Web Security

Considerations
• The World Wide Web is • A Web server can be exploited as a
fundamentally a client/server launching pad into the corporation’s
application running over the Internet or agency’s entire computer complex
and TCP/IP intranets • Casual and untrained (in security
Chapter 5 • The following characteristics of Web
usage suggest the need for tailored
matters) users are common clients for
Web-based services

mingy
security tools:
Transport-Level Security ① • Web servers are relatively easy to
• Such users are not necessarily
aware of the security risks that
configure and manage exist and do not have the tools or
Web Security ② • Web content is increasingly easy to
_

knowledge to take effective

countermeasures
develop
① • The underlying software is
☆
extraordinarily complex z÷:÷÷÷:÷
① • May hide many potential security
flaws

© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.

% Ñ
I

provide security
in

pµµ É" É☒ᵗ

to
① transparent to end users and applications " " °" "" "" " "
solution "%
and
provide general purpose
that
filtering capability only
so "
② includes
"

authenticate
a "

stand
"

µ, , , ,µ , , µ , man µ a. ma
, , µ,

at ✓ mail

you
Dont
'
5 "
know
M
" µ C. if I secure this I secure the

www.t
,

above
from
0 -
①

Figure 5.1

=
Digit giturer
=
-

.
- .

Table 5.1 A Comparison of Threats on the Web -

© 2017 Pearson Education, Ltd., All rights reserved.

-

-
?⃝
 Transport Layer security ¥ .÷÷÷÷¥

TLS Architecture
(TSL) between
• One of the most widely used security services • Two important TLS concepts are: must
distinguish
them
confection Tessin
• TLS is an Internet standard that evolved from a commercial ☐ - ☐
• A transport that provides a suitable type of service
protocol known as Secure Sockets Layer (SSL) -

TLS ① •
•
For TLS such connections are peer-to-peer relationships

÷[gpµ
Connections are transient Temporary

• TLS is implemented as a set of protocols that rely on TCP

connection
-

•
_

Every connection is associated with one session

I f

, , _
connection
,
①# on , gg.gg, can µ agg , , ,µ, µ ,, µ, g,, , n , , ga , , ,

2
an over record protocol
go
'

=
• An association between a client and a server the
Q# what
is

• Created by the Handshake Protocol of having

TLS session • Define a set of cryptographic security
parameters which
-
#
connections ( with
can be shared among multiple
) one session
-
advantage
a

to
session

connection
in

?
addition

- →

• Are used to avoid the expensive negotiation of avoid the

to
new security parameters for each connection
expensive negotiation
Figure 5.2
Q# can session has more than one
confection ?
true
© 2017 Pearson Education, Ltd., All rights reserved.

- A session state is defined by the A connection state is defined by the

z
I t

following parameters: Ft l
following parameters:
An arbitrary byte sequence chosen by the →:÷÷--
Server and
#-)
• When a block cipher in
Session identifier server to identify an active or resumable • Byte sequences that are m%g%connections CBC mode is used, an
session state client chosen by the server and
client for each connection
initialization vector (IV) is one ;Y¥¥r
random maintained for each key decmp.gov
\
-

↳ %¥
"
trust
• This field is first initialized
"

to
An X509.v3 certificate of the peer; this
I need
with Initialization by the SSL Handshake
Peer certificate , .am
dealing Server
element of the state may be null
uno
• The secret key used in vectors Protocol key shaved by
:

write MAC
-

MAC operations on data • The final ciphertext block

sent by the server IV
secret from each record is
preserved for use as the IV
The algorithm used to compress data prior
Compression method to encryption
E-
optional with the following record
Client write • The secret key used in
MAC

IF
Specifies the bulk data encryption algorithm MAC operations on data
sent by the client • Each party maintains
Cipher spec and a hash algorithm used for MAC secret separate sequence numbers
calculation; also defines cryptographic for transmitted and
attributes such as the hash_size • The secret encryption key received messages for each
Server for data encrypted by the connection
48-byte secret shared between the client and write key server and
= decrypted by the Sequence • When a party sends or
Master secret the server
-

client
-
numbers receives a change cipher
spec message, the
t

• The symmetric encryption appropriate sequence

is it fit to
A flag indicating whether the session can be Client write key for data encrypted by number is set to zero
Is resumable be resumed ?

used to initiate new connections key the client and decrypted by • Sequence numbers may
the server not exceed 264 - 1

© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
?⃝
 •

one

Most important -
-

TLS Record Protocol ex

-
HTTP

The TLS Record information into blocks called

Protocol provides Break the

them fragment
two services for efficient
to make the operation
TLS connections
more
compress

provide not easy

to
*"

✓
adv of ?
Mac
' '
ma ma
encrypting

Message the
Confidentiality
integrity protect the mac and
massage

-1
you
add some headers
,O#whylneedheader
and send it to
you ① to how the
original
long
know
The Handshake The Handshake Tcp layer
Protocol defines a Protocol also defines a compressed massage

shared secret key that is shared secret key that is Figure 5.3 ③
used for conventional used to form a message
- - -

encryption of TLS authentication code

payloads (MAC)
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.

109
" how
" →
"
"" "
" " "" " "
"" ""
""
" " " "
"
"
"" " " "
"
"
""
"
thin and
algor

f-
and Mac
it to encryption
negotiate
an

states transmit ☆
-

to be used + °

current states which cryptographic keys

dÑ
-

protect
"

update it to be used data is

-

before application
complex • it used
transmitted
any

code
a
specific
contains -
a

decals
That in
code

✓
① value
warning /
gold
swirly
the
convey Massey
③ the
of

Figure 5.5 TTLS ninny

Msg

JOEL
Figure 5.4
-

© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
 No memorize -

¥i
☐

are other
trust each
shaded can we

optional
_

Table
Table 5.2 6.2 TLS Handshake Protocol Message Types
https://www.acunetix.com/blog/articles/establishing-tls-ssl-connection-part-5/
Figure5.6
Figure 6.6
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.

Cryptographic
_

)
( initiated
value
-

←
Computations
¥!
• Two further items are of interest: re

"

• The creation of a shared master secret by means of the key exchange

-
:*
"

• The shared master secret is a one-time 48-byte value generated for this
session by means of secure key exchange (RSA or Diffie-Hellman)

• The generation of cryptographic parameters from the master secret a. .

• CipherSpecs require a client write MAC secret, a server write MAC can
secret, a client write key, a server write key, a client write IV, and a youshow it
server write IV which are generated from the master secret in that order
-

• These parameters are generated from the master secret by hashing the
master secret into a sequence of secure bytes of sufficient length for all
needed parameters
how the 4
Q# explain first
hash

÷:::
Figure 5.7
© 2017 Pearson Education, Ltd., All rights reserved. -
I © 2017 Pearson Education, Ltd., All rights reserved.
see

the
master
by hashing
 =
=

Heartbeat Protocol SSL/TLS Attacks

_

that available
Making connection
sure the is it

• A heartbeat is a periodic signal generated by hardware or software -

to indicate normal operation or to synchronize other parts of a

system
-
-

Attack categories
• A heartbeat protocol is typically used to monitor the availability
of a protocol entity I - I I ☆ • Attacks on the handshake
protocol
-

• The heartbeat protocol runs on top of the-0

TLS Record Protocol
• Consists of two message types: heartbeat_request and ☆ • Attacks on the record and
heartbeat_response
application data protocols
• The heartbeat serves two purposes:

O
• It assures the sender that the recipient is still alive, even though there may
#
☆ • Attacks on the PKI
B • Other attacks
not have been any activity over the underlying TCP connection

◦
TF
• It generates activity across the connection during idle periods, which
avoids closure by a firewall that does not tolerate idle connections

© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.

=
?;:;!; HTTPS we need
toestabish
Connection
(HTTP over SSL) Initiation
of SSL
top
r

• Refers to the combination of HTTP and SSL to implement secure

÷ communication between a Web browser and a Web server

• The HTTPS capability is built into all modern Web browsers

• A user of a Web browser will see URL addresses that begin with https:// rather
There are three levels of awareness
than http://
For HTTPS, the agent acting as the
-
of a connection in HTTPS:
HTTP client also acts as the TLS •• At the HTTP level, an HTTP client requests a Aga # Http
level

• If HTTPS is specified, port 443 is used, which invokes SSL client connection to an HTTP server by sending a
• The client initiates a connection to the server on
connection request to the next lowest layer
- -
:÷÷:"÷
i. by
• Documented in RFC 2818, HTTP Over TLS the appropriate port and then sends the TLS • Typically the next lowest layer is TCP, but it
ClientHello to begin the TLS handshake
-
may also be TLS/SSL contention
• There is no fundamental change in using HTTP over either SSL or TLS and both request
"

-
sending
• At the level of TLS, a session is established Tip
__ -
⑧g next layer
.

implementations are referred to as HTTPS

→
to the
• When the TLS handshake has finished, the

• When HTTPS is used, the following elements of the communication are

client may then initiate the first HTTP request
• All HTTP data is to be sent as TLS application
data
encrypted:
• URL of the requested document
between a TLS client and a TLS server
• This session can support one or more •*:÷
connections at any time
•• A TLS request to establish a connection begins neo
with the establishment of a TCP connection

[
1-
- - - -

encrypted • Contents of the document

an
between the TCP entity on the client side and
protected the TCP entity on the server side ↓
• Contents of browser forms
cnn.im
• Cookies sent from browser to server and from server to browser ¥:
of !g
time
• Contents of HTTP header
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
 Connection Closure Secure Shell (SSH)
• An HTTP client or server can indicate the closing of a connection
by including the line Connection: close in an HTTP record
SSH client and server
• The closure of an HTTPS connection requires that TLS close the applications are widely
available for most
connection with the peer TLS entity on the remote side, which operating systems
will involve closing the underlying TCP connection • Has become the method
of choice for remote login
and
# X tunneling
• TLS implementations must initiate an exchange of closure alerts • Is rapidly becoming one
of the most pervasive
before closing a connection applications for
encryption technology
• A TLS implementation may, after sending a closure alert, close the ii.÷!
-
A protocol for secure
network communications
☆
designed to be relatively
☆
simple and inexpensive to
implement
The initial version,
:
SSH1 was focused on
purpose providing a secure
remote logon facility to
replace TELNET and
other remote logon
schemes that provided

outside of embedded no security

systems
connection without waiting for the peer to send its closure alert,
generating an “incomplete close”
" SSH2 fixes a number of 0 SSH also provides a
• An unannounced TCP closure could be evidence of some sort of security flaws in the more general
attack so the HTTPS client should issue some sort of security original scheme client/server capability
and can be used for
warning when this occurs • Is documented as a
proposed standard in such network functions
as file transfer and e-
=
IETF RFCs 4250 through
4256 mail
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.

(÷¥÷÷¥÷¥÷÷%a Transport Layer

.

.
"

-
-
Protocol

)•wr
-

• Server authentication occurs at the transport layer, based on

± ±
in .

the server possessing a public/private key pair -

.
• A server may have multiple host keys using multiple different

__
asymmetric encryption algorithms swim

( of
• Multiple hosts may share the same host key
• The server host key is used during key exchange to
authenticate the identity of the host
• RFC 4251 dictates two alternative trust models:
•IT
The client has a local database that associates each host name

:(
÷names with the corresponding public host key risky ( DB hacked )
key • The host name-to-key association is certified by a trusted
in certification authority (CA); the client only knows the CA root
key and can verify the validity of all host keys certified by
-

two

=p way accepted CAs

_

Figure 5.8 -

© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.

To authenticate system uses public private key, where The server going to provide
# multiple ways of exchanging public private keys pairs with client , and also support
multiple asymmetric protocols
 ① we take the
payload
the application
coming
layer
Hello ① ᵗ
"
"
packet " ② optioning compress
every
÷
F÷÷:
can
I
-
so

② numbers
for
headers add it
we
encryption block size

Adu # generating a

mac and I include

it

✗ if Tcp no need *

③I take this encrypt

and ④ generate
mac
part
-

= ③
÷;¥¥¥; effi
"
't
more
-
-

security
to achieve
igot
"
) attach

block
fit
-

to give
--
-

start
t%✓uiV
Figure 5.9 Figure 5.10
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.

Table 5.3
Authentication
Methods
SSH
no
memorize Transport
Publickey

• The client sends a message to the server that contains the client’s public key,
with the message signed by the client’s private key
• When the server receives this message, it checks whether the supplied key is
Layer acceptable for authentication and, if so, it checks whether the signature is
correct

Cryptographic Password

• The client sends a message containing a plaintext password, which is

protected by encryption by the Transport Layer Protocol
Algorithms
don't want to authenticate the I want to authenticate the machine
* = Required Hostbased I user ,

** = Recommended machine
• Authentication is performed on the client’s host rather than the client itself
• This method works by = having the client send a signature created with the
private key of the client host
• Rather than directly verifying the user’s identity, the SSH server verifies the
identity of the client host

© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
 Connection
Protocol
ji "¥É%
①
:

• The SSH Connection Protocol runs on top of the SSH Transport

Layer Protocol and assumes that a secure authentication
connection is in use '%a
• The secure authentication connection, referred to as a tunnel, is used
by the Connection Protocol to multiplex a number of logical channels
Jaws
-

@
• Channel mechanism
• All types of communication using SSH are supported using separate
channels " "

• Either side may open a channel who open the channel Sgcserver
can

• For each channel, each side associates a unique channel number

• Channels are flow controlled using a window mechanism
F -

• No data may be sent to a channel until a message is received to

indicate that window space is available →
send
so I
massage
can a

• The life of a channel progresses through- three stages: opening a

channel, data transfer, and closing a channel Figure 5.11

© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.

Channel Types Port Forwarding

Four channel types are recognized in the SSH Connection Protocol specification
• One of the most useful features of SSH

I
Session
• The remote execution of a program run things
kt
• The program may be a shell, an application such as file transfer or e-mail, a system
-

command, or some built-in subsystem

• Provides the ability to convert any insecure TCP
connection into a secure SSH connection (also referred
• Once a session channel is opened, subsequent requests are used to start the remote
program
-

to as SSH tunneling)
-

X11 • Incoming TCP traffic is delivered to the appropriate

• Refers to the X Window System, a computer software system and network protocol that
provides a graphical user interface (GUI) for networked computers application on the basis of the port number (a port is
=
• X allows applications to run on a network server but to be displayed on a desktop
machine
-
an identifier of a user of TCP)

Forwarded-tcpip • An application may employ multiple port numbers

•no
Remote port forwarding

[ 0
Direct-tcpip
• Local port forwarding
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
?⃝
 Summary
• Transport Layer Security
• TLS architecture
• TLS record protocol
• Change cipher spec protocol
• Alert protocol
• Handshake protocol
• Cryptographic computations
• Heartbeat protocol
• SSL/TLS attacks
• TLSv1.3
Figure 5.12
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
an
is
there
example
• Web security
considerations
• Web security threats
• Web traffic security
approaches
• HTTPS
• Connection initiation
• Connection closure
• Secure shell (SSH)
• Transport layer protocol
• User authentication
protocol
• Communication protocol