WEB SECURITY

CONTENTS

• Web Security Considerations

• SSL (Secure Socket Layer)

• TLS (Transport Layer Security)

• SET (Secure Electronic Transaction)

• Ending Words

MUSARRAT NAZ

SANIA HAROON

MUHAMMAD HANIF

AHMED FARDEEN

PROJECT MANAGER:

INSTRUCTOR:

HIRA SHAZ

MADAM ASIMA NISAR

WEB SECURITY CONSIDERATION

S

WEB SECURITY CONSIDERATIONS:

Web security is fundamentally a client/server application running over the Internet and TCP/IP intranets

• The WEB is very visible.• Complex software hide

many security flaws.• Web servers are easy to

configure and manage.• Users are not aware of

the risks.

Web Security Threats:

Security threats faced in using the web

1.One way

Active attacks

Passive attacks

2. Another way

Classify location of the threat

e.g Web server, Web browser, and network traffic between browser and server

Web Traffic Security Approaches:

•Web security provide to use IP security

•Advantage of using IPSec is that is transparent to end users and applications

•IPSec includes a filtering capability so that only selected traffic need incur the overhead of IPSec processing

•The foremost example of this approach is Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

•SSL or TLS could be provided protocol suite

•SSL can be embedded in specific packages

Web Traffic Security Approaches:

Security Facilities in the TCP/IP Protocol Stack:

SECURE SOCKET LAYER (SSL)

Secure Socket Layer (SSL) Protocol:

• SSL was originated by Netscape

•TLS working group was formed within IETF (Internet Engineering Task Force).

•SSL is designed to make use of TCP to provide reliable end-to-end secure service.

•SSL is not a single layer protocol but rather two layers of protocols.

SSL Architecture:

SSL Concept:

Connection: A connection is a transport that provides a suitable type of service.

Session: An SSL session is an associated between a client and a server.

Web clientWeb server

SSL Record Protocol:• Provides basic security services to various

higher-layer protocols.o HTTPo Handshake Protocolo Change Cipher Spec Protocolo Alert Protocol

• Provides 2 services for SSL connections:o Confidentiality: Handshake protocol

defines a shared secret key used for conventional encryption of SSL payloads.

o Message Integrity: Handshake protocol also defines a shared secret key used to form a message authentication code (MAC).

SSL Record Protocol Operation:

SSL Record Format:

Higher-Layer Protocols:

1. Handshake Protocol:• The most complex part of SSL.

• Allows the server and client to authenticate each other.

• Negotiate encryption, MAC algorithm and cryptographic keys.

• Used before any application data are transmitted.

Handshake Protocol Action:

2. Change Cipher Spec Protocol• Use SSL record protocol• Update the cipher suite to be used on

this connection

3. Alert Protocol• Used to convey SSL-related alerts to the peer entity.

TRANSPORT LAYER

SECURITY (TLS)

Transport Layer Security (TLS):

• The same record format as the SSL record format.

• Defined in RFC 2246.

• Similar to SSLv3.

• IETF (Internet Engineering Task Force) formed a TLS working group

• First version of TLS can be viewed as an SSLv3.1

•TLS mandated the use of DSS instead of RSA

Differences in the:

• version number• message authentication code• pseudorandom function• alert codes• cipher suites • client certificate types• certificate_verify and finished message• cryptographic computations• padding

Version number:

• The TLS record format is the same as that of the SSL Record Format, and the fields in the header have the same meanings

• The one difference is in version values

• For the current version of TLS, the Major Version is 3 and Minor Version is 1

Message Authentication Code:

• Two difference between SSLv3 and TLS MAC schemes:

-actual algorithm

-scope of the MAC calculation

• TLS makes HMAC algorithm

• HMAC is defined in RFC 2104

Pseudorandom Function:

• TLS makes use of pseudorandom function referred to as PRF to expand secrets into block of data for purpose of key generation or validation

• The objective is to make use of relatively small shared secret value but to generate longer blocks of data that is secure from the kinds of attacks made on hash function and MACs

• The PRF is based on following data expansion function:

p_hash(secret, seed)=HMAC_hash (secret, A(1)||seed) ||

HMAC_hash (secret, A(2)||seed) ||

HMAC_hash (secret, A(3)||seed) ||

Alert Codes:

• TLS support all of alert codes defined in SSLv3 with the exception of no_certificate

• A number of additional codes defined in TLS; the following:

1. Decryption _failed

2. Record_overflow

3. Unknown_ca

4. Access_denied

5. Decode_error

6. Export_restriction

7. Protocol_version

8. Insufficient_security

9. Internal_error

Cipher Suites:

There are several small difference between Cipher Suites available under SSLv3 and under TLS:

• Key Exchange

• Symmetric Encryption Algorithm

Client Certificate Types:

• TLS defines following certificate types to be requested in a certificate_request message:o rsa_sign

o dss_sign

o rsa_fixed_dh

o dss_fixed_dh

• SSlv3 includes rsa_ephemeral, dss_ephemeral_dh and fortezza_kea

• TLS does not include fortezza scheme

Certificate_Verify and Finished Message:

• TLS certificate_verify message, the MD5 and SHA-1 hashes are calculated only over handshake_messages

• Hash calculation also include master secret and pads

• TLS finished message is a hash based on shared master_secret, the previous handshake message, and label that identifies client or server

Cryptographic computations:

• The pre_master_secret for TLS is calculated in the same way as in SSLv3

• In SSLv3, the master secret in TLS is calculated as a hash function of pre_master_secret and two hello random numbers

• TLS calculation is different from that of SSLv3 and is defined:

master_secret=PRF(pre_master_secret. “master secret”,

ClientHello.random || ServerHello.random)

Padding:

• In TLS, the padding can be any amount that result in a total that is a multiple of the cipher’s block length, up to maximum of 255 bytes

• In SSL, the padding added prior to encryption of user data is the minimum amount required so that total size of the data to be encrypted is a multiple of the cipher’s block length

SECURE ELECTRONIC

TRANSACTION

(SET)

Secure Electronic Transactions (SET):

• An open encryption and security specification.

• Protect credit card transaction on the Internet.

• Companies involved:o MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign

• Not a payment system.

• Set of security protocols and formats.

SET Services:

• Provides a secure communication channel in a transaction.

• Provides tust by the use of X.509v3 digital certificates.

• Ensures privacy.

SET Overview:

• Key Features of SET:

o Confidentiality of informationo Integrity of datao Cardholder account

authenticationo Merchant authentication

A good way to begin of SET is to look at the business requirement for SET, its key features, and participants in SET transaction

SET Participants:

Sequence of events for transactions:

1. The customer opens an account.2. The customer receives a certificate.3. Merchants have their own certificates.4. The customer places an order. 5. The merchant is verified.6. The order and payment are sent.7. The merchant request payment

authorization.8. The merchant confirm the order.9. The merchant provides the goods or

service.10. The merchant requests payments.

Dual Signature:

Payment processing:

Cardholder sends Purchase Request

Payment processing:

Merchant Verifies Customer Purchase Request

Payment processing:

• Payment Authorization:o Authorization Requesto Authorization Response

• Payment Capture:o Capture Requesto Capture Response

Ending Words…• Describes considerations of Web Security

• Presented Web security threats and approaches for web traffic security.

• Then focus on two standardized schemes that are becoming increasingly important as part of Web Commerce: SSL/TLS and SET.

Q’s and A’s