1 / 29

Web Security

Web Security. CS598MCC Spring 2013 Yiwei Yang. Definition a set of procedures, practices, and technologies for assuring the reliable, predictable operation of web servers, web browsers, other programs that communicate with web servers, and the surrounding Internet infrastructure.

ciel
Télécharger la présentation

Web Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Security CS598MCC Spring 2013 Yiwei Yang

  2. Definition a set of procedures, practices, and technologies for assuring the reliable, predictable operation of web servers, web browsers, other programs that communicate with web servers, and the surrounding Internet infrastructure.

  3. Web Browser • Three components Web Server Data in transit

  4. Privacy issue with web browser • Where does information leak out? 1. Provided by users (registration form) 2. Log files - Web logs (IP, time, requested URL, browser type, username if authentication is used …) proxy servers can obscure web log - Mail logs (from, to, …) - DNS logs (name, IP, query…) - RADIUS logs

  5. Privacy issue with web browser • Where does information leak out? 3. Web bugs <imgsrc=“ … “width=1 height=1 border=0 /> outsourced web site monitoring 4. Cookie - user’s actual data - a number of codes that key into a database that resides at the web provider

  6. Privacy issue with web browser • Attacks related with cookies 1.XSS(Cross-site scripting) - Nonpersistent - Persistent Prevention - Better cookie handling - Disable the script

  7. Privacy issue with web browser • Attacks related with cookies 2. CSRF(Cross-Site Request Forgery) - belongs to Deputy attack - carried out attack from userhimself Prevention - Better cookie handling - Authentication for each operation - Random number

  8. RADIUS(Remote Authentication Dial In User Service ) • Application layer client/server protocol on top of UDP • Authentication, Authorization, Accounting (AAA) • RADIUS Server - daemon process running on Unix or Window NT machine • RADIUS Client - access server(gateway) that control access to network( RAS, NAS, VPN server)

  9. Radius Packet format

  10. Authentication and Authorization 1.User initiates authentication to the NAS. 2.NAS prompts for username and password. 3.User replies. 4.RADIUS client sends username and encrypted password to the RADIUS server. 5.RADIUS server responds with Accept, Reject, or Challenge. 6.The RADIUS client acts upon services and services parameters bundled with Accept or Reject.

  11. Authentication and Authorization • Client sends out access-request packet - request authenticator is a random 16 octet string - password is encrypted p is divided into p1,p2,…..pnwhere pi is a 16-octet block c1 = p1 XOR MD5(S || request authenticator ) c2 = p2 XOR MD5(S || c1 ) ……. cn = pn XOR MD5(S || cn-1) - sent to port 1812 of server

  12. Authentication and Authorization • Server received the packet • Drop it if no shared secret • Otherwise authenticate the user - access-accept( parameters used for this session including access list to apply) - access-reject - access-challenge response authenticator = MD5 (code || ID|| length|| request authenticator|| attributes || s) • Send out the packet to client

  13. Authentication and Authorization • Client drop the packet if it doesn’t have corresponding identifier or calculation on response authenticator doesn’t match • Otherwise the user is authenticated if received access-accept • What can go wrong?

  14. Attacks on RAIDUS • Response Authenticator Based Shared Secret Attack • User-Password Attribute Based Shared Secret Attack • User-Password Based Password Attack • Active User-Password Compromise through Repeated Request Authenticators • We need to secure the traffic

  15. Accounting

  16. Secure Network Connection Cryptographic protocol • Offline encryption communication protocol -PGP/OpenPGP, S/MIME • Online encryption communication protocol -SSL, IPsec, Kerberos, SET, SSH

  17. SSL(Secure Sockets Layer)

  18. SSL Record Protocol

  19. Handshake Protocol: Phase 1 and 2

  20. SSL: Handshake Round 1 { vC || r1 || s1 || ciphers || comps } Client Server {v || r2 || s1 || cipher || comp } Client Server vC Client’s version of SSL v Highest version of SSL that Client, Server both understand r1, r2 nonces (timestamp and 28 random bytes) s1 Current session id (0 if new session) ciphers Ciphers that client understands comps Compression algorithms that client understand cipher Cipher to be used comp Compression algorithm to be used

  21. SSL: Handshake Round 2 {certificate } Client Server {mod || exp || SigS(h(r1 || r2 || mod || exp)) } Client Server {ctype || gca } Client Server {er2 } Client Server Note: if Server not to authenticate itself, only last message sent; third step omitted if Server does not need Client certificate kS Server’s private key ctype Certificate type requested (by cryptosystem) gca Acceptable certification authorities er2 End round 2 message

  22. Handshake Protocols: Phases 3 and 4

  23. SSL: Handshake Round 3 { client_cert } Client Server { pre }PubS Client Server Both Client, Server compute master secret master: master = MD5(pre || SHA(‘A’ || pre || r1 || r2) || MD5(pre || SHA(‘BB’ || pre || r1 || r2) || MD5(pre || SHA(‘CCC’ || pre || r1 || r2) { h(master || opad || h(msgs || master | ipad)) } Client Server msgs Concatenation of previous messages sent/received this handshake opad, ipad As above

  24. SSL: Handshake Round 4 Client sends “change cipher spec” message using that protocol Client Server { h(master || opad || h(msgs || 0x434C4E54 || master || ipad )) } Client Server Server sends “change cipher spec” message using that protocol Server Client { h(master || opad || h(msgs || 0x53525652 || master | ipad)) } Client Server msgs Concatenation of messages sent/received this handshake in previous rounds (does notinclude these messages) opad, ipad, master As above

  25. SSL • What does SSL provide us? - Data integrity, Confidentiality - Authentication(handshake) • Limitation on SSL - doesn’t work with connection less protocol - doesn’t support non-repudiation - doesn’t protect the application itself - general-purpose data security • Misuse of SSL

  26. TLS(Transport Layer Security) • SSL 3.0 served as the basis for TLS 1.0(SSL 3.1) • Slightly different from SSL - Message Authentication (HMAC) - key derivation - Finished -Alert protocol message type

  27. Secure Web Server • Based on CIA, what do we need to secure? • Three steps to secure server 1. Host security 2. Secure web service 3. Examine interaction between OS and web service

  28. References • RADIUS http://en.wikipedia.org/wiki/RADIUS http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800945cc.shtml • SSL https://wiki.engr.illinois.edu/download/attachments/202934655/ssl-ipsec.pdf?version=1&modificationDate=1348193253000

  29. Thank you!

More Related