Web Security

The World Wide Web is widely used by businesses, government agencies, and many
individuals. But the Internet and the Web are extremely vulnerable to compromises of various
sorts, with a range of threats
 integrity
 confidentiality
 denial of service
 authentication
Secure Socket Layer (SSL)
 SSL probably most widely used Web security mechanism.
 It is implemented at the Transport layer; IPSec at Network layer; or various Application
layer mechanisms eg. S/MIME & SET (later).
 SSL is designed to make use of TCP to provide a reliable end-to-end secure service.
 SSL has two layers of protocol.

SSL Architecture

 The SSL Record Protocol provides basic security services to various higher-layer
protocols.
 Hypertext Transfer Protocol (HTTP), provides the transfer service for Web
client/server interaction, can operate on top of SSL.
 Three higher-layer protocols are also defined as part of SSL:
 the Handshake Protocol.
 Change Cipher Spec Protocol.
 Alert Protocol.
 These SSL-specific protocols are used in the management of SSL exchanges.

Two important SSL concepts are the SSL connection and the SSL session:

 Connection: A connection is a network transport that provides a suitable type of service,

such connections are transient, peer-to-peer relationships, associated with one session
 Session: An SSL session is an association between a client and a server, created by the
Handshake Protocol.
o Sessions define a set of cryptographic security parameters, which can be
shared among multiple connections.
o Sessions are used to avoid the expensive negotiation of new security
parameters for each connection.
1. SSL Record Protocol defines two services for SSL connections:

 Message Integrity: The Handshake Protocol also defines a shared secret key that is used
to form a message authentication code (MAC), which is similar to HMAC
 Confidentiality: The Handshake Protocol defines a shared secret key that is used for
conventional encryption of SSL payloads. The message is compressed before being
concatenated with the MAC and encrypted, with a range of ciphers being supported as
shown.
Figure below shows the overall operation of the SSL Record Protocol.

The Record Protocol takes an application message to be transmitted, fragments the data into
manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header,
and transmits the resulting unit in a TCP segment. Received data are decrypted, verified,
decompressed, and reassembled and then delivered to higher-layer applications.

2. SSL Change Cipher Spec Protocol

The Change Cipher Spec Protocol is one of the three SSL-specific protocols that use the
SSL Record Protocol, and it is the simplest, consisting of a single message. Its purpose is to
cause the pending state to be copied into the current state, which updates the cipher suite to be
used on this connection.
3. SSL Alert Protocol
The Alert Protocol is used to convey SSL-related alerts to the peer entity. As with other
applications that use SSL, alert messages are compressed and encrypted, as specified by the
current state.
Each message in this protocol consists of two bytes, the first takes the value warning(1)
or fatal(2) to convey the severity of the message. The second byte contains a code that
 indicates the specific alert. The first group shown are the fatal alerts, the others are
warnings.
4. SSL Hand Shake Protocol
This protocol allows the server and client to authenticate each other and to negotiate an
encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an
SSL record. The Handshake Protocol consists of a series of messages exchanged by client
and server, which can be viewed in 4 phases:
• Phase 1. Establish Security Capabilities - this phase is used by the client to initiate a
logical connection and to establish the security capabilities that will be associated with it
• Phase 2. Server Authentication and Key Exchange - the server begins this phase by
sending its certificate if it needs to be authenticated.
• Phase 3. Client Authentication and Key Exchange - the client should verify that the server
provided a valid certificate if required and check that the server_hello parameters are
acceptable
• Phase 4. Finish - this phase completes the setting up of a secure connection. The client
sends a change_cipher_spec message and copies the pending CipherSpec into the current
CipherSpec

Figure below shows the initial exchange needed to establish a logical connection between
client and server. The exchange can be viewed as having the four phases.
 Transport Layer Security
TLS is an IETF standardization initiative whose goal is to produce an Internet
standard version of SSL. TLS is defined as a Proposed Internet Standard in RFC 2246.
 IETF standard RFC 2246 similar to SSLv3
 with minor differences
 in record format version number
 uses HMAC for MAC
 a pseudo-random function expands secrets
 has additional alert codes
 some changes in supported ciphers
 changes in certificate types & negotiations
 changes in crypto computations & padding
Secure Electronic Transactions
 SET is an open encryption and security specification
 SET is designed to protect credit card transactions on the Internet.
 SETv1 emerged from a call for security standards by MasterCard and Visa in 1996.
 SET is not itself a payment system.
 SET is a set of security protocols and formats that enables users to employ the
existing credit card payment infrastructure on an open network, such as the Internet,
in a secure fashion, by providing:
o a secure communications channel among all parties involved in a transaction
o trust through the use of X.509v3 digital certificates
o privacy because the information is only available to parties in a transaction
when and where necessary.

Above Figure indicates the participants in the SET system, being:

 Cardholder: purchasers interact with merchants from personal computers over the Internet
 Merchant: a person or organization that has goods or services to sell to the cardholder
 Issuer: a financial institution, such as a bank, that provides the cardholder with the payment
card.
 Acquirer: a financial institution that establishes an account with a merchant and processes
payment card authorizations and payments
 Payment gateway: a function operated by the acquirer or a designated third party that
processes merchant payment messages
• Certification authority (CA): an entity that is trusted to issue X.509v3 public-key
certificates for cardholders, merchants, and payment gateways

SET Transaction

1. customer opens account

2. customer receives a certificate
3. merchants have their own certificates
4. customer places an order
5. merchant is verified
6. order and payment are sent
7. merchant requests payment authorization
8. merchant confirms order
9. merchant provides goods or service
10. merchant requests payment

SET Dual Signature

• The purpose of the SET dual signature is to link two messages that are intended for two
different recipients, the order information (OI) for the merchant and the payment
information (PI) for the bank.
• The merchant does not need to know the customer’s credit card number, and the bank
does not need to know the details of the customer’s order, however the two items must
be linked in a way that can be used to resolve disputes if necessary.
• The customer takes the hash (using SHA-1) of the PI and the hash of the OI,
concatenates them, and hashes the result. Finally, the customer encrypts the final hash
with his or her private signature key, creating the dual signature. This can be summarized
as: DS=E(PRc, [H(H(PI)||H(OI))])

SET Purchase Request

The purchase request exchange consists of four messages:

• Initiate Request: The customer requests the certificates in the Initiate Request
message, sent to the merchant.
• Initiate Response: The merchant generates a response and signs it with its private
signature key.
• Purchase Request: The cardholder verifies the merchant and gateway certificates by
means of their respective CA signatures and then creates the OI and PI. Next, the
 cardholder prepares the Purchase Request message with Purchase-related information
& Order-related information.
• Purchase Response: The Purchase Response message includes a response block that
acknowledges the order and references the corresponding transaction number

Purchase Request Customer.

The contents of the Purchase Request message generated by the customer include the
following:

1. Purchase-related information, which will be forwarded to the payment gateway by the

merchant and consists of PI, dual signature, & OI message digest (OIMD).
2. Order-related information needed by the merchant and consists of: OI, dual signature, PI
message digest (PIMD).
3. Cardholder certificate. This contains the cardholder’s public signature key.

Purchase Request Customer.

The Purchase Response message includes a response block that acknowledges the order
and references the corresponding transaction number. This block is signed by the merchant
using its private signature key. The block and its signature are sent to the customer, along
with the merchant’s signature certificate.

When the merchant receives the Purchase Request message, the actions listed are performed.

• verifies cardholder certificates using CA sigs

• verifies dual signature using customer's public signature key to ensure order has not been
tampered with in transit & that it was signed using cardholder's private signature key
• processes order and forwards the payment information to the payment gateway for
authorization (described later)
• sends a purchase response to cardholder

Payment Gateway Authorization

• During the processing of an order from a cardholder, the merchant authorizes the
transaction with the payment gateway
• The payment authorization ensures that the transaction was approved by the issuer,
guarantees the merchant will receive payment, so merchant can provide services or
goods to customer.
• The payment authorization exchange consists of two messages: Authorization
Request and Authorization response.
• The payment gateway performs the tasks shown on receiving the Authorization
Request message.