CHAPTER - 6

Web Security

1
 Outline

• Secured Socket Layer (SSL)

• Transport Layer Security (TLS)
• Kerberos
• Secured Electronic Transaction (SET)

2
 Web Security
Key Points
•Secure socket layer (SSL) provides security services between
TCP and applications that use TCP.
•The Internet standard version is called transport layer
service (TLS).
•SSL/TLS provides confidentiality using symmetric encryption
and message integrity using a message authentication code.
•Kerberos is an authentication service designed for use in a
distributed environment.
•Secure electronic transaction (SET) is an open encryption
and security specification designed to protect credit card
transactions on the Internet
3
 Web Security

• Web now widely used by business, government,

individuals
• However, Internet & Web are vulnerable
• have a variety of threats
– integrity
– confidentiality
– denial of service
– authentication
• need added security mechanisms
4
 OWASP
• What is OWASP?
– OWASP stands for the Open Web Application Security Project, an online
community that produces articles, methodologies, documentation, tools, and
technologies in the field of web application security.

• What is the OWASP Top 10?

– OWASP Top 10 is the list of the 10 most common application vulnerabilities.
– It also shows their risks, impacts, and countermeasures.
– Updated every three to four years, the latest OWASP vulnerabilities list was
released in 2021.

5
 The Top 10 OWASP vulnerabilities in
2021
• Injection
• Broken authentication
• Sensitive data exposure
• XML external entities (XXE)
• Broken access control
• Security misconfigurations
• Cross site scripting (XSS)
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
6
OWASP Top Ten Web Application Risks
OWASP Top ten 2010
 Types of Web threats and countermeasures
Threats Consequences Countermeasures
Integrity • Modification of user • Loss of Cryptographic
data information checksums
• Trojan horse browser • Compromise of
• Modification of machine
memory • Vulnerability to
• Modification of all other
message traffic in threats
transit
Confidentiality • Eavesdropping on the • Loss of • Encryption
Net information • Web proxies
• Theft of info from • Loss of privacy
server
• Theft of data from
client
• Info about network
configuration
• Info about which
9
client talks to server
 Types of Web threats and counter measures
Threats Consequences Countermeasures
DoS • Killing of user threads • Disruptive Difficult to prevent
• Flooding machine • Annoying
with bogus requests • Prevent user
• Filling up disk or from getting
memory work done
• Isolating machine by
DNS attacks
Authentication • Impersonation of • Misrepresentat Cryptographic
legitimate users ion of user techniques
• Data forgery • Belief that
false
information is
valid

10
 Web Security
• Types of threats faced in using the Web can also be
classified in terms of the location of the threat:
- Web server (computer system security)
- Web browser (computer system security)
- Network traffic between browser and server (network security)

• Web security (Web traffic security) mainly falls into the

category of Network traffic security
• Different Web security approaches provide similar services
but differ with respect to their scope of applicability and
their relative location in the TCP/IP protocol stack
11
 Web Security
• Security facilities in the TCP/IP protocol stack

12
 Web Security
• Use of IP Security (IPSec)
- Transparent to applications
- Provide general purpose solution
- Provides filtering capability
• Security just above TCP
- SSL: Secure Socket Layer
- TLS: Transport Layer Security
- SSL/TLS could be provided as part of the underlying protocol suite
=> Transparent to applications
- Alternatively, can be embedded into applications
• Example: Netscape and Microsoft Explorer browsers are
equipped with SSL
• Application specific security services
- Embedded within specific application
- Best examples are SET (Secure Electronic Transaction) on top of
HTTP and MIME on SMTP. 13
 Web Security: Secure Channels
• Encrypted Traffic may use
– Symmetric Key
– Public/Private Key
• Negotiated Secure Session
– Secure Socket Layer (SSL)
– Transport Layer Security (TLS)
– SSL or TLS provides the following services
• Authenticate users and servers
• Encryption to hide transmitted data - symmetric or asymmetric
• Integrity to provide assurance that data has not been altered during
transmission
– SSL or TLS require certificates to be issued by a CA
14
 Web Security: Secure Channels

• Internet Tunnels
– Virtual Private Network circuit across the Internet between
specified remote sites
– uses an encrypting router that automatically encrypts all
traffic that traverses the links of the virtual circuit

• Tunneling Protocols
– PPTP by Microsoft - http://www.microsoft.com
– Layer 2 Forwarding (L2F) by Cisco - http://www.cisco.com
– L2TP/IPSec(combines PPTP and L2F) - http://www.ietf.com
– SSTP (Secured Socket Tunneling Protocol)

15
 HTTPS (HTTP Secure)
• HTTPS uses cryptography with HTTP
– Alice, Bob have public, private keys; public keys
accessible via certificate authority (CA)
– Alice encrypts message with Bob’s public key,
signs message with her private key
– Bob decrypts message with his private key, verifies
message using Alice’s public key
– Once they “know” each other, they can
communicate via symmetric crypto keys

• HTTPS provides greater assurance than HTTP

16
 Secure Socket Layer (SSL)
Overview
•The SSL protocol (Secure Socket Layer) was developed by
Netscape to allow client/server applications to
communicate safely
•It is transport layer security service
•Uses TCP to provide a reliable end-to-end service
•SSL probably most widely used Web security mechanism.
•TLS (Transport Layer Security) is an evolution of SSL
proposed by the IETF.

17
 Secure Socket Layer (SSL)
• Secure Sockets Layer SSL is transport-layer protocol that
provides encryption technology for the web services.

• SSL ensures the secure transmission of data between a client

and a server through a combination of
- Privacy,
- authentication, and
- data integrity.
• SSL achieves these constraints of security through the
use of the following elements:
- Cryptography, key exchange
- Digital signature and
- Digital Certificates
18
 SSL…
• SSL is a secure data exchange protocol providing
– Privacy between two Internet applications
– Authentication of server (authentication of browser optional)
• Uses enveloping: RSA used to exchange DES keys
• SSL Handshake Protocol
– Negotiates symmetric encryption protocol, authenticates
• SSL Record Protocol
– Packs/unpacks records, performs encryption/decryption

19
 Secure Sockets Layer
• SSL Characteristics
– Operates at the TCP/IP transport layer
– Encrypts (decrypts) input from application (transport) layer
– Any program using TCP can be modified to use SSL connections
– SSL connection uses a dedicated TCP/IP socket (e.g. port 443
for https or port 465 for ssmtp)

HTTP SMTP POP3 HTTPS SSMTP SPOP3

80 25 110 443 465 995

SSL

Transport
Network 20
 Secure Sockets Layer
• SSL Characteristics…
– SSL is flexible in choice of which symmetric
encryption, message digest, and authentication
algorithms can be used
– When SSL client makes contact with SSL server
they try to pick strongest encryption methods
they have in common.
– SSL provides built in data compression
• compress first then encrypt

21
 Secure Sockets Layer
• SSL Characteristics…
– When SSL connection established browser-to-
server and server-to-browser communications are
encrypted.
– This includes:
• URL of requested document
• Contents of the document
• Contents of browser forms
• Cookies sent from browser to server
• Cookies sent from server to browser
• Contents of HTTP header…

22
 SSL Architecture

INITIALIZES SECURE
COMMUNICATION ERROR HANDLING

HANDLES COMMUNICATION
WITH THE APPLICATION

Protocols
INITIALIZES
COMMUNCATION
BETWEEN CLIENT &
HANDLES DATA SERVER
COMPRESSION
AND ENCRYPTION

23
 SSL Architecture
SSL
SSL consists
consists two
two layers
layers of protocols: SSL
of protocols: SSL Record
Record Protocol
Protocol
Layer and Upper
Layer and Upper Layer
Layer Protocols
Protocols..

• Handshake: Allows the

server and the client to
authenticate each other
and negotiate on MAC
algorithm and
Cryptographic key.
• Change Cypher Spec:
Allows pending state to be
copied into the current
state.
• Alert: Used to convey SSL
related alerts to the peer
entity. 24
 SSL…

• An SSL session is done in two steps:

– A handshake phase where client and server
authenticate each other (with X509 certificates), and
agree on a ciphering schema and the corresponding
key

– The communication itself where data exchanged are

compressed, encrypted and signed

25
 SSL Record Protocol
• Confidentiality
– using symmetric encryption with a shared
secret key defined by Handshake Protocol
– IDEA, RC2-40, DES, 3DES, RC4-40, RC4-
128
– message is compressed before encryption
• Message integrity
– using a MAC with shared secret key

• SSL Record Protocol defines these two

services for SSL connections.

26
SSL Record Protocol Operation

MAC - Message Authentication Code

27
SSL Record Format

•• Content
ContentType
Type(8bit):
(8bit):The
The
higher
higherlayer
layerprotocol
protocolused
usedtoto
process
processthetheenclosed
enclosed
fragment
fragment
•• Major/Minor
Major/Minorversion
version(8/8
(8/8bit)
bit)::
Indicates
Indicatesmajor/minor
major/minorversion
version
of
ofSSL
SSLininuse
use
•• Compressed
CompressedLengthLength(16
(16bit):
bit):
The
Thelength
lengthininbytes
bytesof
ofthe
the
plain
plaintext
textfragment
fragment
(compressed
(compressedfragment)
fragment)

28
 Cipher Suite
• For public-key, symmetric encryption and
certificate verification we need
– public-key algorithm
– symmetric encryption algorithm
– message digest (hash) algorithm
• This collection is called a cipher suite
• SSL supports many different suites
• Client and server must decide on which one to
use
• The client offers a choice; the server picks one

29
 Cipher Suites
INITIAL (NULL) CIPHER SUITE
SSL_NULL_WITH_NULL_NULL = { 0, 0 }

PUBLIC-KEY SYMMETRIC HASH

ALGORITHM ALGORITHM ALGORITHM

SSL_RSA_WITH_NULL_MD5 = { 0, 1 } CIPHER SUITE CODES USED

IN SSL MESSAGES
SSL_RSA_WITH_NULL_SHA = { 0, 2 }
SSL_RSA_EXPORT_WITH_RC4_40_MD5 = { 0, 3 }
SSL_RSA_WITH_RC4_128_MD5 = { 0, 4 }
SSL_RSA_WITH_RC4_128_SHA = { 0, 5 }
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0, 6 }
SSL_RSA_WITH_IDEA_CBC_SHA = { 0, 7 }
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0, 8 }
SSL_RSA_WITH_DES_CBC_SHA = { 0, 9 }
SSL_RSA_WITH_3DES_EDE_CBC_SHA = { 0, 10 }
 SSL Alert Protocol

 conveys SSL-related alerts to peer entity

 Severity level of the message
• warning or fatal
 specific alert
• fatal: unexpected message, bad record mac,
decompression failure, handshake failure, illegal
parameter
• warning: close notify, no certificate, bad certificate,
unsupported certificate, certificate revoked, certificate
expired, certificate unknown
 compressed & encrypted like all SSL data
31
 SSL Handshake Protocol
 allows server & client to:
 authenticate each other
 to negotiate encryption & MAC algorithms
 to negotiate cryptographic keys to be used

 comprises a series of messages in

phases
1. Establish Security Capabilities
2. Server Authentication and Key Exchange
3. Client Authentication and Key Exchange
4. Finish
32
 SSL Handshake Protocol…
• Establishing an SSL Connection
– The client (browser) opens a connection to server
port
– Browser sends “client hello” message. Client hello
message contains:
• version of SSL browser uses
• ciphers and data compression methods it supports
– The Server responds with a “server hello”
message. Server hello message contains
• session id
• the chosen versions for ciphers and data compression
methods.
33
 SSL Handshake Protocol…
• Establishing an SSL Connection…
– The server sends its certificate
• used to authenticate server to client
– Optionally the server may request client’s
certificate
– If requested, client will send its certificate of
authentication
• if client has no certificate then connection failure
– Client sends a “ClientKeyExchange” message
• symmetric session key chosen
• digital envelope is created using server’s public key and
contains the symmetric session key 34
 SSL Handshake Protocol…

• Establishing an SSL Connection…

– Optionally, if client authentication is used the client
will send a certificate verify message.
– Server and client send “ChangeCipherSpec” message
indicating they are ready to begin encrypted
transmission.
– Client and server send “Finished” messages to each
other
• These are a message digest of their entire conversation up
to this point.
• If the digests match then messages were received without
interference.
35
36
 Transport Layer Security
• The same record format as the SSL record format.
• Defined in RFC 2246.
• Similar to SSLv3.
• Differences in the:
– version number
– message authentication code
– pseudorandom function
– alert codes
– cipher suites
– client certificate types
– certificate_verify and finished message
– cryptographic computations
– padding

37
 Kerberos
• Kerberos is an authentication service designed for use in a
distributed environment.
• Kerberos makes use of a trusted third-part authentication service
that enables clients and servers to establish authenticated
communication.

Authentication: Three factors:

• something you have key, card
- can be stolen

• something you know passwords

- can be guessed, shared, stolen

• something you are biometrics

- costly, can be copied (sometimes) 38
 Authentication
Kerberos

• Users wish to access services on servers

• Three threats exist:
- User pretend to be another user (impersonation)
- User alter the network address of a workstation
- User eavesdrop on exchanges and use a replay attack

• Kerberos provides centralized authentication server to

authenticate clients to servers and servers to clients
- Relies on conventional encryption, making no use of public-key
encryption
- Two versions: version 4 and 5
- Version 4 makes use of DES
39
 What is Kerberos?
• Developed at M.I.T.
• A secret key based service for providing
authentication in open distributed networks
• Authentication mediated by a trusted 3rd party on
the network:
– Key Distribution Center (KDC)
– allows users access to services distributed through network
– without needing to trust all workstations
– rather all trust a central authentication server
• two versions in use: 4 & 5
40
 Kerberos: Platform support
• Windows 2000, XP, Server 2003 and Vista, 7,…
– Use Kerberos as their default authentication method
– Microsoft additions to the Kerberos suite of protocols
• Documented in RFC 3244
• "Microsoft Windows 2000 Kerberos Change Password and Set
Password Protocols“

• Microsoft uses the Kerberos protocol

– Does not use the MIT software

• Apple's Mac OS X uses Kerberos

– client and server versions
41
 Kerberos: Uses

The following software can use Kerberos for authentication:

•VMware ESX server
•CISCO routers and switches
•Coda file system
•Eudora
•MAC OS
•Microsoft windows (2000 and later) uses as default authentication
protocol
•Mulberry an e-mail client developed by Cyrusoft, Inc.
•NFS
•Oracle RDBMS
•SOCKS proxy
• Any Java based software (since 1.4.2) using JAAS/JGSS can use
Kerberos for security

42
 Kerberos: etymology

• The 3-headed dog that

guards the entrance to
Hades
• Those three heads in security:
AAA (Authentication,
Accounting, Audit)
• However in Kerberos the last
two heads never implemented

43
44
 Security Techniques/ Authentication
Kerberos…

 [Kerberos was named after Cerberus,

the three-headed dog of Greek
mythology, because of its three
components:]
• A Key Distribution Center (KDC), which is
a server that has two components: an
Authentication Server and a Ticket
Granting Service.
• The client (user)
• The server that the client wants to
access

45
 Kerberos Requirements
• security
– opponents should not be able to gain access to KDC
• reliability (availability)
– a Kerberos server or its substitute should be available all the time
• scalability
– system should be able to support large amount of users
• reliability and scalability imply a distributed architecture
• transparency
– users should see the system as a username/password system
 Kerberos 4 Overview

• a basic third-party authentication scheme (KDC)

• have an Authentication Server (AS)
– users initially negotiate with AS to identify self
– AS provides a non-corruptible authentication
credential (ticket granting ticket TGT)

• have a Ticket Granting server (TGS)

– users subsequently request access to other services
from TGS on basis of users TGT

47
 Kerberos v4 Dialogue
1. obtain ticket granting ticket from AS
• once per session
• AS knows the passwords of all users and stores in
centralized DB
• AS shares a unique secret key with each server

2. obtain service granting ticket from TGS

• for each distinct service required

3. client/server exchange to obtain service

• on every service request
48
 A Simple Authentication Dialogue
Message 1

(1) C -> AS : IDC || PC || IDV

– C = client
– AS = authentication server
– IDC = identifier of user on C
– PC = password of user on C
– IDV = identifier of server V
– C asks user for the password
– AS checks that user supplied the right password
49
 Message 2
(2) AS -> C : Ticket
• Ticket = E K(V) [IDC || ADC || IDV]
– K(V) = secret encryption key shared by AS and V
– ADC = network address of C
– Ticket cannot be altered by C or an adversary

Message 3
(3) C -> V: IDC || Ticket
– Server V decrypts the ticket and checks various fields
– ADC in the ticket binds the ticket to the network address of C
– However this authentication scheme has problems
50
Kerberos: How it works

51
 Kerberos Version 5

• developed in mid 1990’s

• provides improvements over v4
• specified as Internet standard RFC 1510

52
 Web Security
Secure Electronic Transactions (SET)
•An open encryption and security specification.
•Designed to protect credit card transaction on the
Internet.
•Companies involved:
- MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and
Verisign

•Not a payment system but enables users to employ the

existing credit card payment infrastructure on an open
network (Internet) in a secure manner.
•Set of security protocols and formats. 53
 Web Security…
SET services
•Provides a secure communication channel among all parties involved in a
transaction.

•Provides trust by the use of X.509v3 digital certificates.

•Ensures privacy because the information is only available to parties in a
transaction when and where necessary

• Key Features of SET:

- Provide confidentiality of information thru encryption (DES)
- Integrity of data thru digital signature (RSA using SHA-1)
- Cardholder account authentication thru DS and DC (X.509)
- Merchant authentication thru DS and DC 54
 Web Security…
• SET protocol supports all features of credit card
system
– Cardholder registration
– Merchant registration
– Purchase requests
– Payment authorizations
– Funds transfer (payment capture)
– Chargebacks (refunds)
– Credits
– Credit reversals
– Debit card transactions
• SET can manage
– real-time & batch transactions
– installment payments 55
 Web Security…
SET Participants
•Cardholder: Authorized holder of Payment Card
•Merchant: a person or org. that has goods to sell to the Cardholder.
•Issuer: Financial institution (such as bank) – connected with the Cardholder.
•Acquirer: Verifies that a card account is active and the proposed purchase
does not exceed the credit limit – Connected with the Merchant.

•Payment gateway: Operated by the acquirer or a designated third party that

processes merchant payment messages

•Certification Authority: Trusted entity to issue the X.509V3 public key

certificate for card holders, Merchants and payment gateways.

• The success of SET depends on CA.

56
 Web Security…
SET Participants

57
 Web Security…
SET (Sequence of events for transactions)
1.The customer opens a credit card account.
2.The customer receives a certificate, which is signed by the Bank.
3.Merchants have their own certificates.
4.The customer places an order.
5.The merchant is verified by sending a copy of its certificate.
6.The order and payment are sent to the merchant along with cus.cert
7.The merchant request payment authorization to payment gateway
8.The merchant confirm the order.
9.The merchant provides the goods or service.
10.The merchant requests payments, the request is sent to the payment
gateway, which handles all of the payment processing
58
59
 Web Security…
SET – Dual Signature
•Dual signature is an important innovation by SET
•Used to link two messages that are intended for two different recipients.
•The customer wants to send Order Information (OI) to the merchant and
Payment Information (PI) to the bank.
•Merchant – Does not need to know customer’s CC number.
•Bank – Does not need to know details of customer’s order.

Privacy!!

•The two items, however, must be linked somehow to prove that the
payment is intended for this order and not for some other goods or
services.
60
 Web Security…
• SET – Dual Signature (customer side)

DS = E(PRc, [H(H(PI)||H(OI)])

61
 Web Security…
SET – Dual Signature (Merchant side)
•Now suppose that the merchant is in possession of:
– the dual signature (DS),
– the OI, and
– the message digest for the PI (PIMD)
– The merchant also has the public key of the
customer, taken from the customer's certificate.
•Then the merchant can compute the quantities:
H(PIMD||H[OI]) ; D(PUc, DS)
•If these two quantities are equal, then the merchant has
verified the signature.
62
 Web Security…
SET – Dual Signature (Bank side)
•Similarly, if the bank is in possession of:
– DS, PI,
– the message digest for OI (OIMD), and
– the customer's public key, then the bank can compute:

H(H[OI]||OIMD) ; D(PUc, DS)

•Again, if these two quantities are equal, then the bank has verified
the signature.
Summary
1.The merchant has received OI and verified the signature.
2.The bank has received PI and verified the signature.
3.The customer has linked the OI and PI and can prove the linkage.
63
 Web Security…
SET payment processing
Cardholder Sends Purchase Request

64
 Web Security…
SET payment processing
Merchant Verifies Customer Purchase Request

det of
ails
for 7.3
n
llin ctio
S ta a d S e
gs
Re
65