authorization 10/19/2004

5 TCP/IP Protocol Stack Application Layer Transport Layer
Provides services to the application layer Services: Connection-oriented or connectionless transport Reliable or unreliable transport Security Transport Layer Internetwork Layer Network Access Layer 10/19/2004

6 Transport Layer Security
Advantages: Does not require enhancement to each application Disadvantages: Obtaining user context gets complicated Protocol specific --> need to duplicated for each transport protocol Need to maintain context for connection (not currently implemented for UDP) 10/19/2004

7 Transport Layer Security Protocols
Connectionless and connection-oriented transport layer service: Security Protocol 4 (SP4) – NSA, NIST Transport Layer Security (TLSP) – ISO Connection-oriented transport layer service: Encrypted Session Manager (ESM) – AT&T Bell Labs. Secure Socket Layer (SSL) – Netscape Communications Transport Layer Security (TLS) – IETF TLS WG Most popular transport layer security protocols 10/19/2004

8 SSL SSL versions: 1.0: serious security flaws – never released to public 2.0: some weaknesses (man-in-the-middle attack) – in Netscape Navigator x 3.0: no serious security flaws – in Netscape Navigator 3.0 and higher, MS Explorer 3.0 and higher 10/19/2004

9 SSL Intermediate security layer between the transport layer and the application layer Based on connection-oriented and reliable service (e.g., TCP) Able to provide security services for any TCP-based application protocol, e.g., HTTP,FTP, TELNET, POP3, etc. Application independent 10/19/2004

10 SSL Services SSL provides SSL does not provide
Client- server authentication (public-key cryptography) Data traffic confidentiality Message authentication and integrity check SSL does not provide Traffic analysis TCP implementation oriented attacks 10/19/2004

11 SSL State Information SSL session is stateful  SSL protocol must initialize and maintain session state information on either side of the session SSL session can be used for several connections  connection state information 10/19/2004

12 SSL Session State Information Elements
Session ID: chosen by the server to identify an active or resumable session state Peer certificate: certificate for peer entity (X.509 v. 3) Compression method: algorithm to compress data before encryption Cipher spec: specification of data encryption and Message Authentication Code (MAC) algorithms Master secret: 48-byte secret shared between client and server Is resumable: flag that indicates whether the session can be used to initiate new connections 10/19/2004

13 SSL Connection State Information Elements
Server and client random: byte sequences that are chosen by server and client for each connection Server write MAC secret: secret used for MAC on data written by server Client write MAC secret: secret used for MAC on data written by client Server write key: key used for data encryption by server and decryption by client Client write key: key used for encryption by client and decryption by server Initialization vector: for CBC block ciphers Sequence number: for both transmitted and received messages, maintained by each party 10/19/2004

14 SSL Protocol Architecture
10/19/2004

15 SSL Protocol Components: SSL Record Protocol SSL sub-protocols
Layered on top of a connection-oriented and reliable transport layer service Provides message origin authentication, data confidentiality, and data integrity SSL sub-protocols Layered on top of the SSL Record Protocol Provides support for SSL session and connection establishment 10/19/2004

16 SSL Record Protocol Receives data from higher layer SSL sub-protocols
Addresses Data fragmentation Compression Authentication Encryption 10/19/2004

17 SSL Record Protocol confidentiality message integrity
using symmetric encryption with a shared secret key defined by Handshake Protocol IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 message is compressed before encryption (optional) message integrity using a MAC with shared secret key similar to HMAC but with different padding 10/19/2004

18 SSL Record Protocol Operation
10/19/2004

19 SSL Sub-protocols Alert Protocol
Used to transmit alerts via SSL Record Protocol Alert message: (alert level, alert description) Handshake Protocol Used to mutually authenticate client and server and exchange session key ChangeCipherSpec Protocol Used to change cipher specifications Can be changed at the end of the handshake or later Application Protocol Used to directly pass application data to the SSL Record Protocol 10/19/2004

20 SSL Alert Protocol Use two-byte message to convey SSL-related alerts to peer entity First byte is severity level warning(1) or fatal(2) Second byte is specific alert Always fatal: unexpected_message, bad_record_mac, decompression_failure, handshake_failure, illegal_parameter Other alerts: close_notify, no_certificate, bad_certificate, unsupported_certificate, certificate_revoked, certificate_expired, certificate_unknown Compressed and encrypted like all SSL data 10/19/2004

21 SSL Handshake Protocol
Allow server and client to authenticate each other negotiate encryption and MAC algorithms negotiate cryptographic keys to be used Comprise a series of messages in phases Establish Security Capabilities Server Authentication and Key Exchange Client Authentication and Key Exchange Finish 10/19/2004

22 SSL Handshake Messages
10/19/2004

23 SSL Handshake C  S: CLIENTHELLO S  C: SERVERHELLO [CERTIFICATE]
[SERVERKEYEXCHANGE] [CERTIFICATEREQUEST] SERVERHELLODONE C  S: [CERTIFICATE] CLIENTKEYEXCHANGE [CERTIFICATEVERIFY] CHANGECIPHERSPEC FINISH S  C: CHANGECIPHERSPEC 10/19/2004

24 SSL Handshake CLIENTHELLO message is sent by the client
C  S: CLIENTHELLO CLIENTHELLO message is sent by the client When the client wants to establish a TCP connection to the server, When a HELLOREQUEST message is received, or When client wants to renegotiate security parameters of an existing connection Message content: Number of highest SSL understood by the client Client’s random structure (32-bit timestamp and 28-byte pseudorandom number) Session ID client wishes to use (ID is empty for existing sessions) List of cipher suits the client supports List of compression methods the client supports 10/19/2004

25 SSL Handshake Server processes CLIENTHELLO message
S  C: SERVERHELLO [CERTIFICATE] [SERVERKEYEXCHANGE] [CERTIFICATEREQUEST] SERVERHELLODONE SSL Handshake Server processes CLIENTHELLO message Server Respond to client with SERVERHELLO message: Server version number: lower version of that suggested by the client and the highest supported by the server Server’s random structure: 32-bit timestamp and 28-byte pseudorandom number Session ID: corresponding to this connection Cipher suite: selected by the server for client’s list Compression method: selected by the server from client’s list 10/19/2004

26 } SSL Handshake Optional messages: CERTIFICATE:
S  C: SERVERHELLO [CERTIFICATE] [SERVERKEYEXCHANGE] [CERTIFICATEREQUEST] SERVERHELLODONE } SSL Handshake Optional messages: CERTIFICATE: If the server is using certificate-based authentication May contain RSA public key  good for key exchange SERVERKEYEXCHANGE: If the client does not have certificate, has certificate that can only be used to verify digital signatures, or uses FORTEZZA token-based key exchange CERTIFICATEREQUEST: Server may request personal certificate to authenticate a client 10/19/2004

27 SSL Handshake Client processing: Verifies site certification
C  S: [CERTIFICATE] CLIENTKEYEXCHANGE [CERTIFICATEVERIFY] CHANGECIPHERSPEC FINISH SSL Handshake Client processing: Verifies site certification Valid site certification if the server’s name matches the host part of the URL the client wants to access Checks security parameters supplied by the SERVERHELLO 10/19/2004

28 SSL Handshake Client messages: CERTIFICATE
C  S: [CERTIFICATE] CLIENTKEYEXCHANGE [CERTIFICATEVERIFY] CHANGECIPHERSPEC FINISH SSL Handshake Client messages: CERTIFICATE If server requested a client authentication, client sends CLIENTKEYEXCHANGE Format depends on the key exchange algorithm selected by the server RSA: 48-byte premaster secret encrypted by the server’s public key Diffie-Hellman: public parameters between server and client in SERVERKEYEXCHANGE and CLIENTKEYEXCHANGE msgs. FORTEZZA: token-based key exchange based on public and private parameters Premaster key is transformed into a 48-byte master secret, stored in the session state 10/19/2004

29 SSL Handshake Client messages: CERTIFICATEVERIFY
C  S: [CERTIFICATE] CLIENTKEYEXCHANGE [CERTIFICATEVERIFY] CHANGECIPHERSPEC FINISH SSL Handshake Client messages: CERTIFICATEVERIFY If client authentication is required Provides explicit verification of the use’s identity (personal certificate) CHANGECIPHERSPEC Completes key exchange and cipher specification FINISH Encrypted by the newly negotiated session key Verifies that the keys are properly installed in both sites 10/19/2004

30 S  C: CHANGECIPHERSPEC
FINISH SSL Handshake Server finishes handshake by sending CHANGECIPHERSPEC and FINISH messages After SSL handshake completed a secure connection is established to send application data encapsulated in SSL Record Protocol 10/19/2004

31 SSL Handshake to Resume session
C  S: CLIENTHELLO S  C: SERVERHELLO CHANGECIPHERSPEC FINISH C  S: CHANGECIPHERSPEC 10/19/2004

32 SSL Change Cipher Spec Protocol
A single message with only one byte “1” Cause pending state to become current, hence updating the cipher suite in use 10/19/2004

33 Transport Layer Security (TLS)
Specified as IETF standard RFC 2246 Similar to SSLv3 but with minor differences in record format version number use HMAC for MAC a pseudo-random function expands secrets has additional alert codes some changes in supported ciphers changes in certificate negotiations changes in use of padding 10/19/2004

34 Next Class Kerberos and authentication 10/19/2004

Download ppt "Web Security Network Systems Security"

Similar presentations

Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Internet Security CSCE 813 Transport Layer Security

Internet Security CSCE 813 Transport Layer Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google