Web Technologies Web Technologies COMP6115COMP6115
Session 5: SecuritySession 5: SecurityDr. Paul WalcottDr. Paul WalcottDepartment of Computer Science, Mathematics and PhysicsDepartment of Computer Science, Mathematics and PhysicsUniversity of the West Indies, Cave Hill CampusUniversity of the West Indies, Cave Hill CampusBarbadosBarbados15/12/06
© 2006/2007 Dr. Paul Walcott
Session ObjectivesSession Objectives
• After completing this session you will After completing this session you will be able to:be able to:– Describe the requirements of a secure e-Describe the requirements of a secure e-
commerce Web sitecommerce Web site– Analyse a given Web siteAnalyse a given Web site’’s security and s security and
provide provide improvement improvement recommendations recommendations
IntroductionIntroduction
• E-commerce allows E-commerce allows anonymous global anonymous global users to access users to access company Web sites company Web sites 24 hours a day, 24 hours a day, 365 days a year365 days a year
• Along with this Along with this convenience are convenience are associated riskassociated risk
http://www.stpt.usf.edu/computing/images/security.jpghttp://www.stpt.usf.edu/computing/images/security.jpg
Introduction Cont’dIntroduction Cont’d
• The risks of running an e-commerce site The risks of running an e-commerce site includeincludess::– Fraud Fraud
• Anonymous users logging on to companies Web site Anonymous users logging on to companies Web site and making purchases using other people’s credit and making purchases using other people’s credit informationinformation
• The transfer of funds from/or to accounts that do not The transfer of funds from/or to accounts that do not belong to the userbelong to the user
– The unauthorised disclosureThe unauthorised disclosure of company of company confidential information or the revealing of confidential information or the revealing of confidential financial recordsconfidential financial records
Introduction Cont’dIntroduction Cont’d
– Unforeseen costsUnforeseen costs due to operating due to operating system patches, virus attacks, employee system patches, virus attacks, employee sabotage and server failuressabotage and server failures
– The loss of consumer confidenceThe loss of consumer confidence due to masquerading; e.g. a hacker due to masquerading; e.g. a hacker defacing a Web site, or advertising defacing a Web site, or advertising competitors products on the Web sitecompetitors products on the Web site
Introduction Cont’dIntroduction Cont’d
• To mitigate possible risks a good To mitigate possible risks a good security scheme is required, whichsecurity scheme is required, which– First identifies the risksFirst identifies the risks– Determines how to protect the assets at Determines how to protect the assets at
riskrisk– Calculates the amount of money that Calculates the amount of money that
should be spent protecting the assets should be spent protecting the assets atat riskrisk
Introduction Cont’dIntroduction Cont’d
• One such scheme is a One such scheme is a security security policypolicy which is a document that which is a document that describes:describes:– TThe assets requiring protection and whyhe assets requiring protection and why– The people responsible for protecting The people responsible for protecting
these assetsthese assets– WWhich behaviours are permissible and hich behaviours are permissible and
which are notwhich are not
Introduction Cont’dIntroduction Cont’d
• The security policy, which should be The security policy, which should be updated regularly, typically addresses:updated regularly, typically addresses:– Physical securityPhysical security– Computer and network securityComputer and network security– Access authorisation, andAccess authorisation, and– Disaster recoveryDisaster recovery
• In the sections that follow the above topics In the sections that follow the above topics will be discussed, however the subject of will be discussed, however the subject of cryptography will be discussed firstcryptography will be discussed first
CryptographyCryptography
What is cryptography?What is cryptography?
• It is the lock and key It is the lock and key combination that combination that prevents a non-key prevents a non-key holder from holder from deciphering a secret deciphering a secret messagemessage
• What is most important What is most important is the strength of the is the strength of the lock and the number of lock and the number of possible keyspossible keys
Cryptography Cont’dCryptography Cont’d
• To secure a house keys are usedTo secure a house keys are used
• It is assumed that an intruder can not obtain It is assumed that an intruder can not obtain a copy of the the key and enter the housea copy of the the key and enter the house– The intruder could search for all the keys in the The intruder could search for all the keys in the
world and try them one at a time, but this would world and try them one at a time, but this would take a long timetake a long time
• Computer security uses a similar system Computer security uses a similar system (public/private key and secret key (public/private key and secret key cryptography) to secure messages passed cryptography) to secure messages passed between computersbetween computers
Cryptography Cont’dCryptography Cont’d
• To describe these cryptographic To describe these cryptographic systems the following terms must first systems the following terms must first be defined:be defined:– A A keykey is used in conjunction with a cipher to is used in conjunction with a cipher to
encrypt or decrypt a message. A key is encrypt or decrypt a message. A key is simply a number (usually a binary number)simply a number (usually a binary number)
– A A ciphercipher is an algorithm used to encrypt a is an algorithm used to encrypt a messagemessage
– CiphertextCiphertext is the encrypted message is the encrypted message– PlaintextPlaintext is the unencrypted message is the unencrypted message
Cryptography Cont’dCryptography Cont’d
• Since a key is a binary number, a 56 bit key has Since a key is a binary number, a 56 bit key has about a quadrillion different key combinationsabout a quadrillion different key combinations
• Traditionally, a key length of 56 bits was Traditionally, a key length of 56 bits was considered secure since:considered secure since:– If one million keys were tried each second then it If one million keys were tried each second then it
would take 1000 years to break the ciphertextwould take 1000 years to break the ciphertext
• However, due to increases in computing power a However, due to increases in computing power a 56 bit key can now be broken in just 24 hours56 bit key can now be broken in just 24 hours
• As a result key lengths of 128 bits or more are As a result key lengths of 128 bits or more are typicaltypical
Cryptography Cont’dCryptography Cont’d
• There are two main types of There are two main types of cryptographycryptography– Secret key cryptographySecret key cryptography– Public/private key cryptographyPublic/private key cryptography
• Secret Key CryptographySecret Key Cryptography uses a uses a symmetric key to secure a messagesymmetric key to secure a message– the same key is used to encrypt and the same key is used to encrypt and
decrypt the messagedecrypt the message
Cryptography Cont’dCryptography Cont’d
http://www.uic.edu/depts/accc/newsletter/adn26/symmetric.jpg
Cryptography Cont’dCryptography Cont’d
• Public/Private Key CryptographyPublic/Private Key Cryptography uses two keysuses two keys (asymmetric key) (asymmetric key)– The public key, which is distributed to The public key, which is distributed to
everyone (the public), is used to encrypt everyone (the public), is used to encrypt the message, whilethe message, while
– The private key, which must be kept The private key, which must be kept secret, is used to decrypt the messagesecret, is used to decrypt the message
Cryptography Cont’dCryptography Cont’d
http://www.uic.edu/depts/accc/newsletter/adn26/asymmetric.jpg
Cryptography Cont’dCryptography Cont’d
Secret Key CryptographySecret Key Cryptography
• In secret key cryptography the key must In secret key cryptography the key must be kept secret by both parties that are be kept secret by both parties that are communicatingcommunicating– therefore the key must be communicated in a therefore the key must be communicated in a
secure fashion to protect against unauthorised secure fashion to protect against unauthorised accessaccess
• The advantage of secret key cryptography The advantage of secret key cryptography is that messages can be encrypted quicklyis that messages can be encrypted quickly
Cryptography Cont’dCryptography Cont’d
Public/Private Key CryptographyPublic/Private Key Cryptography• Is much slower than secret key cryptographyIs much slower than secret key cryptography• The individual or organisation that wants to The individual or organisation that wants to
receive messages keeps the private keyreceive messages keeps the private key• The public key is distributed to everyone The public key is distributed to everyone
else (the public)else (the public)• One advantage of public/private key One advantage of public/private key
cryptography is that it is easier to distribute cryptography is that it is easier to distribute the encryption key (the public key), since it the encryption key (the public key), since it does not have to be kept secretdoes not have to be kept secret
Cryptography Cont’dCryptography Cont’d
• Public/Private key cryptography is Public/Private key cryptography is based on the principle of inverse based on the principle of inverse numbernumber
• To gain insight into the principle of To gain insight into the principle of inverse numbers consider the inverse numbers consider the multiplication functionmultiplication function
• Clearly in practice the multiplication Clearly in practice the multiplication function can not be used since it is too function can not be used since it is too easy to determine the inverse numbereasy to determine the inverse number
Cryptography Cont’dCryptography Cont’d
• Private/Public key cryptography actually uses Private/Public key cryptography actually uses prime numbers and addition in modular prime numbers and addition in modular arithmeticarithmetic
656
1390
390665
Plaintext Public key
Ciphertext
Private key
Encryption
Decryption
Physical SecurityPhysical Security
• 50 years ago computer 50 years ago computer security was primarily security was primarily about physical securityabout physical security
• Security guardsSecurity guards/guard /guard dogs dogs protected the protected the companies’ assetscompanies’ assets
• To enter the building you To enter the building you needed a security badgeneeded a security badge
• Surveillance systems Surveillance systems were used to monitor were used to monitor activity and alarm activity and alarm systems warned against systems warned against security breachessecurity breaches
http://www.hits.astcorp.com/security/images/physical.jpghttp://www.hits.astcorp.com/security/images/physical.jpg
Physical Security Cont’dPhysical Security Cont’d
• Physical security worked because users accessed Physical security worked because users accessed mainframe computers through dumb terminalsmainframe computers through dumb terminals
• PProvided that the mainframe computer and rovided that the mainframe computer and terminals were secure, it made it difficult for terminals were secure, it made it difficult for individuals to penetrate these systemsindividuals to penetrate these systems
• Several mainframe computers may have been Several mainframe computers may have been connected together through dedicated links or connected together through dedicated links or telephone lines, yet infiltration was telephone lines, yet infiltration was not easynot easy
• WithWith the advent of the Internet new forms of the advent of the Internet new forms of security threats have surfacedsecurity threats have surfaced (i.e. cyber crime) (i.e. cyber crime)
Physical Security Cont’dPhysical Security Cont’d
• Physical security is no less important today Physical security is no less important today that 50 years agothat 50 years ago
• With the advent of terrorists, who are quite With the advent of terrorists, who are quite happy to blow up any infrastructure, it is just happy to blow up any infrastructure, it is just as important now to have physical securityas important now to have physical security
• All Web servers and associated machines All Web servers and associated machines require physical protectionrequire physical protection– Backup servers and storage at remote locationsBackup servers and storage at remote locations
to prevent lossesto prevent losses
Physical Security Cont’dPhysical Security Cont’d
• Today the use of fingerprint readers, and Today the use of fingerprint readers, and biometric security help provide improved biometric security help provide improved physical securityphysical security
• Physical security methods that are now Physical security methods that are now utilised include:utilised include:– Writing pads that measure the pressure and Writing pads that measure the pressure and
form of hand writingform of hand writing– Eye scannersEye scanners– Palm scanners (entire palm rather than single Palm scanners (entire palm rather than single
finger)finger)
Computer/Network SecurityComputer/Network Security
• In the computer In the computer and network and network security sectionsecurity section,, the protection of the protection of client and server client and server machines, as well machines, as well as the actual as the actual communication linecommunication line will be discussedwill be discussedhttp://www.wizbit.net/theme_images/10_r_barbed_wire.jpghttp://www.wizbit.net/theme_images/10_r_barbed_wire.jpg
Computer/Network Security Computer/Network Security Cont’dCont’d
• Before discussing computer and network Before discussing computer and network security the assurances that will be given security the assurances that will be given to the user about the safety of their data to the user about the safety of their data must be definedmust be defined
• There are four important assurances that There are four important assurances that must be given when securing an e-must be given when securing an e-commerce site, these are: confidentially, commerce site, these are: confidentially, authentication, integrity and authentication, integrity and nonrepudiationnonrepudiation
Computer/Network Security Computer/Network Security Cont’dCont’d
• ConfidentialityConfidentiality ensures that only owners of ensures that only owners of the shared key can decrypt the messagethe shared key can decrypt the message
• AuthenticationAuthentication ensures the identity of the ensures the identity of the person at either end of a communication line person at either end of a communication line are who they say they areare who they say they are
• IntegrityIntegrity ensures the message is not ensures the message is not changed during transitchanged during transit
• NonrepudiationNonrepudiation ensures that the sender ensures that the sender can not deny sending the messagecan not deny sending the message
Computer/Network Security Computer/Network Security Cont’dCont’d
• In addition two other assurances should be In addition two other assurances should be provided:provided:– Availability.Availability. Providing delivery assurance for Providing delivery assurance for
each message so that a loss will not go each message so that a loss will not go undetectedundetected
– Key Management.Key Management. Ensuring that the Ensuring that the distributing and management of keys is done distributing and management of keys is done securelysecurely (note that the distribution of public (note that the distribution of public keys is often done by third parties called keys is often done by third parties called certification authorities, e.g. Verisign)certification authorities, e.g. Verisign)
Computer/Network Security Computer/Network Security Cont’dCont’d
• These assurances are provided through These assurances are provided through the following methods:the following methods:– Public/Private keys ensure Public/Private keys ensure confidentialityconfidentiality – Digital signatures ensure Digital signatures ensure non-repudiationnon-repudiation
and and authenticationauthentication– Message authentication codes ensure Message authentication codes ensure data data
integrityintegrity
• These methods will be discussed in a later These methods will be discussed in a later sectionsection
Client Computer SecurityClient Computer Security
• This section outlines This section outlines – security threats that may occur on client security threats that may occur on client
computerscomputers– how they work how they work – and how to protect against themand how to protect against them
Client Computer Security Client Computer Security Cont’dCont’d• Active contentActive content refers to programs refers to programs
that are embedded transparently in that are embedded transparently in Web pages that cause actions to occurWeb pages that cause actions to occur– E.g. displaying moving graphics and E.g. displaying moving graphics and
downloading and playing audiodownloading and playing audio– In e-commerce it is used to place items in In e-commerce it is used to place items in
a shopping cart and compute total invoice a shopping cart and compute total invoice amountsamounts
Client Computer Security Client Computer Security Cont’dCont’d• Active content alsoActive content also
– extends HTML functionalityextends HTML functionality
• Since these programs run on the client’s Since these programs run on the client’s computer they pose a security riskcomputer they pose a security risk
• Examples include:Examples include:– CookiesCookies– Java appletsJava applets– JavaScriptJavaScript
• However, other examples include graphics, However, other examples include graphics, Web browser plug-ins and email attachmentsWeb browser plug-ins and email attachments
Client Computer Security Client Computer Security Cont’dCont’d• Since active content is embedded in Since active content is embedded in
Web pages (e.g. scripting languages) Web pages (e.g. scripting languages) they can be transparent to the they can be transparent to the browsers of the Web pagebrowsers of the Web page
• Crackers for example can include a Crackers for example can include a Trojan horseTrojan horse in a Web page in a Web page– A Trojan horse is a program hidden A Trojan horse is a program hidden
inside another program or Web page inside another program or Web page that masks its true purposethat masks its true purpose
Client Computer Security Client Computer Security Cont’dCont’d• A Trojan horse A Trojan horse cancan
– Send private information on the client’s Send private information on the client’s computer back to a server (a secrecy violation)computer back to a server (a secrecy violation)
– Could alter or erase information on the client’s Could alter or erase information on the client’s computer (an integrity violation)computer (an integrity violation)
• A A CrackerCracker might also place a might also place a zombiezombie ((a a program that takes over a computer to program that takes over a computer to launch an attack on other computerslaunch an attack on other computers) on ) on your system through a trojan horseyour system through a trojan horse
Client Computer Security Client Computer Security Cont’dCont’d
• To avoid Trojan horses do not To avoid Trojan horses do not download and install software from download and install software from sources that you do not trust; also sources that you do not trust; also make use of firewalls to block make use of firewalls to block illegitimate ingoing/outgoing trafficillegitimate ingoing/outgoing traffic
Client Computer Security Client Computer Security Cont’dCont’d• CookiesCookies were designed to solve the problem were designed to solve the problem
of the stateless nature of the HTTP protocolof the stateless nature of the HTTP protocol– To save information between one session and To save information between one session and
anotheranother
• For example, in the design of the EveryMart For example, in the design of the EveryMart Web site product page some people choose Web site product page some people choose to open a new window to allow users to enter to open a new window to allow users to enter item quantitiesitem quantities– The question then was “how do you pass The question then was “how do you pass
information back to the previous page?”information back to the previous page?”– Cookies could have been used hereCookies could have been used here
Client Computer Security Client Computer Security Cont’dCont’d
• Allowing active content to be added to Allowing active content to be added to Web pages used for e-commerce can Web pages used for e-commerce can be dangerous since:be dangerous since:– Cookies (files) frequently store credit Cookies (files) frequently store credit
card numbers, usernames and passwordscard numbers, usernames and passwords– Information stored in cookies can be read Information stored in cookies can be read
by the Server computer that stored theby the Server computer that stored themm therethere
Client Computer Security Client Computer Security Cont’dCont’d
• To protect yourself against cookiesTo protect yourself against cookies::– Disable cookies altogether, however this Disable cookies altogether, however this
will stop some sites from functioning will stop some sites from functioning correctlycorrectly•Users would have to re-enter information Users would have to re-enter information
every time they visit the Web siteevery time they visit the Web site
– Disable third-party cookiesDisable third-party cookies– Or use a third-party cookie blocker Or use a third-party cookie blocker
program that stores cookies selectivelyprogram that stores cookies selectively
Client Computer Security Client Computer Security Cont’dCont’d• ““An (Java) An (Java) appletapplet is a program written in the is a program written in the
JavaJavaTMTM programming language that can be programming language that can be included in an HTML page, much in the same included in an HTML page, much in the same way an image is included.”way an image is included.”22
• ““When you use a Java technology-enabled When you use a Java technology-enabled browser to view a page browser to view a page …… the applet's code the applet's code is transferred to your system and executed is transferred to your system and executed by the browser's Java Virtual Machine (JVM).”by the browser's Java Virtual Machine (JVM).”22
• Java applets are included into Web pages Java applets are included into Web pages using the using the <applet><applet> or or <object><object> tags. tags.
Client Computer Security Client Computer Security Cont’dCont’d• Once an applet is downloaded Java code Once an applet is downloaded Java code
runs on the clients computer which runs on the clients computer which introduces a security holeintroduces a security hole
• To counteract this Java has a security To counteract this Java has a security model called the Java sandbox which model called the Java sandbox which prevents applets from performing certain prevents applets from performing certain functions, e.g.functions, e.g.– file input, output, orfile input, output, or– delete operationsdelete operations
• This scheme provides secrecy and integrityThis scheme provides secrecy and integrity
Client Computer Security Client Computer Security Cont’dCont’d• JavaScript is a scripting language developed JavaScript is a scripting language developed
by Netscapeby Netscape• When a Web page is downloaded and When a Web page is downloaded and
contains embedded JavaScript code, it runs contains embedded JavaScript code, it runs on the user’s (client) computeron the user’s (client) computer
• JavascriptJavascript can be used to attack the client’s can be used to attack the client’s computercomputer– destroy destroy thethe hard disk hard disk– Disclose email stored in mailboxesDisclose email stored in mailboxes– Capture information stored in Web forms (e.g. Capture information stored in Web forms (e.g.
credit card information)credit card information)
Client Computer Security Client Computer Security Cont’dCont’d• Try the following Try the following
JavaScript codeJavaScript code which through the which through the use of a recursive use of a recursive routine locks up routine locks up your Web browseryour Web browser
<html> <body> <script type="text/javascript"> askmeagain(); function askmeagain() { alert("Ouch!"); askmeagain(); } </script> </body> </html>
Client Computer Security Client Computer Security Cont’dCont’d• Graphics, browser plug-ins and email Graphics, browser plug-ins and email
attachments can include executable attachments can include executable contentcontent
• Some graphic file formats contain special Some graphic file formats contain special instructions on how to render the graphicinstructions on how to render the graphic– The embedded code can be used to attack The embedded code can be used to attack
your computeryour computer
• Plug-ins enhance your browser’s Plug-ins enhance your browser’s capabilities but can also pose a threatcapabilities but can also pose a threat
Client Computer Security Client Computer Security Cont’dCont’d• A A virusvirus is software that attaches itself to is software that attaches itself to
another programanother program• A A macro virusmacro virus is a type of virus that is coded is a type of virus that is coded
as a macroas a macro• A A wormworm is a type of virus that replicates itself is a type of virus that replicates itself
on the computer it affectson the computer it affects• Email attachments may include word Email attachments may include word
processing files, spreadsheets, databases, processing files, spreadsheets, databases, images which may contain virusesimages which may contain viruses– Viruses within Word and Excel macros (Visual Basic Viruses within Word and Excel macros (Visual Basic
for Applications) can damage your computerfor Applications) can damage your computer
Client Computer Security Client Computer Security Cont’dCont’d• Viruses tend to prey on operating Viruses tend to prey on operating
system (or Web server) vulnerabilitiessystem (or Web server) vulnerabilities
• To counteract virusesTo counteract viruses– Ensure you have installed the latest Ensure you have installed the latest
security patchessecurity patches– Also eAlso ensure that you are running the nsure that you are running the
latest Antivirus software with the latest latest Antivirus software with the latest virus updatesvirus updates
Client Computer Security Client Computer Security Cont’dCont’dDigital CertificatesDigital Certificates
• One way of verifying the source of One way of verifying the source of information is through a digital certificateinformation is through a digital certificate
• A A digital certificatedigital certificate is an attachment to is an attachment to a message which verifies the sender of the a message which verifies the sender of the messagemessage
• ItIt contains an encrypted message that contains an encrypted message that – identifies the authoridentifies the author– Indicates whether the certificate is valid or notIndicates whether the certificate is valid or not
Client Computer Security Client Computer Security Cont’dCont’d• The creator of the The creator of the digital digital certificate proclaims:certificate proclaims:
– That theyThat they have have attachattacheded Mr. X public key Mr. X public key– and signed (a hash of) it with and signed (a hash of) it with theirtheir private key private key
• These digital certificates must be created by These digital certificates must be created by someone you trustsomeone you trust
• A digital A digital certificatecertificate has two parts: has two parts:– PlaintextPlaintext
• States who the certificate is created for and that the States who the certificate is created for and that the public key is attachedpublic key is attached
– The plaintext hashed and signedThe plaintext hashed and signed (using a message (using a message authentication code and a digital signature)authentication code and a digital signature)
Client Computer Security Client Computer Security Cont’dCont’d• Other information on theOther information on the digital certificate digital certificate
is:is:– The certificate’s owner’s identifying information, The certificate’s owner’s identifying information,
such as name, organisation and addresssuch as name, organisation and address– The certificate owner’s public keyThe certificate owner’s public key– Dates between which the certificate is validDates between which the certificate is valid– Serial number of the certificateSerial number of the certificate– Name of the certificate issuerName of the certificate issuer– Digital signature of the certificate issuerDigital signature of the certificate issuer
Client Computer Security Client Computer Security Cont’dCont’d
• Digital certificates are issued by a Digital certificates are issued by a certification authority (CA)certification authority (CA)– To individuals or organisationsTo individuals or organisations– Appropriate proof of identity must be Appropriate proof of identity must be
providedprovided
• One of the oldest and best know One of the oldest and best know certification authority is VeriSigncertification authority is VeriSign
• Communication channel Communication channel threats threats come from various sources including:come from various sources including:– Sniffer ProgramsSniffer Programs– BackdoorsBackdoors– CyberVandalismCyberVandalism– Masquerading or SpoofingMasquerading or Spoofing– Denial-of-ServiceDenial-of-Service
Comm. Channel SecurityComm. Channel Security
CommComm.. Channel Security Channel Security Cont’dCont’dSniffer ProgramsSniffer Programs
• These programs provide a means of These programs provide a means of recording packets passing through a recording packets passing through a computer or routercomputer or router– It is similar to telephone line tappingIt is similar to telephone line tapping
• Sniffer programs canSniffer programs can– Read email messagesRead email messages– Read user logins and passwordsRead user logins and passwords– Read credit card numbersRead credit card numbers
CommComm.. Channel Security Channel Security Cont’dCont’dBackdoorsBackdoors• Some e-commerce programs contain Some e-commerce programs contain
backdoorsbackdoors• These backdoors are left intentionally or These backdoors are left intentionally or
unintentionally by software developersunintentionally by software developers• Backdoors provide a way for an unauthorised Backdoors provide a way for an unauthorised
user to gain access to protected information user to gain access to protected information including:including:– Credit card informationCredit card information– Proprietary company information (which could be Proprietary company information (which could be
sold for millions to competitors)sold for millions to competitors)
CommComm.. Channel Security Channel Security Cont’dCont’d
CyberVandalismCyberVandalism
• This is the electronic defacing of Web This is the electronic defacing of Web site pagessite pages– By rBy replaceplacinging regular content regular content
• ItIt i is parallel s parallel toto the spraying of graffiti the spraying of graffiti on public propertyon public property
CommComm.. Channel Security Channel Security Cont’dCont’dMasquerading or SpoofingMasquerading or Spoofing• This is when a person impersonates someone This is when a person impersonates someone
elseelse– E.g. pretending that a Web site belongs to E.g. pretending that a Web site belongs to
someone else, when it does notsomeone else, when it does not
• On a domain name server a perpetrator On a domain name server a perpetrator might use a security hole in order to change might use a security hole in order to change the IP address of a given Web pagethe IP address of a given Web page– Any order entered on this new page could then be Any order entered on this new page could then be
modified (e.g. change the shipping address of the modified (e.g. change the shipping address of the goods) and sent to the original Web site.goods) and sent to the original Web site.
CommComm.. Channel Security Channel Security Cont’dCont’dDenial-of-Service ThreatDenial-of-Service Threat• This threat disrupts normal computer This threat disrupts normal computer
processingprocessing• For example a zombie computer For example a zombie computer could could
be usedbe used to flood a Web site with to flood a Web site with packetspackets
• This prevented legitimate users from This prevented legitimate users from using the Web siteusing the Web site
• This also may lead to a loss in businessThis also may lead to a loss in business
CommComm.. Channel Security Channel Security Cont’dCont’d• Solutions Solutions for communication channel for communication channel
threats includethreats include::– Symmetric EncryptionSymmetric Encryption (discussed earlier) (discussed earlier)– Asymmetric EncryptionAsymmetric Encryption (discussed earlier) (discussed earlier)– Digital SignaturesDigital Signatures– Message HashingMessage Hashing– Digital CertificatesDigital Certificates (discussed earlier) (discussed earlier)– Secure Socket LayerSecure Socket Layer
CommComm.. Channel Security Channel Security Cont’dCont’dDigital SignaturesDigital Signatures• Are an electronic version of a written signatureAre an electronic version of a written signature• When creating a digital signature a pWhen creating a digital signature a private keyrivate key
is used to is used to encryptencrypt and the p and the public key ublic key to to decryptdecrypt• Since the process of signing is slow (because it Since the process of signing is slow (because it
utilises public/private key cryptography)utilises public/private key cryptography), , messages are compressed before they are messages are compressed before they are signedsigned
• Alternatively, a Alternatively, a hashhash is created from the is created from the message and signedmessage and signed which improves speed which improves speed
CommComm.. Channel Security Channel Security Cont’dCont’dMessage Authentication CodeMessage Authentication Codes (MACs)s (MACs)• Ensure the integrity of dataEnsure the integrity of data• MACMACss work in the following way work in the following way
– The sender creates the MAC using the message to The sender creates the MAC using the message to be transmitted and a publicly available be transmitted and a publicly available MAC MAC formulaformula
– Both the Both the MAC MAC and the message are and the message are transmitted transmitted– The receiver creates a MAC from the The receiver creates a MAC from the received received
messagemessage, and, and– CCompares the two MACsompares the two MACs. I. If thef they are they are the same the same the
message has not been tampered withmessage has not been tampered with
CommComm.. Channel Security Channel Security Cont’dCont’d• MACs are important sinceMACs are important since
– A MAC is very small (a number of bytes) A MAC is very small (a number of bytes) compared with the size of most messagescompared with the size of most messages
– Messages are often longMessages are often long– Encryption and decryption is time-consumingEncryption and decryption is time-consuming– It ensures message integrityIt ensures message integrity– It is not the same as compression since you It is not the same as compression since you
can not recover the original message from the can not recover the original message from the MACMAC
– It is similar to a checksumIt is similar to a checksum
CommComm.. Channel Security Channel Security Cont’dCont’dHashingHashing
• MAC and hashing are extremely similarMAC and hashing are extremely similar
• A hash value is generated using a hash A hash value is generated using a hash algorithmalgorithm
• HHash valueash valuess act as a fingerprint act as a fingerprintss for for messagemessagess
• Hash values are almost always unique (very Hash values are almost always unique (very low probability of same hash value)low probability of same hash value)
• A hash provides message integrityA hash provides message integrity
CommComm.. Channel Security Channel Security Cont’dCont’dSecure Sockets LayerSecure Sockets Layer• This provides a secure way for client and This provides a secure way for client and
server to transmit confidential informationserver to transmit confidential information• A session key is a secret key created (for A session key is a secret key created (for
the purpose of encrypted communication) the purpose of encrypted communication) for the duration of an SSL sessionfor the duration of an SSL session
• Public/Private key cryptography is used to Public/Private key cryptography is used to transmit the session keytransmit the session key
CommComm.. Channel Security Channel Security Cont’dCont’d
• Secret key encryption is used for all Secret key encryption is used for all subsequent communicationsubsequent communication– Secret key encryption is between 100 – Secret key encryption is between 100 –
1000 times faster than Public/Private 1000 times faster than Public/Private Key encryptionKey encryption
• The following diagram describes the The following diagram describes the handshaking done by the client and handshaking done by the client and serverserver
CommComm.. Channel Security Channel Security Cont’dCont’d
Client sends “hello” message
Send encryption algorithms
and key length
Server responsewith “hello”
message
Client sends response
Session SessionSend data between client and
Server using private, shared key
Send client certificate andEncrypted private session key
Send server certificatecontaining server’s
Public keyServer receives client response
and initiatessession
Server Computer SecurityServer Computer Security
• Server vulnerabilities come from Server vulnerabilities come from – Web servers and their softwareWeb servers and their software– Backend programs such asBackend programs such as
•Database programsDatabase programs
Server Computer SecurityServer Computer Security
Web Server ThreatsWeb Server Threats• The more complex thThe more complex thee software the software the
more more likelylikely it contains errors which it contains errors which might lead to vulnerabilitiesmight lead to vulnerabilities
• A Web server can compromise secrecy A Web server can compromise secrecy if it allows automatic directory listingsif it allows automatic directory listings
• Passwords users select could be a Passwords users select could be a threat since a dictionary attack might threat since a dictionary attack might reveal reveal themthem
Server Computer SecurityServer Computer Security
Database ThreatsDatabase Threats
• These databases store confidential These databases store confidential informationinformation
• Some databases store Some databases store username/passwords in unencrypted username/passwords in unencrypted tables, or do not enforce security at tables, or do not enforce security at allall
Server Computer SecurityServer Computer Security
Other ThreatsOther Threats• Threats may arise when programs are Threats may arise when programs are
executed by the serverexecuted by the server– E.g. buffer overrun or buffer overflowE.g. buffer overrun or buffer overflow
•Buffers can overflow into critical memory Buffers can overflow into critical memory locations causing the Web server to run an locations causing the Web server to run an attacker’s programattacker’s program
– Mail bombs cause mail servers to Mail bombs cause mail servers to malfunction by overloading them with malfunction by overloading them with emailemail
Server Computer SecurityServer Computer Security
FirewallsFirewalls
• For For a useful presentation on firewalls a useful presentation on firewalls see: see: http://scitec.uwichill.edu.bb/cmp/onlihttp://scitec.uwichill.edu.bb/cmp/online/comp3210/presentations/Antonione/comp3210/presentations/AntonioArthur.pptArthur.ppt
Access AuthorisationAccess Authorisation
• Only allow authorised Only allow authorised users to access users to access services. This can be services. This can be controlled throughcontrolled through– Digital certificates: Digital certificates:
• Ensure the digital Ensure the digital signature is validsignature is valid
• Check the time stamp Check the time stamp on the digital on the digital certificatecertificate
– Usernames and Usernames and passwordspasswords
http://www.axis.com/products/video/camera/about_cameras/img/password.jpghttp://www.axis.com/products/video/camera/about_cameras/img/password.jpg
Disaster RecoveryDisaster Recovery
• Disaster recovery is Disaster recovery is concerned with how concerned with how quickly a company quickly a company can recover from can recover from machine failure, machine failure, disk failures, disk failures, software failure and software failure and power failures and power failures and surgessurgeshttp://www.nationalgeographic.com/ngkids/0312/images/stories_volcano_image.jpg
ReferencesReferences
[1] Schneider, Gary, P., “Electronic Commerce: The second wave”, [1] Schneider, Gary, P., “Electronic Commerce: The second wave”, Thomson Course Technology, Fifth Annual Edition, 2004Thomson Course Technology, Fifth Annual Edition, 2004
[2] Sun Microsystems, “[2] Sun Microsystems, “Code Samples and Apps”, 2005. Available Code Samples and Apps”, 2005. Available online at http://java.sun.com/applets/online at http://java.sun.com/applets/