Web-Security Considerations

U4
 Introduction
• World Wide Web is basically a client/server
application running over the Internet and
TCP/IP intranets.
• Internet is two-way.
• Web is vulnerable to attacks on the Web
servers over the Internet.
 Web Security Threats…

• They are grouped as:

– passive and
• Passive attacks include eavesdropping on network traffic
between browser and server and
• gaining access to information on a Web site that is
supposed to be restricted.
– active attacks.
• Active attacks include impersonating another user,
• altering messages in transit between client and server, and
• altering information on a Web site.
 Web Security Threats

– They are also grouped in terms of the location of

the threat:
• Web server,
• Web browser, and
• network traffic between browser and server.
 Web Traffic Security Approaches…

Web traffic security approaches are:

• Similar in the services they provide and,
• to some extent, in the mechanisms that they use, but
• they differ with respect to their scope of applicability and
• their relative location within the TCP/IP protocol stack.
 Web Traffic Security Approaches

IP: Internet Protocol

TCP: Transmission Control Protocol
HTTP: Hypertext Transfer Protocol.
FTP: File Transfer Protocol
SMTP: Simple Mail Transfer Protocol
SSL: Secure Sockets Layer
TLS: Transport Layer Security
S/MIME: Secure/Multipurpose Internet Mail Extensions
Kerberos: network authentication protocol
UDP: User Datagram Protocol
Web security (Ref. Fig. a)
• One way to provide Web
security is to use IP security
(IPsec).
• Advantage of using IPsec is
that it is transparent to end
users and applications and
• provides a general-purpose
solution.
• IPsec includes a filtering
capability so that only
selected traffic need to
incur the overhead of IPsec
processing.
Web security (Ref. Fig. b)
• Another solution is to
implement security just
above TCP.
• examples of this
approach are Secure
Sockets Layer (SSL) and
Transport Layer Security
(TLS).
 Web security (Ref. Fig. c)
• Application-specific
security services are
embedded within the
particular application.
• Figure c shows examples
of this architecture.
• Advantage of this
approach is that the
service can be tailored to
the specific needs of a
given application.
S/MIME (Secure/Multipurpose Internet Mail
Extensions)
 Secure Socket Layer (SSL)
• Netscape originated SSL.
• First published version of TLS can be viewed as
essentially an SSLv3.1 and
is very close to and backward compatible with
SSLv3 (SSL Version 3).
SSL Protocol Stack
 SSL Architecture…
• SSL is not a single
protocol but rather two
layers of protocols, as
shown in Figure.
• SSL Record Protocol
provides basic security
services to various higher
layer protocols.
• In particular, Hypertext
• SSL is designed to make use
Transfer Protocol (HTTP),
of TCP.
which provides the
transfer service for Web
client/server interaction,
can operate on top of SSL.
SSL Architecture…
• Three higher-layer
protocols are defined as
part of SSL:
– Handshake Protocol,
– Change Cipher Spec
Protocol, and
– Alert Protocol.
• These SSL-specific
protocols are used in the
management of SSL
exchanges.
 SSL Architecture…
• There are two important SSL concepts, viz,
– SSL session and
– SSL connection,
 SSL Architecture…
Session:
• An SSL session is an association between a
client and a server.
• Sessions are created by the Handshake
Protocol.
 SSL Architecture…
• Connection: A connection is a transport that
provides a suitable type of service.
• Connections are transient (temporary).
• Every connection is associated with one
session.
 SSL Architecture…
• There are a number of states associated with
each session.
• Once a session is established, there is a current
operating state for both read and write (i.e.,
receive and send).
• In addition, during the Handshake Protocol,
pending read and write states are created.
• Upon successful conclusion of the Handshake
Protocol, the pending states become the current
states.
 SSL Architecture…
• A session state is defined by the following
parameters:
1. Session identifier: An arbitrary byte sequence chosen
by the server to identify an active or resumable session
state.
2. Peer certificate: An X509.v3 certificate of the peer.
This element of the state may be null.
3. Compression method: Algorithm used to compress
data prior to encryption.
 SSL Architecture…
• A session state is defined by the following
parameters:
4. Cipher spec: Specifies the data encryption algorithm
(such as AES) and a hash algorithm (such as MD5 or
SHA-1) used for MAC calculation.
It also defines cryptographic attributes such as the
hash_size.
5. Master secret: 48-byte secret shared between the
client and server.
6. Is resumable: A flag indicating whether the session can
be used to initiate new connections.
 SSL Architecture…
A connection state is defined by the following
parameters.
1. Server and client random: Byte sequences that are
chosen by the server and client for each connection.
2. Server write MAC secret: Secret key used in MAC
operations on data sent by the server.
3. Client write MAC secret: Secret key used in MAC
operations on data sent by the client.
 SSL Architecture…
A connection state is defined by the following
parameters.
4. Server write key: Secret encryption key for data
encrypted by the server and decrypted by the client.
5. Client write key: Symmetric encryption key for data
encrypted by the client and decrypted by the server.
 SSL Architecture
6. Initialization vectors: When a block cipher in CBC mode
is used, an initialization vector (IV) is maintained for
each key.
This field is first initialized by the SSL Handshake
Protocol.
7. Sequence numbers: Each party maintains separate
sequence numbers for transmitted and received
messages for each connection.
Sequence numbers may not exceed 264 – 1.
 SSL Record Protocol…
• SSL Record Protocol provides two services for SSL
connections:
1. Confidentiality
2. Message Integrity
SSL Record Protocol…
SSL Record Protocol…
• Received data are
Figure indicates the overall
operation of the SSL Record
Protocol.
• Record Protocol
– takes an application message
to be transmitted,
– Fragments data into
manageable blocks,
– optionally compresses the
data,
– applies a MAC,
– encrypts,
– adds a header, and
– transmits the resulting unit in
a TCP segment.
– decrypted,
– verified,
– decompressed, and
– reassembled before being
delivered to higher-level
users.
 SSL Record Protocol…
• First step is fragmentation.
Each upper-layer message is fragmented into blocks
of 214 bytes or less.

• Next, compression is optionally applied.

Compression must be lossless and may not increase
the content length by more than 1024 bytes.
In SSLv3 (as well as the current version of TLS), no
compression algorithm is specified, so the default
compression algorithm is null.
Note
• One hopes that compression shrinks rather
than expands the data.
• However, for very short blocks, it is possible,
because of formatting conventions, that the
compression algorithm will actually provide
output that is longer than the input.
 SSL Record Protocol…
• Next step in processing is to compute a message
authentication code over the compressed data.
• For this purpose, a shared secret key is used.
 SSL Record Protocol…
• Next, the compressed message plus the MAC are
encrypted using symmetric encryption.
• Encryption may not increase the content length by more
than 1024 bytes, which means,
Total length may not exceed 214 + 2048.
• Examples of encryption algorithms (Block Cipher)
permitted are: AES, DES, 3DES.
• Examples of permitted Stream cipher are: RC4-40 (key
size 40) , RC4-128 (key size 128).

(RC4 was created by Ron Rivest, Rivest Cipher 4)

 SSL Record Protocol…
• For stream encryption, compressed message plus
MAC are encrypted.
• For block encryption, padding may be added after
the MAC prior to encryption.
• padding is in the form of a number of padding bytes
followed by a one-byte indication of the length of the
padding.
 SSL Record Protocol…
Final step of SSL Record Protocol processing is to prepend
a header .
Header consisting of the following fields:
• Content Type (8 bits): Higher-layer protocol used to process the
enclosed fragment.
• Major Version (8 bits): Indicates major version of SSL in use.
– For SSLv3, the value is 3.
• Minor Version (8 bits): Indicates minor version in use.
– For SSLv3, the value is 0.
• Compressed Length (16 bits): length in bytes of the plaintext
fragment (or compressed fragment if compression is used).
• Maximum value is 214+2048.
 SSL Record Protocol…
• Content types that have been defined are
– change_cipher_spec,
– alert,
– handshake, and
– application_data.
• First three are the SSL-specific protocols.
SSL record format
 Change Cipher Spec Protocol

• This protocol consists of a

single message, which
consists of a single byte
with the value 1.
• purpose of this message is
to cause the pending state
to be copied into the
current state, which
• Change Cipher Spec Protocol updates the cipher suite to
is one of the three SSL- be used on this
specific protocols that use connection.
the SSL Record Protocol, and
it is the simplest.
 Change Cipher Spec Protocol
• ChangeCipherSpec message is sent during the
handshake after the security parameters have
been agreed upon, but before the verifying
Finished message is sent.
 Reference
• Text book 4 th edn.