Web Security:

Web Security refers to the protective measures and protocols used to safeguard websites,
web applications, and online services from cyber threats such as:

 Hacking attempts
 Data theft
 Malware
 Unauthorized access
 Phishing and spoofing

Threats on the Web:

Web Traffic Security Approaches:

Network level: transparent to end-users and applications

SSL, TLS: Netscape and Microsoft Explorer browsers equipped with SSL, most
web servers implemented the protocol
Application level: service can be tailored to specific needs of a given application

Secure Socket Layer (SSL):

SSL or Secure Sockets Layer, is an Internet security protocol that encrypts data to keep it
safe. It was created by Netscape in 1995 to ensure privacy, authentication, and data integrity
in online communications. SSL is the older version of what we now call TLS (Transport
Layer Security). Websites using SSL/TLS have “HTTPS” in their URL instead of “HTTP.”
Another three higher level protocols that also make use of this layer are part of the SSL
stack. They are used in the management of SSL exchanges and are as follows:

1. Handshake Protocol.

2. Change Cipher Spec Protocol.

3. Alert Protocol.
SSL Record Protocol:
This protocol provides two services for SSL connections:

1. Confidentiality - using conventional encryption.

2. Message Integrity - using a Message Authentication Code (MAC).

In order to operate on data the protocol performs the following actions:

• It takes an application message to be transmitted and fragments it into manage-able

blocks. These blocks are 214 = 16, 384 bytes or less.

• These blocks are then optionally compressed which must be lossless and may not
increase the content length by more than 1024 bytes.

• A message authentication code is then computed over the compressed data using a
shared secret key. This is then appended to the compressed (or plaintext) block.

• The compressed message plus MAC are then encrypted using symmetric en-cryption.
Encryption may not increase the content length by more than 1024 bytes, so that the
total length may not exceed 214 + 2048. A number of different encryption algorithms
are permitted.

• The final step is to prepend a header, consisting of the following fields:

– Content type (8 bits) - The higher layer protocol used to process the en-closed
fragment.

– Major Version (8 bits) - Indicates major version of SSL in use. For SSLv3, the
value is 3.

– Minor Version (8 bits) - Indicates minor version in use. For SSLv3, the value is
0.

– Compressed Length (16 bits) - The length in bytes of the compressed (or
plaintext) fragment.
The “content type” above is one of four types; the three higher level protocols given above
that make use of the SSL record, and a fourth known as “application data”. The first three
are described next as they are SSL specific protocols.

Handshake Protocol:

Handshake Protocol is used to establish sessions. This protocol allows the client and server
to authenticate each other by sending a series of messages to each other. Handshake protocol
uses four phases to complete its cycle.

Phase -1: In Phase-1 both Client and Server send hello-packets to each other. In this IP
session, cipher suite and protocol version are exchanged for security purposes.

Phase -2: Server sends it certificate and Server-key-exchange. The server end phase-2 by
sending the Server-hello-end packet.

Phase -3: In this phase, Client replies to the server by sending it certificate and Client-
exchange-key.

Phase -4: In Phase-4 Change Cipher Spec occurs and after this the Handshake Protocol ends.
Change-Cipher Protocol:

This protocol uses the SSL record protocol. Unless Handshake Protocol is completed, the
SSL record Output will be in a pending state. After the handshake protocol, the Pending state
is converted into the current state.

Change-cipher protocol consists of a single message which is 1 byte in length and can have
only one value. This protocol’s purpose is to cause the pending state to be copied into the
current state.

Alert Protocol:

This protocol is used to convey SSL-related alerts to the peer entity. It consists of two bytes
the first of which takes the values 1 (warning) or 2 (fatal). If the level is fatal SSL
immediately terminates the connection. The second byte contains a code that indicates the
specific alert.

Transport Layer Security (TLS):

Transport Layer Security (TLS) is a cryptographic protocol that ensures privacy and data
security between communicating applications over a network. TLS is widely used to secure
web traffic (HTTPS), email, messaging, and other data transfers.

It is the successor to SSL (Secure Socket Layer) and is considered much more secure and
efficient.
Main Goals of TLS:
1. Confidentiality – Prevent eavesdropping.
2. Integrity – Prevent data tampering.
3. Authentication – Verify the identity of the communicating parties.

How TLS Works (Simplified Process):

1. Client Hello: The client sends supported TLS versions, cipher suites, and a random
number.
2. Server Hello: The server responds with chosen cipher suite, certificate, and its
random number.
3. Certificate Authentication: Client verifies the server certificate.
4. Key Exchange: A pre-master key is exchanged securely.
5. Session Key Generation: Both sides generate a symmetric session key.
6. Secure Session: All further communication is encrypted using the session key.

TLS Versions:
Version Year Status Key Features
TLS 1.0 1999 Deprecated Based on SSL 3.0
TLS 1.1 2006 Deprecated Minor improvements
TLS 1.2 2008 Active Strong encryption, widely adopted
TLS 1.3 2018 Current Faster, simpler handshake, no obsolete algorithms

Common Attacks on TLS:

Attack Affected Versions Description

BEAST TLS 1.0 Block cipher vulnerability
CRIME TLS Compression Leaks data via compressed responses
Heartbleed OpenSSL (TLS) Exposes server memory

TLS vs SSL:

Feature SSL TLS

Security Outdated, vulnerable Modern, secure
Performance Slower Faster, especially TLS 1.3
Handshake Complex Simplified in TLS 1.3
Status Deprecated Active and recommended