Web Security: Threats, Approaches, and Solutions, Lecture notes of Network security

The importance of web security, the types of security threats faced when using the Web, and approaches to providing web security. It covers passive and active attacks, SSL and IPsec, and e-mail security. The document also introduces SSL concepts such as SSL sessions and SSL connections.

Typology: Lecture notes

2020/2021

Uploaded on 06/08/2021

unknown user
unknown user 🇺🇸

5

(1)

8 documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CHAPTER Four
NETWORK AND INTERNET SECURITY
4.1 Web Security
The World Wide Web is fundamentally a client/server application running over the Internet and
TCP/IP intranets. The reason to come up with web security are the following.
The Internet is two-way. Unlike traditional publishing environments even electronic
publishing systems involving tele text, voice response, or fax-back the Web is
vulnerable to attacks on the Web servers over the Internet.
The Web is increasingly serving as a highly visible outlet for corporate and product
information and as the platform for business transactions. Reputations can be damaged
and money can be lost if the Web servers are subverted.
Although Web browsers are very easy to use, Web servers are relatively easy to
configure and manage, and Web content is increasingly easy to develop, the underlying
software is extraordinarily complex. This complex software may hide many potential
security flaws. The short history of the Web is filled with examples of new and
upgraded systems, properly installed, that are vulnerable to a variety of security attacks.
A Web server can be exploited as a launching pad into the corporation’s or agency’s
entire computer complex. Once the Web server is subverted, an attacker may be able
to gain access to data and systems not part of the Web itself but connected to the server
at the local site.
Casual and untrained (in security matters) users are common clients for Web-based
services. Such users are not necessarily aware of the security risks that exist and do not
have the tools or knowledge to take effective countermeasures.
Table 5.1 provides a summary of the types of security threats faced when using the Web. One
way to group these threats is in terms of passive and active attacks. Passive attacks include
eavesdropping on network traffic between browser and server and gaining access to
information on a Web site that is supposed to be restricted. Active attacks include
impersonating another user, altering messages in transit between client and server, and
altering information on a Web site.
Another way to classify Web security threats is in terms of the location of the threat: Web
server, Web browser, and network traffic between browser and server. Issues of server and
browser security fall into the category of computer system security; this chapter addresses the
issue of system security in general but is also applicable to Web system security.
A number of approaches to providing Web security are possible. The various approaches that
have been considered are similar in the services they provide and, to some extent, in the
mechanisms that they use, but they differ with respect to their scope of applicability and their
relative location within the TCP/IP protocol stack. Figure 5.1 illustrates this difference. One
way to provide Web security is to use IP security (IPsec) (Figure 5.1a). The advantage of
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download Web Security: Threats, Approaches, and Solutions and more Lecture notes Network security in PDF only on Docsity!

CHAPTER Four

NETWORK AND INTERNET SECURITY

4 .1 Web Security

The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets. The reason to come up with web security are the following.

  • The Internet is two-way. Unlike traditional publishing environments even electronic publishing systems involving tele text, voice response, or fax-back the Web is vulnerable to attacks on the Web servers over the Internet.
  • The Web is increasingly serving as a highly visible outlet for corporate and product information and as the platform for business transactions. Reputations can be damaged and money can be lost if the Web servers are subverted.
  • Although Web browsers are very easy to use, Web servers are relatively easy to configure and manage, and Web content is increasingly easy to develop, the underlying software is extraordinarily complex. This complex software may hide many potential security flaws. The short history of the Web is filled with examples of new and upgraded systems, properly installed, that are vulnerable to a variety of security attacks.
  • A Web server can be exploited as a launching pad into the corporation’s or agency’s entire computer complex. Once the Web server is subverted, an attacker may be able to gain access to data and systems not part of the Web itself but connected to the server at the local site.
  • Casual and untrained (in security matters) users are common clients for Web-based services. Such users are not necessarily aware of the security risks that exist and do not have the tools or knowledge to take effective countermeasures. Table 5.1 provides a summary of the types of security threats faced when using the Web. One way to group these threats is in terms of passive and active attacks. Passive attacks include eavesdropping on network traffic between browser and server and gaining access to information on a Web site that is supposed to be restricted. Active attacks include impersonating another user, altering messages in transit between client and server, and altering information on a Web site. Another way to classify Web security threats is in terms of the location of the threat: Web server, Web browser, and network traffic between browser and server. Issues of server and browser security fall into the category of computer system security; this chapter addresses the issue of system security in general but is also applicable to Web system security. A number of approaches to providing Web security are possible. The various approaches that have been considered are similar in the services they provide and, to some extent, in the mechanisms that they use, but they differ with respect to their scope of applicability and their relative location within the TCP/IP protocol stack. Figure 5.1 illustrates this difference. One way to provide Web security is to use IP security (IPsec) (Figure 5.1a). The advantage of

using IPsec is that it is transparent to end users and applications and provides a general- purpose solution. Furthermore, IPsec includes a filtering capability so that only selected traffic need incur the overhead of IPsec processing. Another relatively general-purpose solution is to implement security just above TCP (Figure 5.1b). The foremost example of this approach is the Secure Sockets Layer (SSL) and the follow-on Internet standard known as Transport Layer Security (TLS). At this level, there are two implementation choices. For full generality, SSL (or TLS) could be provided as part of the underlying protocol suite and therefore be transparent to applications. Alternatively, SSL can be embedded in specific packages. For example, Netscape and Microsoft Explorer browsers come equipped with SSL, and most Web servers have implemented the protocol. Application-specific security services are embedded within the particular application. Figure 5.1c shows examples of this architecture. The advantage of this approach is that the service can be tailored to the specific needs of a given application.

Between any pair of parties (applications such as HTTP on client and server), there may be multiple secure connections. In theory, there may also be multiple simultaneous sessions between parties, but this feature is not used in practice. There are a number of states associated with each session. Once a session is established, there is a current operating state for both read and write (i.e., receive and send). In addition, during the Handshake Protocol, pending read and write states are created. Upon successful conclusion of the Handshake Protocol, the pending states become the current states. SSL Record Protocol The SSL Record Protocol provides two services for SSL connections:

  • Confidentiality : The Handshake Protocol defines a shared secret key that is used for conventional encryption of SSL payloads.
  • Message Integrity : The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC). Figure 5.3 indicates the overall operation of the SSL Record Protocol. The Record Protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment. Received data are decrypted, verified, decompressed, and reassembled before being delivered to higher-level users. The first step is fragmentation. Each upper-layer message is fragmented into blocks of 2^14 bytes (16384 bytes) or less. Next, compression is optionally applied. Compression must be lossless and may not increase the content length by more than 1024 bytes. In SSLv3 (as well as the current version of TLS), no compression algorithm is specified, so the default compression algorithm is null. The next step in processing is to compute a message authentication code over the compressed data. For this purpose, a shared secret key is used.

Next, the compressed message plus the MAC are encrypted using symmetric encryption. Encryption may not increase the content length by more than 1024 bytes, so that the total length may not exceed 2^14 + 2048. The following encryption algorithms are permitted: For stream encryption, the compressed message plus the MAC are encrypted. Note that the MAC is computed before encryption takes place and that the MAC is then encrypted along with the plaintext or compressed plaintext. For block encryption, padding may be added after the MAC prior to encryption. The padding is in the form of a number of padding bytes followed by a one-byte indication of the length of the padding. The total amount of padding is the smallest amount such that the total size of the data to be encrypted (plaintext plus MAC plus padding) is a multiple of the cipher’s block length.

Handshake Protocol The most complex part of SSL is the Handshake Protocol. This protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record. The Handshake Protocol is used before any application data is transmitted. The Handshake Protocol consists of a series of messages exchanged by client and server. Each message has three fields.

4 .3 Virtual Private Network

Ideally, any organization would want its own private network for communication to ensure security. However, it may be very costly to establish and maintain such private network over geographically dispersed area. It would require to manage complex infrastructure of communication links, routers, DNS, etc. IPsec provides an easy mechanism for implementing Virtual Private Network (VPN) for such organizations. VPN technology allows organization’s inter-office traffic to be sent over public

Internet by encrypting traffic before entering the public Internet and logically separating it from other traffic. Figure 5.3 Virtual Private Network Overview of IPsec The IPsec suite can be considered to have two separate operations, when performed in unison, providing a complete set of security services. These two operations are IPsec Communication and Internet Key Exchange. IPsec Communication It is typically associated with standard IPsec functionality. It involves encapsulation, encryption, and hashing the IP datagrams and handling all packet processes. It is responsible for managing the communication according to the available Security Associations (SAs) established between communicating parties. It uses security protocols such as Authentication Header (AH) and Encapsulated SP (ESP). IPsec communication is not involved in the creation of keys or their management. IPsec communication operation itself is commonly referred to as IPsec. Internet Key Exchange (IKE) IKE is the automatic key management protocol used for IPsec. Technically, key management is not essential for IPsec communication and the keys can be manually managed. However, manual key management is not desirable for large networks. IKE is responsible for creation of keys for IPsec and providing authentication during key establishment process. Though, IPsec can be used for any other key management protocols, IKE is used by default. IKE defines two protocol (Oakley and SKEME) to be used with already defined key management framework Internet Security Association Key Management Protocol (ISAKMP). ISAKMP is not IPsec specific, but provides the framework for creating SAs for any protocol.

some out-of-band mechanism, and IKE (Internet Key Exchange) is a sophisticated mechanism for doing this online. PPTP Point-to-Point Tunneling Protocol (PPTP) is the oldest of the three protocols used in VPNs. It was originally designed as a secure extension to Point-to-Point Protocol (PPP). PPTP works at the data link layer of the OSI model. PPTP offers two different methods of authenticating the user:

  • Extensible Authentication Protocol (EAP)
  • Challenge Handshake Authentication Protocol (CHAP) EAP was actually designed specifically for PPTP and is not proprietary. CHAP is a three-way process whereby the client sends a code to the server, the server authenticates it, and then the server responds to the client. CHAP also periodically re-authenticates a remote client, even after the connection is established. PPTP uses Microsoft Point-to-Point Encryption (MPPE) to encrypt packets. MPPE is actually a version of DES. DES is still useful for many situations; however, newer versions of DES, such as DES 3, are preferred. L2TP Layer 2 Tunneling Protocol (L2TP) was explicitly designed as an enhancement to PPTP. Like PPTP, it works at the data link layer of the OSI model. It has several improvements to PPTP. First, it offers more and varied methods for authentication—PPTP offers two, whereas L2TP offers five. In addition to CHAP and EAP, L2TP offers PAP, SPAP, and MS-CHAP. In addition to more authentication protocols available for use, L2TP offers other enhancements. PPTP will only work over standard IP networks, whereas L2TP will work over X.25 networks (a common protocol in phone systems) and ATM (asynchronous transfer mode, a high-speed networking technology) systems. L2TP also uses IPsec for its encryption.

4 .4 E-mail Security

Nowadays, e-mail has become very widely used network application. Let’s briefly discuss the email infrastructure before proceeding to know about e-mail security protocols. E-mail Infrastructure The simplest way of sending an e-mail would be sending a message directly from the sender’s machine to the recipient’s machine. In this case, it is essential for both the machines to be running on the network simultaneously.

However, this setup is impractical as users may occasionally connect their machines to the network. Hence, the concept of setting up e-mail servers arrived. In this setup, the mail is sent to a mail server which is permanently available on the network. When the recipient’s machine connects to the network, it reads the mail from the mail server. In general, the e-mail infrastructure consists of a mesh of mail servers, also termed as Message Transfer Agents (MTAs) and client machines running an e-mail program comprising of User Agent (UA) and local MTA. Typically, an e-mail message gets forwarded from its UA, goes through the mesh of MTAs and finally reaches the UA on the recipient’s machine. The protocols used for e-mail are as follows:

  • Simple Mail Transfer Protocol (SMTP) used for forwarding e-mail messages.
  • Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) are used to retrieve the messages by recipient from the server. MIME Basic Internet e-mail standard was written in 1982 and it describes the format of e-mail message exchanged on the Internet. It mainly supports e-mail message written as text in basic Roman alphabet. By 1992, the need was felt to improve the same. Hence, an additional standard Multipurpose Internet Mail Extensions (MIME) was defined. It is a set of extensions to the basic Internet E-mail standard. MIME provides an ability to send e-mail using characters other than those of the basic Roman alphabet such as Cyrillic alphabet (used in Russian), the Greek alphabet, or even the ideographic characters of Chinese. Another need fulfilled by MIME is to send non-text contents, such as images or video clips. Due to this features, the MIME standard became widely adopted with SMTP for e-mail communication. E-Mail Security Services Growing use of e-mail communication for important and crucial transactions demands provision of certain fundamental security services as the following:
  • Confidentiality: E-mail message should not be read by anyone but the intended recipient.
  • Authentication: E-mail recipient can be sure of the identity of the sender.
  • Integrity: Assurance to the recipient that the e-mail message has not been altered since it was transmitted by the sender.
  • Non-repudiation: E-mail recipient is able to prove to a third party that the sender really did send the message.
  • Proof of submission: E-mail sender gets the confirmation that the message is handed to the mail delivery system.
  • Proof of delivery: Sender gets a confirmation that the recipient received the message.

1 or MD5. S/MIME specifies the additional MIME type, such as “application/pkcs7-mime”, for data enveloping after encrypting. The whole MIME entity is encrypted and packed into an object. S/MIME has standardized cryptographic message formats (different from PGP). In fact, MIME is extended with some keywords to identify the encrypted and/or signed parts in the message. S/MIME relies on X.509 certificates for public key distribution. It needs top- down hierarchical PKI for certification support. Employability of S/MIME Due to the requirement of a certificate from certification authority for implementation, not all users can take advantage of S/MIME, as some may wish to encrypt a message, with a public/private key pair. For example, without the involvement or administrative overhead of certificates. In practice, although most e-mailing applications implement S/MIME, the certificate enrollment process is complex. Instead PGP support usually requires adding a plug-in and that plug-in comes with all that is needed to manage keys. The Web of Trust is not really used. People exchange their public keys over another medium. Once obtained, they keep a copy of public keys of those with whom e-mails are usually exchanged. One of the schemes, either PGP or S/MIME, is used depending on the environment. A secure eemail communication in a captive network can be provided by adapting to PGP. For e-mail security over Internet, where mails are exchanged with new unknown users very often, S/MIME is considered as a good option.