JEPPIAAR ENGINEERING COLLEGE

UNIT 5
WEB SECURITY
E-mail Security: Security Services for E-mail-attacks possible through E-mail - establishing
keys privacy-authentication of the source-Message Integrity-Non-repudiation-Pretty Good
Privacy-S/MIME.
IPSecurity: Overview of IPSec - IP and IPv6-Authentication Header-Encapsulation Security
Payload (ESP)-Internet Key Exchange (Phases of IKE, ISAKMP/IKE Encoding).
Web Security: SSL/TLS Basic Protocol-computing the keys- client authentication-PKI as
deployed by SSLAttacks fixed in v3- Exportability-Encoding-Secure Electronic Transaction
(SET).

EMAIL SECURITY:
• E-mail is one of the most widely used and regarded network services
• Grows a demand for Authentication and confidentiality services.
• These two services are achieved by 2 approaches
– PGP
– S/MIME
PRETTY GOOD PRIVACY (PGP):
• Open source, freely available software package for secure e-mail security.
• de facto standard for secure email
• developed by Phil Zimmermann
• selected best available cryptographic algorithms to use
• Runs on a variety of platforms like Unix, PC, Macintosh and other systems
• originally free (now also have commercial versions available)
Operational Description:
• Consists of five services:
– Authentication
– Confidentiality
– E-mail compatibility
– segmentation
Authentication:
1. sender creates message
2. Generates a digital signature for the message
3. use SHA-1 to generate 160-bit hash of message
4. signed hash with RSA using sender's private key, and is attached to message
5. receiver uses RSA with sender's public key to decrypt and recover hash code
6. receiver verifies received message using hash of it and compares with decrypted hash
code
JEPPIAAR ENGINEERING COLLEGE

Confidentiality:
1. Sender generates a message and encrypts it.
2. Generates a128-bit random number as session key
3. Encrypts the message using CAST-128 / IDEA / 3DES in CBC mode with session key
4. session key encrypted using RSA with recipient's public key and attached to the msg
5. receiver uses RSA with private key to decrypt and recover session key
6. session key is used to decrypt message

Confidentiality & Authentication:

• can use both services on the same message
– create signature & attach it to the message
– encrypt both message & signature
– attach RSA/ElGamal encrypted session key
This sequence is preferred because
--one can store the plaintext message/file and its signature
--no need to decrypt the message/file again and again

Compression:
JEPPIAAR ENGINEERING COLLEGE

• PGP compresses messages to save space for e-mail transmission and storage
• by default PGP compresses message after signing but before encrypting
– so can store uncompressed message & signature for later verification
– Encryption after compression strengthens security (because compression has less
redundancy)
• uses ZIP compression algorithm

Email Compatibility:
• when using PGP will have binary data (8-bit octets) to send (encrypted message, etc)
• however email was designed only for text
• hence PGP must encode raw binary data into printable ASCII characters
• uses radix-64 algorithm
– maps 3 bytes to 4 printable chars
– also appends a CRC
• PGP also segments messages if too big
(maximum length 50,000 octets)
Encoding binary data in radix64 format:

PGP Operation – Summary:

JEPPIAAR ENGINEERING COLLEGE

PGP Session Keys:

• need a session key for each message
– of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES
• uses random inputs taken from
-actual keys hit
-keystroke timing of a user
PGP Public & Private Keys:
• since many public/private keys may be in use, need to identify which is actually used to
encrypt session key in a message
– could send full public-key with every message
– but this is inefficient
• rather use a key identifier based on key
– is least significant 64-bits of the key
– will very likely be unique
• also use key ID in signatures
PGP Message Format:
JEPPIAAR ENGINEERING COLLEGE

PGP Key Rings:

• each PGP user has a pair of keyrings:
– public-key ring contains all the public-keys of other PGP users known to this user,
indexed by key ID
– private-key ring contains the public/private key pair(s) for this user, indexed by
key ID & encrypted keyed from a hashed passphrase
• security of private keys thus depends on the pass-phrase security
PGP Message Generation:
JEPPIAAR ENGINEERING COLLEGE

PGP Message Reception:

Notations:
RNG – Random Number Generator
JEPPIAAR ENGINEERING COLLEGE

S/MIME:
• S/MIME(Secure/Multipurpose Internet Mail Extension)
– Security enhancement to the MIME
– Industry standard for commercial and organizational use, while PGP for personal
e-mail security
RFC 822
– The header and the body
– The header is separated from the body by a blank line
– A message is ASCII text
– Eg:
Date : Tue, 16 Jan 1998 10:37:17
From : “William Stallings” ws@shore.net
Subject: The Syntax in RFC 822
To: Smith@other-host.com
Cc: Jones@another-host.com
Hello. This section begins the actual message body, which is Delimited
from the message heading by a blank line
Limitations of the SMTP/822 scheme
– Cannot transmit executable files or other binary objects
– Cannot transmit text data that includes national language characters(8-bit codes),
822 is limited to 7-bit ASCII
– SMTP servers may reject mail message over a certain size etc.,
– MIME is intended to resolve these problems
– Five new message header fields are defined
– A number of content format are defined
– Transfer encodings are defined
MIME - Five header fields:
• MIME-Version - Must have the parameter value 1.0. This field indicates that the
message conforms to RFCs 2045 and 2046.
• Content-Type - Describes the data contained in the body with sufficient detail
JEPPIAAR ENGINEERING COLLEGE

•
Content-Transfer-Encoding - Indicates the type of transformation that has been
used to represent the body of the message in a way that is acceptable for mail
transport.
• Content-ID - Used to identify MIME entities uniquely in multiple contexts
• Content-Description - A text description of the object with the body; this is
useful when the object is not readable (e.g., audio data).
MIME Content Types:
– Provides standardized ways of dealing with a wide variety of information
representations in a multimedia environment
– Ex)
From : Nathaniel Borenstein <nsb@bellcore.com>
To: Smith@other-host.com
Subject: Sample message
MIME-Version: 1.0
Content-type: multipart/alternative;boundary=boundary42
--boundary42
Content-type: text/plain; charset=us-ascii
--boundary42

MIME Transfer Encodings

– A definition of transfer encodings for message bodies
– Provide reliable delivery across the largest range of environments
JEPPIAAR ENGINEERING COLLEGE

Canonical Form:
– Appropriate to the content type, that is standardized for use between systems
– Contrast to native form, which is a format that may be peculiar to a particular
system.

S/MIME Functionality:
• Enveloped data
• Signed data
• Clear-signed data
• Signed and enveloped data
Enveloped data
• Consists of encrypted content of any type and encrypted-content encryption
keys for one or more recipients.
JEPPIAAR ENGINEERING COLLEGE

Signed data
• A digital signature is formed by taking the message digest of the content to be
signed and then encrypting that with the private key of the signer
• The content plus signature are then encoded using base64 encoding
• A signed data message can only be viewed by a recipient with S/MIME capability
Clear-signed data
• Only the digital signature is encoded using base64
• Recipients without S/MIME capability can view the message content, although
they cannot verify the signature
Signed and enveloped data
• Signed-only and encrypted-only entities may be nested
• Encrypted data may be signed and signed data or clear-signed data may be
encrypted
S/MIME Message:
• Represented in BER(Basic Encoding Rules)
– ITU-T Recommendation X.209
– Arbitrary octet string
– Transfer encoded with base64 in the outer MIME message

IP SECURITY:
• The Architecture deals with the general concepts, definitions, mechanism etc.,
• IPSec Services
– Access control
– Data origin authentication
– Confidentiality( encryption) etc.,
SA( Security Associations)
– Key concept for IPSec
– One-way relationship between a sender and a receiver
– Identified by three Parameters
• Security parameters Index(SPI)
• IP Destination Address
JEPPIAAR ENGINEERING COLLEGE

• Security Protocol Identifier

Transport Mode
– Protection extents to the payload to an IP packet
– It is used for end-to-end communication
Tunnel Mode
– Provides protection to the entire IP packet
– A new outer IP header

Authentication Header (AH):

• Provides support for data integrity and authentication of IP packets

• Next Header(8bits)
– Identifies the type of header immediately following this header
• Payload Length(8bits)
– Length of AH in 32-bit words minus 2
• Reserved(16bits)
• Security Parameters Index(32bits)
– Identifies a security association
• Sequence Number(32bits)
– A monotonically increasing counter value
• Authentication Data(variable)
– Contains ICV( Integrity Check value) or MAC
Transport mode and Tunnel mode:
JEPPIAAR ENGINEERING COLLEGE

Encapsulating Security Payload (ESP):

 Provides confidentiality services
JEPPIAAR ENGINEERING COLLEGE

• Security Parameters Index(32bits)

– Identifies a security association
• Sequence Number(32bits)
– A monotonically increasing counter value
• Payload Data(variable)
– Transport-level segment or IP packet
• Padding(0-255bytes)
• Pad Length(8bits)
– the number of pad bytes immediately preceding
• Next Header(8bits)
– Identifies the type of data contained in the payload data field by identifying the
first header in that payload
• Authentication Data(variable)
– Contains ICV computed over the ESP packet
Encryption and Authentication Algorithm:
• Encryption
– Three-key triple DES
– RC5
– IDEA
– Three-key triple IDEA
– CAST
– Blowfish
• Authentication
– HMAC-MD5-96
– HMAC-SHA-1-96
Transport mode versus Tunnel mode:
JEPPIAAR ENGINEERING COLLEGE

Key Management:
• Determination and distribution of secret keys
– Manual
• Practical for small, relatively static environments
– Automated
• On-demand creation of keys in large distributed system
• ISAKMP(Internet Security Association and Key Management Protocol)

WEB SECURITY
Virtually all businesses, most governments agencies, and many individuals now have
Web sites, the number of sites expanding rapidly. As a result, businesses are setting up facilities
on the web for electronic commerce. This explosive growth of the Internet and the World Wide
Web has brought with it a need to securely protect sensitive communications sent over this open
network.
SSL / TLS
SSL (Secure Socket Layer):
• SSL provides security services between TCP and application that use TCP.
• The internet standard version is called transport layer service(TLS).
SSL Architecture:
• It is a layer of protocol use TCP to provide reliable end to end secure service.
3 layers of SSL
• Handshake protocol
• Change cipher spec protocol
• Alert protocol
SSL architecture:
Two important SSL concepts
• SSL connection
– a peer-to-peer, communications link
– associated with a session
JEPPIAAR ENGINEERING COLLEGE

• SSL session
– an association between client & server
– created by the Handshake Protocol
– define a set of cryptographic parameters
SSL Protocol stack:

SSL change cipher specification protocol:

• one of 3 SSL specific protocols which use the SSL record protocol
• a single message
• causes pending state to become current
SSL alert protocol:
• conveys SSL-related alerts to peer entity
• specific alert
• unexpected message, bad record mac, decompression failure, handshake
failure, illegal parameter
• compressed & encrypted like all SSL data
SSL handshake protocol:
Phase 1
CèS: Client hello (to establish security enhancement capabilities)
– random challenge, which algorithms are supported
– server chooses encryption, compression algorithms
Sè C: Server hello:
– acknowledges algorithms
– established random connection id
Phase 2
Sè C: Server certificate
– server returns a X.509 certificate chain
JEPPIAAR ENGINEERING COLLEGE

Phase 3
• Client key exchange
JEPPIAAR ENGINEERING COLLEGE

– client verifies certificate chain against that in web browser

– if not in list of CAs, may trust the new certificate
– client generates 48 byte pre-secret
CèS: session key exchange
SèC
Phase 4:
• Finished message exchange, encrypted with session key
– verifies success of key exchange and authentication processes
Phase 5
• Now encrypted application data exchanged between C, S