Professional Documents
Culture Documents
Considerations
• The World Wide Web is • A Web server can be exploited as a
fundamentally a client/server launching pad into the corporation’s
application running over the Internet or agency’s entire computer complex
and TCP/IP intranets • Casual and untrained (in security
Chapter 5 • The following characteristics of Web
usage suggest the need for tailored
matters) users are common clients for
Web-based services
mingy
security tools:
Transport-Level Security ① • Web servers are relatively easy to
• Such users are not necessarily
aware of the security risks that
configure and manage exist and do not have the tools or
Web Security ② • Web content is increasingly easy to
_
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
% Ñ
I
provide security
in
authenticate
a "
stand
"
µ, , , ,µ , , µ , man µ a. ma
, , µ,
at ✓ mail
you
Dont
'
5 "
know
M
" µ C. if I secure this I secure the
www.t
,
above
from
0 -
①
Figure 5.1
=
Digit giturer
=
-
.
- .
-
?⃝
Transport Layer security ¥ .÷÷÷÷¥
TLS Architecture
(TSL) between
• One of the most widely used security services • Two important TLS concepts are: must
distinguish
them
confection Tessin
• TLS is an Internet standard that evolved from a commercial ☐ - ☐
• A transport that provides a suitable type of service
protocol known as Secure Sockets Layer (SSL) -
TLS ① •
•
For TLS such connections are peer-to-peer relationships
÷[gpµ
Connections are transient Temporary
•
_
, , _
connection
,
①# on , gg.gg, can µ agg , , ,µ, µ ,, µ, g,, , n , , ga , , ,
2
an over record protocol
go
'
=
• An association between a client and a server the
Q# what
is
to
session
connection
in
?
addition
- →
z
I t
following parameters: Ft l
following parameters:
An arbitrary byte sequence chosen by the →:÷÷--
Server and
#-)
• When a block cipher in
Session identifier server to identify an active or resumable • Byte sequences that are m%g%connections CBC mode is used, an
session state client chosen by the server and
client for each connection
initialization vector (IV) is one ;Y¥¥r
random maintained for each key decmp.gov
\
-
↳ %¥
"
trust
• This field is first initialized
"
to
An X509.v3 certificate of the peer; this
I need
with Initialization by the SSL Handshake
Peer certificate , .am
dealing Server
element of the state may be null
uno
• The secret key used in vectors Protocol key shaved by
:
write MAC
-
IF
Specifies the bulk data encryption algorithm MAC operations on data
sent by the client • Each party maintains
Cipher spec and a hash algorithm used for MAC secret separate sequence numbers
calculation; also defines cryptographic for transmitted and
attributes such as the hash_size • The secret encryption key received messages for each
Server for data encrypted by the connection
48-byte secret shared between the client and write key server and
= decrypted by the Sequence • When a party sends or
Master secret the server
-
client
-
numbers receives a change cipher
spec message, the
t
used to initiate new connections key the client and decrypted by • Sequence numbers may
the server not exceed 264 - 1
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
?⃝
•
one
Most important -
-
✓
adv of ?
Mac
' '
ma ma
encrypting
Message the
Confidentiality
integrity protect the mac and
massage
-1
you
add some headers
,O#whylneedheader
and send it to
you ① to how the
original
long
know
The Handshake The Handshake Tcp layer
Protocol defines a Protocol also defines a compressed massage
shared secret key that is shared secret key that is Figure 5.3 ③
used for conventional used to form a message
- - -
109
" how
" →
"
"" "
" " "" " "
"" ""
""
" " " "
"
"
"" " " "
"
"
""
"
thin and
algor
f-
and Mac
it to encryption
negotiate
an
states transmit ☆
-
to be used + °
protect
"
before application
complex • it used
transmitted
any
code
a
specific
contains -
a
decals
That in
code
✓
① value
warning /
gold
swirly
the
convey Massey
③ the
of
JOEL
Figure 5.4
-
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
No memorize -
¥i
☐
are other
trust each
shaded can we
optional
_
Table
Table 5.2 6.2 TLS Handshake Protocol Message Types
https://www.acunetix.com/blog/articles/establishing-tls-ssl-connection-part-5/
Figure5.6
Figure 6.6
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
Cryptographic
_
)
( initiated
value
-
←
Computations
¥!
• Two further items are of interest: re
"
• The shared master secret is a one-time 48-byte value generated for this
session by means of secure key exchange (RSA or Diffie-Hellman)
• CipherSpecs require a client write MAC secret, a server write MAC can
secret, a client write key, a server write key, a client write IV, and a youshow it
server write IV which are generated from the master secret in that order
-
• These parameters are generated from the master secret by hashing the
master secret into a sequence of secure bytes of sufficient length for all
needed parameters
how the 4
Q# explain first
hash
÷:::
Figure 5.7
© 2017 Pearson Education, Ltd., All rights reserved. -
I © 2017 Pearson Education, Ltd., All rights reserved.
see
the
master
by hashing
=
=
that available
Making connection
sure the is it
Attack categories
• A heartbeat protocol is typically used to monitor the availability
of a protocol entity I - I I ☆ • Attacks on the handshake
protocol
-
O
• It assures the sender that the recipient is still alive, even though there may
#
☆ • Attacks on the PKI
B • Other attacks
not have been any activity over the underlying TCP connection
◦
TF
• It generates activity across the connection during idle periods, which
avoids closure by a firewall that does not tolerate idle connections
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
=
?;:;!; HTTPS we need
toestabish
Connection
(HTTP over SSL) Initiation
of SSL
top
r
• A user of a Web browser will see URL addresses that begin with https:// rather
There are three levels of awareness
than http://
For HTTPS, the agent acting as the
-
of a connection in HTTPS:
HTTP client also acts as the TLS •• At the HTTP level, an HTTP client requests a Aga # Http
level
• If HTTPS is specified, port 443 is used, which invokes SSL client connection to an HTTP server by sending a
• The client initiates a connection to the server on
connection request to the next lowest layer
- -
:÷÷:"÷
i. by
• Documented in RFC 2818, HTTP Over TLS the appropriate port and then sends the TLS • Typically the next lowest layer is TCP, but it
ClientHello to begin the TLS handshake
-
may also be TLS/SSL contention
• There is no fundamental change in using HTTP over either SSL or TLS and both request
"
-
sending
• At the level of TLS, a session is established Tip
__ -
⑧g next layer
.
[
1-
- - - -
.
"
-
-
Protocol
)•wr
-
.
• A server may have multiple host keys using multiple different
__
asymmetric encryption algorithms swim
( of
• Multiple hosts may share the same host key
• The server host key is used during key exchange to
authenticate the identity of the host
• RFC 4251 dictates two alternative trust models:
•IT
The client has a local database that associates each host name
:(
÷names with the corresponding public host key risky ( DB hacked )
key • The host name-to-key association is certified by a trusted
in certification authority (CA); the client only knows the CA root
key and can verify the validity of all host keys certified by
-
two
Figure 5.8 -
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
To authenticate system uses public private key, where The server going to provide
# multiple ways of exchanging public private keys pairs with client , and also support
multiple asymmetric protocols
① we take the
payload
the application
coming
layer
Hello ① ᵗ
"
"
packet " ② optioning compress
every
÷
F÷÷:
can
I
-
so
② numbers
for
headers add it
we
encryption block size
Adu # generating a
✗ if Tcp no need *
= ③
÷;¥¥¥; effi
"
't
more
-
-
security
to achieve
igot
"
) attach
block
fit
-
to give
--
-
start
t%✓uiV
Figure 5.9 Figure 5.10
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
Table 5.3
Authentication
Methods
SSH
no
memorize Transport
Publickey
• The client sends a message to the server that contains the client’s public key,
with the message signed by the client’s private key
• When the server receives this message, it checks whether the supplied key is
Layer acceptable for authentication and, if so, it checks whether the signature is
correct
Cryptographic Password
** = Recommended machine
• Authentication is performed on the client’s host rather than the client itself
• This method works by = having the client send a signature created with the
private key of the client host
• Rather than directly verifying the user’s identity, the SSH server verifies the
identity of the client host
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
Connection
Protocol
ji "¥É%
①
:
@
• Channel mechanism
• All types of communication using SSH are supported using separate
channels " "
• Either side may open a channel who open the channel Sgcserver
can
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
I
Session
• The remote execution of a program run things
kt
• The program may be a shell, an application such as file transfer or e-mail, a system
-
to as SSH tunneling)
-
[ 0
Direct-tcpip
• Local port forwarding
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
?⃝
Summary
• Web security
• Transport Layer Security considerations
• TLS architecture • Web security threats
• TLS record protocol • Web traffic security
approaches
• Change cipher spec protocol
• Alert protocol • HTTPS
• Handshake protocol • Connection initiation
• Cryptographic computations • Connection closure
• Heartbeat protocol
• Secure shell (SSH)
• SSL/TLS attacks • Transport layer protocol
• TLSv1.3 • User authentication
protocol
Figure 5.12 • Communication protocol
© 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved.
an
is
there
example