web security and email security computer security and cyber law itc 229
TRANSCRIPT
Web Security and Email Security
Computer Security and Cyber LawITC 229
Web Security
Web now widely used by business, government, individuals
but Internet & Web are vulnerablehave a variety of threats
integrityconfidentialitydenial of serviceauthentication
need added security mechanisms
Web Security Threats Passive Attack
Passive attack include eavasdropping on the network traffic between browser and server and gaining access to information on a web site that is suppose to be restricted.
Active Attack Active attack include impersonating another user ,
altering message in transit between client and server, and altering information on a web site.
Location of the Threats Web server, web browser and network traffic between
browser and server Issue of server and browser
Web Security Threats
Threats Consequences Countermeasures
Integrity Modification of user dataTrojan horse browserModification of memoryModification of message traffic in transit
Loss of informationCompromise of machineVulnerability to all other threats
Cryptographic checksums
Confidentiality Eavesdropping on the NetTheft of information from serverTheft of data from clientInformation about network configurationInformation about which client talks to server
Loss of informationLoss of privacy
Encryption, web proxies
Web Security Threats
Threats Consequences Countermeasures
Denial of Service
Killing of user threadsFlooding machine with bogus requestsFilling up disk or memoryIsolating machine by DNS attacks
DisruptiveAnnoyingPrevent user from getting work done
Difficult to prevent
Authentication Impersonation of legitimate users
Misrepresentation of user Belief that false information is valid
Cryptographic techniques
SSL (Secure Socket Layer)
transport layer security serviceoriginally developed by Netscapeversion 3 designed with public inputsubsequently became Internet standard known
as TLS (Transport Layer Security)uses TCP to provide a reliable end-to-end
serviceSSL has two layers of protocols
SSLSecure Sockets Layer (SSL), is cryptographic protocols that provide communication security over the Internet. SSL encrypt the segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).
Where does SSL fits?
HTTP SMTP POP3
80 25 110
HTTPS SSMTP SPOP3
443 465 995
Secure Sockets Layer
Transport
Network
Link
SSL Services
peer entity authentication data confidentiality data authentication and integrity compression/decompression generation/distribution of session keys
integrated into protocol security parameter negotiation
SSL Architecture
SSL ArchitectureSSL session
an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections
SSL connection A connection is a transport that provides a
suitable type of service For SSL such type of connection are peer to
peer a transient, peer-to-peer, communications link Every SSL connection is associated with 1 SSL
session
SSL Record Protocol
Provide two services for SSL connections: confidentiality
using symmetric encryption with a shared secret key defined by Handshake Protocol
IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128
message is compressed before encryption message integrity
using a MAC (Message Authentication Code) created using a shared secret key and a short message
Can be utilized by some upper-layer protocols of SSL.(hand shake protocol )
SSL Change Cipher Spec Protocol
one of 3 SSL specific protocols which use the SSL Record protocol
a single message add from book....... causes pending state to become current hence updating the cipher suite in use
Alert Protocol
Enables the parties to exchange error or warning information.
it identifies problems with the protocol or potential security problems with the session.
Alert messages communicate the severity of the message and a description of the alert
Fatal messages result in connection termination.
SSL Handshake Protocol Responsible for the negotiations that start a SSL
session. Establishment of the secure channel between
the client and the server Provides the keys and the algorithm information
to SSL Record Protocol, above it Enables clients and servers
authenticate each other
To negotiate encryption & MAC algorithms
to negotiate cryptographic keys to be used
comprises a series of messages in phases
Generate shared secrets using public-key encryption techniques
SSL Handshake Protocol
Handshake Protocol divided into 4 phases: Establish Security Capabilities Server Authentication and key Exchange Client Authentication and key Exchange Change CipherSpec and Finish
SSL Handshake Action
Overview of TLS
IETF standard RFC 2246 similar to SSLv3with minor differences
in record format version number uses HMAC for MAC a pseudo-random function expands secrets has additional alert codes some changes in supported ciphers changes in certificate negotiations changes in use of padding
TLS VS SSL
TLS uses HMAC, SSL uses a precursor TLS MAC covers compression version
field in addition to what SSL MAC covers TLS defines additional alert codes other minor differences TLS has a mode to fall back to SSL
HTTPS
HTTPS = combination of HTTP and SSL to implement secure communication between web browser to web server.
Uses port 443 When HTTPS is used the following elements of
the communication are encrypted URL of the requested document Contents of document Contents of browser forms Cookies sent from browser to server and from
server to browser. Contains HTTP header
Secure Electronic Transactions (SET)
open encryption & security specificationto protect Internet credit card transactionsdeveloped in 1996 by Mastercard, Visa etcnot a payment system, rather a set of security protocols & formatssecure communications amongst partiestrust from use of X.509v3 certificatesprivacy by restricted info to those who need it
SET Components
Dual Signature
customer creates dual messages order information (OI) for merchant payment information (PI) for bank neither party needs details of other but must know they are linked use a dual signature for this signed concatenated hashes of OI & PI.
Payment Processing Payment Processor
In electronic commerce, the firm that processes credit card transactions on behalf of a bank.
Payment Processing it describe the process and service that
automates payment transactions between the shopper and merchant.
It is usually a third-party service that is actually a system of computer processes that process, verify, and accept or decline credit card transactions on behalf of the merchant through secure Internet connections.
SMTP, PEM, PGP, MIME SMIME,and Concept Secure email
Threats
Threats to the security of e-mail itselfLoss of confidentialityE-mails are sent in clear over open networksE-mails stored on potentially insecure clients and mail
serversLoss of integrityNo integrity protection on e-mails; body can be altered in
transit or on mail serverLack of data origin authenticationLack of non-repudiationLack of notification of receipt
Threats Enabled by E-mail
Disclosure of sensitive information Exposure of systems to malicious codeDenial-of-Service (DoS)Unauthorized accesses etc.
Email based Attacks
Active content attackClean up at the server (AV, Defang)
Buffer over-flow attackFix the code
Shell script attackScan before send to the shell
Trojan Horse AttackUse “do not automatically use the macro” option
Web bugs (for tracking)
SMTP
Simple Mail Transfer Protocol is a protocol for sending e-mail messages between servers and uses TCP port 25.
Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an e-mail client using either POP or IMAP.
In addition, SMTP is generally used to send messages from a mail client to a mail server.
SMTP
While electronic mail servers and other mail transfer agents use SMTP to send and receive mail messages, user-level client mail applications typically only use SMTP for sending messages to a mail server for relaying
Goal: To transfer mail reliably and efficiently
SMTPSMTP clients and servers have two main components
User Agents – Prepares the message, encloses it in an envelope. (ex. Thunderbird, Eudora)
Mail Transfer Agent – Transfers the mail across the internet (ex. Sendmail, Exim)
Analogous to the postal system in many ways
SMTP
SMTP also allows the use of Relays allowing other MTAs to relay the mail
Mail Gateways are used to relay mail prepared by a protocol other than SMTP and convert it to SMTP
Format of an email
Mail is a text fileEnvelope –
sender address
receiver address
other information
Message :- Mail Header – defines the sender, the receiver, the subject of the message, and other information
Mail Body :- Contains the actual information in the message
Connection Establishment
TCP Connection Establishment
Connection Termination
TCP Connection Termination
Limitations in SMTP
Only uses 7 bit ASCII formatNo authentication mechanismsMessages are sent un-encryptedSusceptible to misuse (Spamming, faking
sender address)
Privacy-Enhanced Mail (PEM)
Privacy-Enhanced Mail (PEM) is an Internet standard that provides for secure exchange of electronic mail.
PEM employs a range of cryptographic techniques to allow for confidentiality, sender authentication, and message integrity.
The message integrity aspects allow the user to ensure that a message hasn't been modified during transport from the sender.
The sender authentication allows a user to verify that the PEM message that they have received is truly from the person who claims to have sent it.
The confidentiality feature allows a message to be kept secret from people to whom the message was not addressed.
PGPEmail Security Enhancements
authenticationof sender of message or reciever of message in some casesCertification mechanisms
confidentialityprotection from disclosure (against replay attacks)
message integrityprotection from modification available in public-key encryption
non-repudiation of originprotection from denial by senderavailable in public-key encryption
PGPPGP Services
messagesauthenticationconfidentialitycompressionE-mail compatibilitysegmentation and reassemblynon-repudiation of origin
key managementgeneration, distribution, and revocation of public/private keysgeneration and transport of session keys
PGPAuthentication
based on digital signaturesmessage is hashed and 128-bit output is added to message packet supported algorithms: RSA/SHA and DSS/SHA (unrecoverable)distributed certification mechanism where every sender/reciever is a certificate authority
PGPConfidentiality
Solved by symmetric key message encryption with a random, single-use session key128-bit session key is encrypted with the public key of the receiversupported algorithms:symmetric: CAST, IDEA, 3DES, asymmetric: RSA,
PGPCompression
Applied after the signatureenough to store clear message and signature for later verificationit would be possible to dynamically compress messages before
signature verification, then all PGP implementations should use the same compression
algorithmhowever, different PGP versions use slightly different compression
algorithmsapplied before encryption
compression reduces redundancy makes cryptanalysis harderless bandwidth usageUseful against decryption attacks where the frequency of letters are
used supported algorithm: ZIP
PGPEmail compatibility
encrypted messages and signatures may contain arbitrary octetsmost e-mail systems support only ASCII characterstext file processing is different on different OSs, PGP message packet may optionally include OS information PGP converts an arbitrary binary stream into a stream of printable ASCII characters
PGPPacket Structure
Message packet, signature packet and session key packetPGP can produce only message packet + session key packet or signature packet (compression optional)Timestamp is included to overcome attacks by intruders who steals the whole packet and sends again (e.g. Money transfer)
PGPMessage Format
PGPKey ID
a user may have several public key – private key pairswhich private key to use to decrypt the session key?which public key to use to verify a signature?
transmitting the whole public key would be wastefulassociating a random ID to a public key would result in management burdenPGP key ID: least significant 64 bits of the public keyunique within a user with very high probability
PGPRandom number generators
true random numbersused to generate public key – private key pairs (512-
2048 bit)provide the initial seed for the pseudo-random
number generator (PRNG)provide additional input during pseudo-random
number generation
pseudo-random numbersused to generate session keys
PGPTrue random numbers
PGP maintains a 256-byte buffer of random bitseach time PGP expects a keystroke from the user, it recordsthe time when it starts waiting (32 bits)the time when the key was pressed (32 bits)the value of the key stroke (8 bits)
the recorded information is used to generate a keythe generated key is used to encrypt the current value of the random-bit buffer
PGPPrivate key ring
used to store the public key – private key pairs owned by a given usershould be stored on portable storage (floppy,USB disks)essentially a table, where each row contains the following entries:timestampkey ID (indexed)public keyencrypted private key ( MD5(pwd)+IDEA )user ID (indexed)
PGPPublic key ring
used to store public keys of other usersa table, where each row contains the following entries:
timestampkey ID (indexed)public keyuser ID (indexed)owner trustsignature(s)signature trust(s)key legitimacy
PGPTrust models
Direct trusta user trusts that a key is valid because he or she knows where it came from
Hierarchical trustTree structured trust where there are roots and leaves
Web of trust (PGP model of trust)A graph structure where a certificate might be trusted directly, or trusted in some chain going back to a directly trusted root certificate. Everyone is a certificate authority.
PGPTrust management
owner trustassigned by the user possible values:unknown userusually not trusted to signusually trusted to signAlways trusted to signultimately trusted (own key, present in private key ring)
signature trustassigned by the PGP systemif the corresponding public key is already in the public-key
ring, then its owner trust entry is copied into signature trustotherwise, signature trust is set to unknown user
PGPVulnerabilities
Compromised passphrase and private key (publishing them)
Public key tampering (get public key directly from owner)
Not quite deleted files (OS issue)
Viruses and Trojan horses
Swap files or virtual memory (OS issue)
Physical security breach (Server Key Mode, in Universal PGP)
Tempest attacks (electromagnetic signal)
Protecting against bogus timestamps (trusted third party, message timestamp)
Exposure on multi-user systems (network sniffers)
Traffic analysis (no protection)
Cryptanalysis (expensive)
PGPSecuring PGP
Store the private key on portable disk and always backup
Choose the password that is used to encrypt the private key as long as possible and easy to remember but hard to guess
Obey the certificate rules strictly or ask for a confirmation of public key
Let PGP delete the message permanently after creating, if the message is important (OS)
