Cryptography and Cryptography and Network SecurityNetwork Security

Chapter 17Chapter 17

Fourth EditionFourth Edition

by William Stallingsby William Stallings

Lecture slides by Lawrie BrownLecture slides by Lawrie Brown

Chapter 17 – Web SecurityChapter 17 – Web Security

Use your mentalityUse your mentality

Wake up to realityWake up to reality

——From the song, "I've Got You under From the song, "I've Got You under My Skin“ by Cole PorterMy Skin“ by Cole Porter

Web SecurityWeb Security

Web now widely used by business, Web now widely used by business, government, individualsgovernment, individuals

but Internet & Web are vulnerablebut Internet & Web are vulnerable have a variety of threatshave a variety of threats

integrityintegrity confidentialityconfidentiality denial of servicedenial of service authenticationauthentication

need added security mechanismsneed added security mechanisms

SSL (Secure Socket Layer)SSL (Secure Socket Layer)

transport layer security servicetransport layer security service originally developed by Netscapeoriginally developed by Netscape version 3 designed with public inputversion 3 designed with public input subsequently became Internet standard subsequently became Internet standard

known as TLS (Transport Layer Security)known as TLS (Transport Layer Security) uses TCP to provide a reliable end-to-end uses TCP to provide a reliable end-to-end

serviceservice SSL has two layers of protocolsSSL has two layers of protocols

SSL ArchitectureSSL Architecture

SSL ArchitectureSSL Architecture

SSL connectionSSL connection a transient, peer-to-peer, communications linka transient, peer-to-peer, communications link associated with 1 SSL sessionassociated with 1 SSL session

SSL sessionSSL session an association between client & serveran association between client & server created by the Handshake Protocolcreated by the Handshake Protocol define a set of cryptographic parametersdefine a set of cryptographic parameters may be shared by multiple SSL connectionsmay be shared by multiple SSL connections

SSL Record Protocol ServicesSSL Record Protocol Services

message integritymessage integrity using a MAC with shared secret keyusing a MAC with shared secret key similar to HMAC but with different paddingsimilar to HMAC but with different padding

confidentialityconfidentiality using symmetric encryption with a shared using symmetric encryption with a shared

secret key defined by Handshake Protocolsecret key defined by Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, AES, IDEA, RC2-40, DES-40, DES, 3DES,

Fortezza, RC4-40, RC4-128Fortezza, RC4-40, RC4-128 message is compressed before encryptionmessage is compressed before encryption

SSL Record Protocol SSL Record Protocol OperationOperation

SSL Change Cipher Spec SSL Change Cipher Spec ProtocolProtocol

one of 3 SSL specific protocols which use one of 3 SSL specific protocols which use the SSL Record protocolthe SSL Record protocol

a single messagea single message causes pending state to become currentcauses pending state to become current hence updating the cipher suite in usehence updating the cipher suite in use

SSL Alert ProtocolSSL Alert Protocol conveys SSL-related alerts to peer entityconveys SSL-related alerts to peer entity severityseverity

• warning or fatalwarning or fatal

specific alertspecific alert• fatal: unexpected message, bad record mac, fatal: unexpected message, bad record mac,

decompression failure, handshake failure, illegal decompression failure, handshake failure, illegal parameterparameter

• warning: close notify, no certificate, bad certificate, warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, unsupported certificate, certificate revoked, certificate expired, certificate unknowncertificate expired, certificate unknown

compressed & encrypted like all SSL datacompressed & encrypted like all SSL data

SSL Handshake ProtocolSSL Handshake Protocol allows server & client to:allows server & client to:

authenticate each otherauthenticate each other to negotiate encryption & MAC algorithmsto negotiate encryption & MAC algorithms to negotiate cryptographic keys to be usedto negotiate cryptographic keys to be used

comprises a series of messages in phasescomprises a series of messages in phases1.1. Establish Security CapabilitiesEstablish Security Capabilities

2.2. Server Authentication and Key ExchangeServer Authentication and Key Exchange

3.3. Client Authentication and Key ExchangeClient Authentication and Key Exchange

4.4. FinishFinish

SSL Handshake ProtocolSSL Handshake Protocol

TLS (Transport Layer TLS (Transport Layer Security)Security)

IETF standard RFC 2246 similar to SSLv3IETF standard RFC 2246 similar to SSLv3 with minor differenceswith minor differences

in record format version numberin record format version number uses HMAC for MACuses HMAC for MAC a pseudo-random function expands secretsa pseudo-random function expands secrets has additional alert codeshas additional alert codes some changes in supported cipherssome changes in supported ciphers changes in certificate types & negotiationschanges in certificate types & negotiations changes in crypto computations & paddingchanges in crypto computations & padding

Secure Electronic Transactions Secure Electronic Transactions (SET)(SET)

open encryption & security specificationopen encryption & security specification to protect Internet credit card transactionsto protect Internet credit card transactions developed in 1996 by Mastercard, Visa etcdeveloped in 1996 by Mastercard, Visa etc not a payment systemnot a payment system rather rather a set of security protocols & formatsa set of security protocols & formats

secure communications amongst partiessecure communications amongst parties trust from use of X.509v3 certificatestrust from use of X.509v3 certificates privacy by restricted info to those who need itprivacy by restricted info to those who need it

SET ComponentsSET Components

SET TransactionSET Transaction

1.1. customer opens accountcustomer opens account2.2. customer receives a certificatecustomer receives a certificate3.3. merchants have their own certificatesmerchants have their own certificates4.4. customer places an ordercustomer places an order5.5. merchant is verifiedmerchant is verified6.6. order and payment are sentorder and payment are sent7.7. merchant requests payment authorizationmerchant requests payment authorization8.8. merchant confirms ordermerchant confirms order9.9. merchant provides goods or servicemerchant provides goods or service10.10. merchant requests paymentmerchant requests payment

Dual SignatureDual Signature

customer creates dual messagescustomer creates dual messages order information (OI) for merchantorder information (OI) for merchant payment information (PI) for bankpayment information (PI) for bank

neither party needs details of otherneither party needs details of other but but mustmust know they are linked know they are linked use a dual signature for thisuse a dual signature for this

signed concatenated hashes of OI & PIsigned concatenated hashes of OI & PIDS=E(PRDS=E(PRcc, [H(H(PI)||H(OI))]), [H(H(PI)||H(OI))])

SET Purchase RequestSET Purchase Request

SET purchase request exchange SET purchase request exchange consists of four messagesconsists of four messages

1.1. Initiate Request - get certificatesInitiate Request - get certificates

2.2. Initiate Response - signed responseInitiate Response - signed response

3.3. Purchase Request - of OI & PIPurchase Request - of OI & PI

4.4. Purchase Response - ack orderPurchase Response - ack order

Purchase Request – Purchase Request – CustomerCustomer

Purchase Request – MerchantPurchase Request – Merchant

1.1. verifies cardholder certificates using CA sigsverifies cardholder certificates using CA sigs2.2. verifies dual signature using customer's public verifies dual signature using customer's public

signature key to ensure order has not been signature key to ensure order has not been tampered with in transit & that it was signed tampered with in transit & that it was signed using cardholder's private signature keyusing cardholder's private signature key

3.3. processes order and forwards the payment processes order and forwards the payment information to the payment gateway for information to the payment gateway for authorization (described later)authorization (described later)

4.4. sends a purchase response to cardholdersends a purchase response to cardholder

Purchase Request – MerchantPurchase Request – Merchant

Payment Gateway Payment Gateway AuthorizationAuthorization

1.1. verifies all certificatesverifies all certificates2.2. decrypts digital envelope of authorization block to obtain decrypts digital envelope of authorization block to obtain

symmetric key & then decrypts authorization blocksymmetric key & then decrypts authorization block3.3. verifies merchant's signature on authorization blockverifies merchant's signature on authorization block4.4. decrypts digital envelope of payment block to obtain decrypts digital envelope of payment block to obtain

symmetric key & then decrypts payment blocksymmetric key & then decrypts payment block5.5. verifies dual signature on payment blockverifies dual signature on payment block6.6. verifies that transaction ID received from merchant verifies that transaction ID received from merchant

matches that in PI received (indirectly) from customermatches that in PI received (indirectly) from customer7.7. requests & receives an authorization from issuerrequests & receives an authorization from issuer8.8. sends authorization response back to merchantsends authorization response back to merchant

Payment CapturePayment Capture

merchant sends payment gateway a merchant sends payment gateway a payment capture requestpayment capture request

gateway checks requestgateway checks request then causes funds to be transferred to then causes funds to be transferred to

merchants accountmerchants account notifies merchant using capture responsenotifies merchant using capture response

SummarySummary

have considered:have considered: need for web securityneed for web security SSL/TLS transport layer security protocolsSSL/TLS transport layer security protocols SET secure credit card payment protocolsSET secure credit card payment protocols