Unit-4

Web security considerations:

• The World Wide Web is fundamentally a client/server application running over the
Internet and TCP/IP intranets.
• Usage of internet for transferring or retrieving the data has got many benefits like speed,
reliability, security etc.
• Much of the Internet's success and popularity lies in the fact that it is an open global
network.
• At the same time, the fact that it is open and global makes it not very secure.
• The unique nature of the Internet makes exchanging information and transacting
business over it inherently dangerous.
• The faceless, voiceless, unknown entities and individuals that share the Internet may
or may not be who or what they profess to be.
• For the exchange of information and for commerce to be secure on any network,
especially the Internet, a system or process must be put in place that satisfies
requirements for confidentiality, access control, authentication, integrity, and non
repudiation.
• These requirements are achieved on the Web through the use of encryption and by
employing digital signature technology. One of the most important is the SSL protocol.
 Web Traffic Security Approaches

Secure Socket Layer (SSL)

• Secure Socket Layer (SSL) provides security to the data that is transferred between
web browser and server. SSL encrypts the link between a web server and a browser
which ensures that all data passed between them remain private and free from attack.
Secure Socket Layer Protocols
• SSL Record Protocol
• Handshake Protocol
• Change-Cipher Spec Protocol
• Alert Protocol
 1) SSL Record Protocol
SSL Record provides two services to SSL connection.
• Confidentiality
• Message Integrity
In the SSL Record Protocol application data is divided into fragments. The fragment is
compressed and then encrypted MAC (Message Authentication Code) generated by
algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest) is appended.
After that encryption of the data is done and in last SSL header is appended to the data.
2) Handshake Protocol
Handshake Protocol is used to establish sessions. This protocol allows the client and
server to authenticate each other by sending a series of messages to each other.
Handshake protocol uses four phases to complete its cycle.
• Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP
session, cipher suite and protocol version are exchanged for security purposes.
• Phase-2: Server sends his certificate and Server-key-exchange. The server end phase-
2 by sending the Server-hello-end packet.
• Phase-3: In this phase, Client replies to the server by sending his certificate and Client-
exchange-key.
• Phase-4: In Phase-4 Change-cipher suite occurs and after this the Handshake Protocol
ends.

3) Change-Cipher Protocol
 This protocol uses the SSL record protocol. Unless Handshake Protocol is completed,
the SSL record Output will be in a pending state. After the handshake protocol, the
Pending state is converted into the current state.
 Change-cipher protocol consists of a single message which is 1 byte in length and can
have only one value. This protocol’s purpose is to cause the pending state to be copied
into the current state.
 4) Alert Protocol
This protocol is used to convey SSL-related alerts to the peer entity. Each message in
this protocol contains 2 bytes.

The level is further classified into two parts:

Warning (level = 1)
This Alert has no impact on the connection between sender and receiver. Some of
them are:
• Bad Certificate: When the received certificate is corrupt.
• No Certificate: When an appropriate certificate is not available.
• Certificate Expired: When a certificate has expired.
• Certificate Unknown: When some other unspecified issue arose in processing the
certificate, rendering it unacceptable.
• Close Notify: It notifies that the sender will no longer send any messages in the
connection.
• Unsupported Certificate: The type of certificate received is not supported.
• Certificate Revoked: The certificate received is in revocation list.

Fatal Error (level = 2):

This Alert breaks the connection between sender and receiver. The connection will be
stopped, cannot be resumed but can be restarted. Some of them are :
• Handshake Failure: When the sender is unable to negotiate an acceptable set of
security parameters given the options available.
• Decompression Failure: When the decompression function receives improper input.
• Illegal Parameters: When a field is out of range or inconsistent with other fields.
Transport Layer Security (TLS):
• One of the most widely used security services is Transport Layer Security (TSL)
• TLS is an Internet standard that derived from a commercial protocol known as Secure
Sockets Layer (SSL).
TLS Architecture:
• TLS is designed to make use of TCP to provide a reliable end-to-end secure service.
TLS is not a single protocol but rather two layers of protocols

Two important TLS concepts are the TLS session and the TLS connection, which are
defined in the specification as follows:
Connection: A connection is a transport (in the OSI layering model definition) that
provides a suitable type of service. Every connection is associated with one session.
Session: A TLS session is an association between a client and a server. Sessions are
created by the Handshake Protocol.
Transport Layer Security Protocols
• TLS Record Protocol
• Handshake Protocol
• Change-Cipher Spec Protocol
• Alert Protocol
1)TLS Record Protocol :
• The TLS Record Protocol provides two services for TLS connections:
• Confidentiality: The Handshake Protocol defines a shared secret key that is used for
conventional encryption of TLS payloads.
• Message Integrity: The Handshake Protocol also defines a shared secret key that is
used to form a message authentication code (MAC).

In the TLS Record Protocol application data is divided into fragments. The fragment
is compressed and then encrypted MAC (Message Authentication Code) generated by
algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest) is appended.
After that encryption of the data is done and in last TLS header is appended to the
data.
 The final step of TLS Record Protocol processing is to prepend a header consisting of
the following fields:
Content Type (8 bits): The higher-layer protocol used to process the enclosed
fragment.
Major Version (8 bits): Indicates major version of TLS in use. For TLSv2, the value
is 3.
Minor Version (8 bits): Indicates minor version in use. For TLSv2, the value is 1.
Compressed Length (16 bits): The length in bytes of the plaintext fragment
2) Handshake Protocol:
This protocol allows the server and client to authenticate each other and to negotiate
an encryption and MAC algorithm and cryptographic keys to be used to protect data
 sent in a TLS record. The Handshake Protocol is used before any application data is
transmitted.

• Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP
session, cipher suite and protocol version are exchanged for security purposes.
• Phase-2: Server sends his certificate and Server-key-exchange. The server end phase-
2 by sending the Server-hello-end packet.
• Phase-3: In this phase, Client replies to the server by sending his certificate and
Client-exchange-key.
• Phase-4: In Phase-4 Change-cipher suite occurs and after this the Handshake Protocol
ends.
3) Change-Cipher Protocol
 This protocol uses the SSL record protocol. Unless Handshake Protocol is completed,
the SSL record Output will be in a pending state. After the handshake protocol, the
Pending state is converted into the current state.
 Change-cipher protocol consists of a single message which is 1 byte in length and can
have only one value. This protocol’s purpose is to cause the pending state to be copied
into the current state.
4) Alert Protocol
 The Alert Protocol is used to convey TLS-related alerts to the peer entity.
 alert messages are compressed and encrypted, as specified by the current state.
 Each message in this protocol consists of two bytes . The first byte takes the value
warning (1) or fatal (2) to convey the severity( Condition) of the message.
 The second byte contains a code that indicates the specific alert.
The following alerts are always fatal:
• unexpected_message: An inappropriate message was received.
• bad_record_mac: An incorrect MAC was received.
• decompression_failure: The decompression function received improper input
handshake_failure: Sender was unable to negotiate an acceptable set of security
parameters given the options available

HTTPS:
HTTPS (HTTP over SSL) refers to the combination of HTTP and SSL to implement
secure communication between a Web browser and a Web server.
When HTTPS is used, the following elements of the communication are encrypted:
■ URL of the requested document
■ Contents of the document
■ Contents of browser forms (filled in by browser user)
■ Cookies sent from browser to server and from server to browser
■ Contents of HTTP header
Connection Initiation:
 For HTTPS, the agent acting as the HTTP client also acts as the TLS client.
 The client initiates a connection to the server on the appropriate port and then sends
the TLS Client Hello to begin the TLS handshake finished,
 The client may then initiate the first HTTP request.
 All HTTP data is to be sent as TLS application data.
 Normal HTTP behavior, including retained connections, should be followed.
 There are three levels of awareness of a connection in HTTPS. At the HTTP level, an
HTTP client requests a connection to an HTTP server by sending a connection request
to the next lowest layer.
Connection Closure:
An HTTP client or server can indicate the closing of a connection by including
the following line in an HTTP record: Connection: close. This indicates that the
connection will be closed after this record is delivered.

SECURE SHELL(SSH):
• Secure Shell (SSH) is a protocol for secure network communications designed to be
relatively simple and inexpensive to implement.
• SSH provides a secure remote logon facility to replace TELNET and other remote
logon schemes that provide no security.
• SSH uses network facilities like file transfer and email.

1) Transport Layer protocol

The transport layer is the top layer of the TCP/IP protocol suite. For SSH-2, this layer is
responsible for handling initial key exchange, server authentication, set up encryption,
compression, and integrity verification. It works as an interface for sending and receiving
plaintext packets.
2)User authentication Protocol:
• The User Authentication protocol provides the means by which the client is
authenticated to the server.
MESSAGE Exchange:The message exchange involves the following steps.
1. The client sends a SSH_MSG_USERAUTH_REQUEST with a requested method of
none.
2. The server checks to determine if the user name is valid . If not, the serv er ret urns S
SH_MS G_USERAUTH_FAILURE with the partial success value of false. If the user
na me is valid, the server proceeds to step 3.
3. The server returns SSH-MSG-USERAUTH-FAILURE with a list of one or more
authentication methods to be used .
4. The client selects one of the acceptable authentication methods and sends a
SSH_MSG_USERAUTH_REQUEST with that method name and the required method-
specific fields.At this point, there may be a sequence of exchanges to perform the
method.
5. 5.If the authentication succeeds and more authentication methods are required, the
server proceeds to step 3, using a par tial success value of true. If the authentication
fails, the server proceeds to step 3, using a partial success value of false.
6. 6.When all required authentication methods succeed, the server sends a S
SH_MSG_USERAUTH_SUCCESS message, and the Authentication Protocol rs over.
Authentication Methods: The server may require one or more of the following
authentication methods.
i) publickey : The details of this method depend on the public-k ey algorithm chosen.
In essence, the client sends a message to the server that contains the client s public key,
with the message signed by the client's private key.
When the server receives this message, it checks whether the supplied key is acceptable
for authentication and, if so, it checks whether the signature is correct.
ii) password : The client sends a message containing a plaintext password. which is
protected by encryption by the Transport Layer Protocol.
iii)Host based : Authentication is performed on the client's host rather than the client
itself. Thus, a host that supports multiple clients would provide authentication for all its
clients. This method works by having the client send a signature created with the private
key of the client host. Thus, rather than directly verifying the user’s identity, the SSH
server verifies the identity of the client host and then believes the host when it says
the user has already authenticated on the client side.
3)Connection protocol
The connection layer defines various channels through which SSH services are
provided. It defines the concept of channels, channel requests, and global requests. One
SSH connection can host different channels simultaneously and can also transfer data
in both directions simultaneously. Channel requests are used in the connection layer to
relay out-of-band channel-specific data, for example, the altered size of a terminal
window or the exit code of a server-side process. The standard channel types of
connection layer are:
• shell: It is used for terminal shells, SFTP, and exec requests.
• direct-tcpip: It is used for the client-to-server forwarded connections.
• forwarded-tcpip: It is used for the server-to-client forwarded connections.
Wireless Security:
The wireless client can be a cell phone, a Wi-Fi–enabled laptop or tablet, a wireless
sensor, a Bluetooth device, and so on. The wireless access point provides a connection
to the network or service. Examples of access points are cell towers, Wi-Fi hotspots,
and wireless access points to wired local or wide area networks. The transmission
medium, which carries the radio waves for data transfer, is also a source of vulnerability.
Some of the key factors contributing to the higher security risk of wireless networks
compared to wired networks include the following.
Channel: Wireless networking typically involves broadcast communications, which is
far more susceptible to eavesdropping (secret listening by attackers) and jamming
(congestion) than wired networks.
Wireless networks are also more vulnerable to active attacks that exploit
vulnerabilities in communication.
Mobility: Wireless devices are, in principal and usually in practice, far more portable
and mobile than wired devices. This mobility results in a number of risks.
 Resources: Some wireless devices, such as smart phones and tablets, have
sophisticated operating systems but limited memory and processing resources with
which to counter threats, including denial of service and malware.
Accessibility: Some wireless devices, such as sensors and robots, may be left
unattended in remote and/or hostile locations. This greatly increases their
vulnerability to physical attacks.
Wireless Network Threats
Lists the following security threats to wireless networks:
Accidental association: Company wireless LANs or wireless access points to wired LANs in
close proximity (e.g., in the same or neighboring buildings) may create overlapping
transmission ranges. A user intending to connect to one LAN may unintentionally lock on to a
wireless access
point from a neighboring network. Although the security breach is accidental, it nevertheless
point from a neighboring network. Although the security breach is accidental, it nevertheless
exposes resources of one LAN to the accidental user.
Malicious association: In this situation, a wireless device is configured to appear to be a
legitimate access point, enabling the operator to steal
passwords from legitimate users and then penetrate a wired network through a legitimate
wireless access point.
Ad hoc networks: These are peer-to-peer networks between wireless computers with no access
point between them. Such networks can pose a security threat due to a lack of a central point
of control.
Nontraditional networks: Nontraditional networks and links, such as personal network
Bluetooth devices, barcode readers, and handheld PDAs, pose a security risk in terms of both
eavesdropping and spoofing.
Identity theft (MAC spoofing): This occurs when an attacker is able to eavesdrop on network
traffic and identify the MAC address of a computer with network privileges.
Man-in-the middle attacks: In a broader sense, this attack involves persuading a user and an
access point to believe that they are talking to each other when in fact the communication is
going through an intermediate attacking device. Wireless networks are particularly vulnerable
to such attacks.
Denial of service (DoS): In the context of a wireless network, a DoS attack occurs when an
attacker continually bombards a wireless access point or some other accessible wireless port
with various protocol messages designed to consume system resources.
Network injection: A network injection attack targets wireless access points that are exposed
to nonfiltered network traffic, such as routing protocol messages or network management
messages. An example of
such an attack is one in which bogus reconfiguration commands are used to affect routers and
switches to degrade network performance.
Wireless Security Measures
The principal threats to wireless transmission are eavesdropping, altering or inserting
messages, and disruption. To deal with eavesdropping, two types of countermeasures are
appropriate.
Signal-hiding techniques: Organizations can take a number of measures to make it more
difficult for an attacker to locate their wireless access points, including turning off service set
identifier (SSID) broadcasting by wireless access points; assigning cryptic names to SSIDs;
reducing signal strength to the lowest level that still provides requisite coverage; and locating
wireless access points in the interior of the building, away from windows and exterior walls.
Greater security can be achieved by the use of directional antennas and of signal-shielding
techniques.
Encryption: Encryption of all wireless transmission is effective against eavesdropping to the
extent that the encryption keys are secure.
1. Use encryption. Wireless routers are typically equipped with built-in encryption mechanisms
for router-to-router traffic.
2. Use antivirus and antispyware software, and a firewall. These facilities should be enabled
on all wireless network endpoints.
3. Turn off identifier broadcasting. Wireless routers are typically configured to broadcast an
identifying signal so that any device within range can learn of the router’s existence. If a
network is configured so that authorized devices know the identity of routers, this capability
can be disabled, so as to thwart attackers (preventing the others to do what they want).
4. Change the identifier on your router from the default. Again, this measure thwarts attackers
who will attempt to gain access to a wireless network using default router identifiers.
5. Change your router’s pre-set password for administration.
6. Allow only specific computers to access your wireless network. A router can be configured
to only communicate with approved MAC addresses. Of course, MAC addresses can be
spoofed, so this is just one element of a security strategy.

MOBILE DEVICE SECURITY

An organization’s networks must accommodate the following
Mobile devices have become an essential element for organizations as part of the overall
network infrastructure. Mobile devices such as smart phones, tablets, and memory sticks
provide increased convenience for individuals as well as the potential for increased
productivity in the workplace. Because of their widespread use and unique characteristics,
security for mobile devices is a pressing and complex issue. In essence, an organization needs
to implement a security policy through a combination of security features built into the mobile
devices and additional security controls provided by network components that regulate the use
of the mobile devices.
Security Threats
Mobile devices need additional, specialized protection measures beyond those implemented
for other client devices
Lack of Physical Security Controls
Mobile devices are typically under the complete control of the user, and are used and kept in a
variety of locations outside the organization’s control, including off premises. Even if a device
is required to remain on premises, the user may move the device within the organization
between secure and nonsecured locations. Thus, theft and tampering are realistic threats. The
security policy for mobile devices must be based on the assumption that any mobile device
may be stolen or at least accessed by a malicious party. A malicious party may attempt to
recover sensitive data
from the device itself, or may use the device to gain access to the organization’s resources.
Use of Untrusted Mobile Devices
In addition to company-issued and company controlled mobile devices, virtually all employees
will have personal smart phones and/or tablets. The organization must assume that these
devices are not trustworthy. That is, the devices may not employ encryption and either the user
or a third party may have installed a bypass to the built-in restrictions on security, operating
system use, and so on.
Use of Untrusted Networks
If a mobile device is used on premises, it can connect to organization resources over the
organization’s own in-house wireless networks.
However, for off-premises use, the user will typically access organizational resources via Wi-
Fi or cellular access to the Internet and from the Internet to the organization. Thus, traffic that
includes an off-premises segment is potentially susceptible to eavesdropping or man-in-the-
middle types of attacks. Thus, the security policy must be based on the assumption that the
networks between the mobile device and the organization are not trustworthy.
Use of Applications Created by Unknown Parties
By design, it is easy to find and install third-party applications on mobile devices. This poses
the obvious risk of installing malicious software. An organization has several options for
dealing with this threat.
Interaction with Other Systems
A common feature found on smart phones and tablets is the ability to automatically synchronize
data, apps, contacts, photos, and so on with other computing devices and with cloud-based
storage.
Use of Untrusted Content
Mobile devices may access and use content that other computing devices do not encounter. An
example is the Quick Response (QR) code, which is a two-dimensional barcode. QR codes are
designed to be captured by a mobile device camera and used by the mobile device. The QR
code translates to a URL, so that a malicious QR code could direct the mobile device to
malicious Web sites.
Use of Location Services
The GPS capability on mobile devices can be used to maintain knowledge of the physical
location of the device. While this feature might be useful to an organization as part of a presence
service, it creates security risks. An attacker can use the location information to determine
where the device and user are located, which may be of use to the attacker.

IEEE 802.11 WIRELESS LAN

IEEE 802 Protocol Architecture

IEEE 802.11 Protocol Stack

Physical Layer The lowest layer of the IEEE 802 reference model is the physical layer, which
includes such functions as encoding/decoding of signals and bit
transmission/reception. In addition, the physical layer includes a specification of the
transmission medium. In the case of IEEE 802.11, the physical layer also defines frequency
bands and antenna characteristics.
Media Access Control All LANs consist of collections of devices that share the network’s
transmission capacity. Some means of controlling access to the transmission medium is needed
to provide an orderly and efficient use of that capacity. This is the function of a media access
control (MAC) layer. The MAC layer receives data from a higher-layer protocol, typically the
Logical Link Control (LLC) layer, in the form of a block of data known as the MAC service
data unit (MSDU). In general, the MAC layer performs the following functions.
• On transmission, assemble data into a frame, known as a MAC protocol data unit (MPDU)
with address and error-detection fields.
• On reception, disassemble frame, and perform address recognition and error detection.
• Govern access to the LAN transmission medium.

General IEEE 802 MPDU Format

MAC Control: This field contains any protocol control information needed for the functioning
of the MAC protocol. For example, a priority level could be indicated here.
Destination MAC Address: The destination physical address on the LAN for this MPDU.
Source MAC Address: The source physical address on the LAN for this MPDU.
MAC Service Data Unit: The data from the next higher layer.
CRC: The cyclic redundancy check field; also known as the Frame Check Sequence (FCS)
field. This is an error-detecting code, such as that which is used in other data-link control
protocols.
Logical Link Control In most data-link control protocols, the data-link protocol entity is
responsible not only for detecting errors using the CRC, but for recovering from those errors
by retransmitting damaged frames.
IEEE 802.11i
There are two characteristics of a wired LAN that are not inherent in a wireless LAN.

1. With a wireless LAN, any station within radio range of the other devices on the LAN can
transmit.
2. With a wireless LAN, any station within radio range can receive.

Wi-Fi Protected Access (WPA) as a Wi-Fi standard implemented by using IEEE 802.11i
The final form of the 802.11i standard is referred to as Robust Security Network (RSN).
IEEE 802.11i Services
Authentication: A protocol is used to define an exchange between a user and an AS that
provides mutual authentication and generates temporary keys to be used between the client and
the AP over the wireless link.
Access control: This function enforces the use of the authentication function, routes the
messages properly, and facilitates key exchange. It can work with a variety of authentication
protocols.
Privacy with message integrity: MAC-level data (e.g., an LLC PDU) are encrypted along
with a message integrity code that ensures that the data have not been altered.
Elements of IEEE 802.11i

IEEE 802.11i Phases of Operation

Key Management Phase
 During the key management phase, a variety of cryptographic keys are generated and
distributed to STAs.
 There are two types of keys: pair wise keys used for communication between an STA
and an AP and
 group keys used for multicast communication.
Figure 18.9, based on , shows the two key hierarchies, and Table 18.3 defines the individual
keys